Kuadrant · crstrn13 · Oct 8, 2025 · Nov 25, 2025 · Nov 26, 2025 · Nov 26, 2025
diff --git a/pipelines/test/ocp/aws/kustomization.yaml b/pipelines/test/ocp/aws/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+labels:
+  - pairs:
+      deployment: kuadrant-qe-pipeline
+      app: deploy-kuadrant
+
+components:
+  - ../../../../tasks/deploy/
+  - ../../../../tasks/infra/
+  - ../../../../tasks/test/
+
+resources:
+  - pipeline.yaml
diff --git a/pipelines/test/ocp/aws/pipeline.yaml b/pipelines/test/ocp/aws/pipeline.yaml
@@ -0,0 +1,218 @@
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: test-ocp-aws
+spec:
+  params:
+    # Cluster related parameters
+    - name: cluster-name
+      type: string
+    - name: region
+      type: string
+      default: "us-east-1"
+    - name: master-size
+      type: string
+      default: "m6g.xlarge"
+    - name: worker-size
+      type: string
+      default: "m6g.large"
+    - name: installer-arch
+      type: string
+      default: "arm64"
+    # Kuadrant/RHCL installation related parameters
+    - default: quay.io/kuadrant/kuadrant-operator-catalog:v1.2.0
+      description: Kuadrant/RHCL index image, leave empty to install current RHCL GA
+      name: index-image
+      type: string
+    - default: stable
+      description: Kuadrant channel (stable, preview)
+      name: channel
+      type: string
+    - default: kuadrant-operator
+      description: Operator name (kuadrant-operator, rhcl-operator)
+      name: operator-name
+      type: string
+    - default: ocp
+      description: Istio provider (ossm3, ocp), use ossm3 for OCP v4.18 and before
+      name: istio-provider
+      type: string
+    - default: ""
+      description: GatewayAPI CRD version. v1.0.0, v1.1.0, v1.2.1, v1.3.0 available; Leave empty if installing on OCP v4.19+
+      name: gateway-crd
+      type: string
+    - default: stable-v26
+      description: Keycloak subscription channel
+      name: keycloak-channel
+      type: string
+    - default: ""
+      description: Additional flags for helm install command, example '--set=kuadrant.installPlanApproval=Manual --set=kuadrant.startingCSV=kuadrant-operator.v1.2.0'
+      name: additional-helm-flags
+      type: string
+    - default: ""
+      description: Additional flags for tools helm, example '--set=tools.keycloak.keycloakProvider=deployment --set=tools.valkey.enable=false'"
+      name: additional-helm-tools-flags
+      type: string
+    # Testsuite related parameters
+    - default: 'quay.io/kuadrant/testsuite:unstable'
+      description: Testsuite image
+      name: testsuite-image
+      type: string
+    - default: kuadrant
+      description: Openshift project
+      name: project
+      type: string
+    - default: test
+      description: Makefile target for tests
+      name: make-target
+      type: string
+    - default: ""
+      description: Pytest flags to use with Make (flags="${pytest-flags}" make kuadrant)
+      name: pytest-flags
+      type: string
+    - default: pipeline-settings
+      description: Config Map with settings for the testsuite
+      name: settings-cm
+      type: string
+    - default: ""
+      description: Additional env for testsuite container separated with spaces (e.g. KUADRANT_CONTROL_PLANE__provider_secret=gcp-credentials KUADRANT_KEYCLOAK__url="https://my-sso.net")
+      name: additional-env
+      type: string
+    # Report Portal related parameters
+    - default: full-cycle-ocp-aws
+      description: Prefix of the launch name saved in report portal (nightly, username, manual, etc.). In case of release candidate testing use kuadrant-v<version>, rhcl-v<version>, or authorino-v<version>
+      name: launch-name
+      type: string
+    - default: ""
+      description: Optional launch description for Report Portal
+      name: launch-description
+      type: string
+    - default: testsuite
+      description: Report Portal Project to store test results (testsuite or nightly-testsuite typically)
+      name: rp-project
+      type: string
+    - default: true
+      description: If set to 'true' upload test results to Report Portal
+      name: upload-results
+      type: string
+    # Cleanup
+    - default: false
+      description: If set to 'true' cleanup will be done
+      name: cleanup
+      type: string
+  workspaces:
+    - name: shared-workspace
+      description: "Workspace to store cluster state files"
+  tasks:
+    - name: provision-ocp-aws
+      params:
+        - name: cluster-name
+          value: $(params.cluster-name)
+        - name: region
+          value: $(params.region)
+        - name: master-size
+          value: $(params.master-size)
+        - name: worker-size
+          value: $(params.worker-size)
+        - name: installer-arch
+          value: $(params.installer-arch)
+      workspaces:
+        - name: shared-workspace
+          workspace: shared-workspace
+      taskRef:
+        kind: Task
+        name: provision-ocp-aws
+    - name: helm-deploy
+      retries: 3
+      params:
+        - name: index-image
+          value: $(params.index-image)
+        - name: channel
+          value: $(params.channel)
+        - name: istio-provider
+          value: $(params.istio-provider)
+        - name: operator-name
+          value: $(params.operator-name)
+        - name: kubeconfig-path
+          value: $(tasks.provision-ocp-aws.results.kubeconfig-path)
