prow,workloads: Add files to bootstrap the new prow workloads cluster

github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml

@@ -573,6 +573,39 @@ postsubmits:
               memory: "8Gi"
             limits:
               memory: "8Gi"
+    - name: post-project-infra-prow-workloads-deployment
+      always_run: false
+      run_if_changed: "github/ci/prow-deploy/kustom/overlays/prow-workloads/.*|github/ci/prow-deploy/kustom/components/.*"
+      annotations:
+        testgrid-create-test-group: "false"
+      decorate: true
+      branches:
+      - ^main$
+      labels:
+        preset-docker-mirror-proxy: "true"
+        preset-gcs-credentials: "true"
+        preset-github-credentials: "true"
+        preset-pgp-bot-key: "true"
+      skip_report: false
+      cluster: kubevirt-prow-control-plane
+      spec:
+        securityContext:
+          runAsUser: 0
+        containers:
+        - image: quay.io/kubevirtci/prow-deploy:v20241106-e0f89d2
+          env:
+          - name: DEPLOY_ENVIRONMENT
+            value: prow-workloads
+          command:
+            - "/usr/local/bin/runner.sh"
+            - "/bin/bash"
+            - "-c"
+            - "github/ci/prow-deploy/hack/deploy.sh"
+          resources:
+            requests:
+              memory: "8Gi"
+            limits:
+              memory: "8Gi"
     - name: post-project-infra-ci-search-deployment
       always_run: false
       annotations:

github/ci/prow-deploy/kustom/components/greenhouse/base/resources/deployment.yaml

@@ -52,6 +52,8 @@ spec:
         volumeMounts:
         - name: cache
           mountPath: /data
+        securityContext:
+          privileged: true
         resources:
           requests:
             cpu: "1.2"

github/ci/prow-deploy/kustom/overlays/prow-workloads/.gitignore

@@ -0,0 +1,2 @@
+secrets/*
+configs/*

github/ci/prow-deploy/kustom/overlays/prow-workloads/kustomization.yaml

@@ -0,0 +1,93 @@
+# Requires kustomize v3
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - resources/bootstrap.yaml
+  - resources/shared-images-controller.yaml
+  - resources/greenhouse-storage.yaml
+  - resources/place-holder.yaml
+  - resources/priority-classes.yaml
+  - resources/sriov-passthrough-ds.yaml
+  - ../../components/docker-mirror-proxy/base
+  - ../../components/greenhouse/base
+
+components:
+  - ../../components/docker-mirror-proxy/hostpath
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+  - name: oauth-token
+    namespace: kubevirt-prow-jobs
+    files:
+      - oauth=secrets/oauth-token
+    type: Opaque
+  - name: unprivileged-oauth-token
+    namespace: kubevirt-prow-jobs
+    files:
+      - oauth=secrets/unprivileged-oauth-token
+    type: Opaque
+  - name: gcs
+    namespace: kubevirt-prow-jobs
+    files:
+      - secrets/service-account.json
+    type: Opaque
+  - name: kubevirtci-docker-credential
+    namespace: kubevirt-prow-jobs
+    # username=dockerUser
+    # password=dockerPass
+    envs:
+    - secrets/kubevirtci-docker-credential
+    type: Opaque
+
+  - name: kubevirtci-quay-credential
+    namespace: kubevirt-prow-jobs
+    # username=quayUser
+    # password=quayPass
+    # token=quayOAuthToken
+    envs:
+    - secrets/kubevirtci-quay-credential
+    type: Opaque
+  - name: kubevirtci-installer-pull-token
+    namespace: kubevirt-prow-jobs
+    files:
+      # installerPullToken
+      - token=secrets/kubevirtci-installer-pull-token
+    type: Opaque
+  - name: commenter-oauth-token
+    namespace: kubevirt-prow-jobs
+    # githubCommenterToken
+    files:
+      - oauth=secrets/commenter-oauth-token
+    type: Opaque
+  - name: kubevirtci-coveralls-token
+    namespace: kubevirt-prow-jobs
+    files:
+      # coverallsToken
+      - token=secrets/kubevirtci-coveralls-token
+    type: Opaque
+  - name: containerized-data-importer-coveralls-token
+    namespace: kubevirt-prow-jobs
+    files:
+      # coverallsToken for the containerized-data-importer repository
+      - token=secrets/containerized-data-importer-coveralls-token
+    type: Opaque
+  - name: win-sysprep-001
+    namespace: kubevirt-prow-jobs
+    files:
+      - productKey=secrets/win-sysprep-001
+    type: Opaque
+  - name: kubevirtci-fossa-token
+    namespace: kubevirt-prow-jobs
+    files:
+      # fossaToken
+      - token=secrets/kubevirtci-fossa-token
+    type: Opaque
+  - name: prow-kubevirtbot-github-ssh-secret
+    namespace: kubevirt-prow-jobs
+    files:
+    # prowKubevirtbotSSHPrivateKey
+    - token=secrets/prow-kubevirtbot-github-ssh-secret
+    type: Opaque