+        - name: gateway-crd
+          value: $(params.gateway-crd)
+        - name: keycloak-channel
+          value: $(params.keycloak-channel)
+        - name: additional-helm-flags
+          value: $(params.additional-helm-flags)
+        - name: additional-helm-tools-flags
+          value: $(params.additional-helm-tools-flags)
+      runAfter:
+        - provision-ocp-aws
+      taskRef:
+        kind: Task
+        name: helm-deploy
+      workspaces:
+        - name: shared-workspace
+          workspace: shared-workspace
+    - name: run-tests
+      params:
+        - name: testsuite-image
+          value: $(params.testsuite-image)
+        - name: project
+          value: $(params.project)
+        - name: make-target
+          value: $(params.make-target)
+        - name: pytest-flags
+          value: $(params.pytest-flags)
+        - name: settings-cm
+          value: $(params.settings-cm)
+        - name: additional-env
+          value: $(params.additional-env)
+        - name: kubeconfig-path
+          value: $(tasks.provision-ocp-aws.results.kubeconfig-path)
+        - name: cluster-credentials
+          value: $(tasks.provision-ocp-aws.results.credentials-secret)
+      runAfter:
+        - helm-deploy
+      taskRef:
+        kind: Task
+        name: run-tests
+      workspaces:
+        - name: shared-workspace
+    - name: upload-results
+      when:
+        - input: $(params.upload-results)
+          operator: in
+          values: ["true"]
+      params:
+        - name: launch-name
+          value: $(params.launch-name)
+        - name: launch-description
+          value: $(params.launch-description)
+        - name: testsuite-image
+          value: $(params.testsuite-image)
+        - name: make-target
+          value: $(params.make-target)
+        - name: rp-project
+          value: $(params.rp-project)
+        - name: ocp-version
+          value: $(tasks.provision-ocp-aws.results.ocp-version)
+      runAfter:
+        - run-tests
+      taskRef:
+        kind: Task
+        name: upload-results
+      workspaces:
+        - name: shared-workspace
+    - name: delete-ocp-aws
+      when:
+        - input: $(params.cleanup)
+          operator: in
+          values: ["true"]
+      runAfter:
+        - upload-results
+      params:
+        - name: cluster-name
+          value: $(params.cluster-name)
+      workspaces:
+        - name: shared-workspace
+          workspace: shared-workspace
+      taskRef:
+        kind: Task
+        name: delete-ocp-aws
diff --git a/tasks/infra/delete-ocp-aws.yaml b/tasks/infra/delete-ocp-aws.yaml
@@ -0,0 +1,76 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: delete-ocp-aws
+spec:
+  description: Delete AWS OCP cluster
+  params:
+    - name: cluster-name
+      type: string
+      description: "Name of the ConfigMap containing the osia settings"
+  workspaces:
+    - name: shared-workspace
+      description: "Shared workspace to persist cluster state files between tasks"
+  volumes:
+    - name: gitlab-ca
+      configMap:
+        name: gitlab-ca
+  steps:
+    - computeResources:
+        limits:
+          cpu: '150m'
+          memory: 400Mi
+      env:
+        - name: AWS_ACCOUNT_ID
+          valueFrom:
+            secretKeyRef:
+              key: AWS_ACCOUNT_ID
+              name: kua-aws-credentials
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              key: AWS_ACCESS_KEY_ID
+              name: kua-aws-credentials
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              key: AWS_SECRET_ACCESS_KEY
+              name: kua-aws-credentials
+        - name: CLUSTER_MANAGEMENT_CI_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: CLUSTER_MANAGEMENT_CI_TOKEN
+              name: cluster-management-ci-token
+      image: quay.io/acristur/osia:latest
+      imagePullPolicy: Always
+      name: delete-aws-ocp
+      volumeMounts:
+        - name: gitlab-ca
+          mountPath: /etc/pki/ca-trust/source/anchors
+          readOnly: true
+      command:
+        - /bin/bash
+        - -c
+        - |
+          set -euo pipefail
+
+          # Prepare git repository
+          update-ca-trust
+          CI_TOKEN=$(echo "$CLUSTER_MANAGEMENT_CI_TOKEN" | tr -d '\n')
+          git clone "https://ci_robot_account:[email protected]/kuadrant-qe/cluster-management.git"
+          git config --global user.email [email protected]
+          git config --global user.name "CI Robot"
+
+          # Create AWS credentials file
+          mkdir -p ~/.aws
+          cat > ~/.aws/credentials <<EOF
+          [default]
+          aws_access_key_id = ${AWS_ACCESS_KEY_ID}
+          aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}
+          EOF
+
+          # Run osia clean
+          cd cluster-management
+          osia clean --cluster-name $(params.cluster-name) 
+
+
diff --git a/tasks/infra/kustomization.yaml b/tasks/infra/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Component
 resources:
   - cluster-secret-cleanup.yaml
   - delete-aro.yaml
+  - delete-ocp-aws.yaml
   - delete-osd.yaml
   - delete-rosa.yaml
   - get-cluster-id.yaml
@@ -14,6 +15,7 @@ resources:
   - pause-pipeline.yaml
   - prepare-for-rhcl-rc-install.yaml
   - provision-aro.yaml
+  - provision-ocp-aws.yaml
   - provision-osd-aws.yaml
   - provision-osd-gcp.yaml
   - provision-rosa.yaml