github/ci/prow-deploy/kustom/overlays/prow-workloads/resources/bootstrap.yaml

@@ -0,0 +1,91 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubevirt-prow
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubevirt-prow-jobs
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-cache-bm01.kubevirtci.cloud
+  labels:
+    ci.kubevirt.io/cachenode: 'true'
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm02.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+    hardwareSupport: sriov-nic
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm04.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+    hardwareSupport: sriov-nic
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm05.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm06.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm07.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm08.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm09.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm11.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+    hardwareSupport: gpu
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm12.kubevirtci.cloud
+  labels:
+    type: bare-metal-external
+    hardwareSupport: gpu
+---
+apiVersion: v1
+kind: Node
+metadata:
+  name: kubevirt-worker-bm13.kubevirtci.cloud
+  labels:
+    type: bare-metal-external

github/ci/prow-deploy/kustom/overlays/prow-workloads/resources/greenhouse-storage.yaml

@@ -0,0 +1,41 @@
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: greenhouse-0
+  labels:
+    app: greenhouse
+    type: local
+spec:
+  capacity:
+    storage: 1400Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/var/data/greenhouse"
+    type: ""
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: ci.kubevirt.io/cachenode
+          operator: In
+          values:
+          - "true"
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: greenhouse
+  namespace: kubevirt-prow
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1400Gi
+  storageClassName: ""
+  selector:
+    matchLabels:
+      app: greenhouse
+      type: local

github/ci/prow-deploy/kustom/overlays/prow-workloads/resources/place-holder.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: sriov-place-holder
+  namespace: kubevirt-prow-jobs
+  labels:
+    name: sriov-place-holder
+spec:
+  selector:
+    matchLabels:
+      name: sriov-place-holder
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: sriov-place-holder
+        sriov-pod: "true"
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: sriov-pod
+                operator: In
+                values:
+                - "true"
+            topologyKey: kubernetes.io/hostname
+      nodeSelector:
+        hardwareSupport: sriov-nic
+      terminationGracePeriodSeconds: 1
+      priorityClassName: sriov-place-holder
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: sriov-place-holder
+        image: k8s.gcr.io/busybox
+        command: [ "/bin/sh", "-c", "while true; do sleep 86400; done" ]
+        resources:
+          requests:
+            memory: 29Gi

github/ci/prow-deploy/kustom/overlays/prow-workloads/resources/priority-classes.yaml

@@ -0,0 +1,36 @@
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: sriov
+value: 1000001
+preemptionPolicy: PreemptLowerPriority
+globalDefault: false
+description: "Allows sriov jobs to be scheduled with higher priority."
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: vgpu
+value: 1000000
+preemptionPolicy: Never
+globalDefault: false
+description: "Allows gpu jobs to be scheduled with higher priority."
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: windows
+value: 900000
+preemptionPolicy: Never
+globalDefault: false
+description: "Allows windows jobs to be scheduled with higher priority."
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: sriov-place-holder
+value: 1000000
+preemptionPolicy: Never
+globalDefault: false
+description: "Allows to have sriov place holder jobs"

github/ci/prow-deploy/kustom/overlays/prow-workloads/resources/shared-images-controller.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: shared-images-controller
+  namespace: kubevirt-prow
+  labels:
+    name: shared-images-controller
+spec:
+  selector:
+    matchLabels:
+      name: shared-images-controller
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: shared-images-controller
+    spec:
+      nodeSelector:
+        type: bare-metal-external
+      terminationGracePeriodSeconds: 1
+      containers:
+      - name: shared-images-controller
+        image: quay.io/kubevirtci/shared-images-controller:v20250130-1ce07d8
+        command: [ "/usr/local/bin/runner.sh", "/shared-images-controller"]
+        resources:
+          requests:
+            memory: 2Gi
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /var/lib/shared-images
+          name: shared-images
+      volumes:
+      - hostPath:
+          path: /var/lib/shared-images
+          type: DirectoryOrCreate
+        name: shared-images