deckhouse
diff --git a/‎.github/workflows/e2e-matrix.yml‎
Lines changed: 31 additions & 68 deletions b/‎.github/workflows/e2e-matrix.yml‎
Lines changed: 31 additions & 68 deletions
diff --git a/‎ci/dvp-e2e/Taskfile.yaml‎
Lines changed: 4 additions & 79 deletions b/‎ci/dvp-e2e/Taskfile.yaml‎
Lines changed: 4 additions & 79 deletions
diff --git a/‎ci/dvp-e2e/charts/cluster-config/templates/virtualization.yaml‎
Lines changed: 1 addition & 3 deletions b/‎ci/dvp-e2e/charts/cluster-config/templates/virtualization.yaml‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎ci/dvp-e2e/charts/cluster-config/values.yaml‎
Lines changed: 1 addition & 25 deletions b/‎ci/dvp-e2e/charts/cluster-config/values.yaml‎
Lines changed: 1 addition & 25 deletions
diff --git a/‎ci/dvp-e2e/charts/infra/templates/ingress.yaml‎
Lines changed: 0 additions & 37 deletions b/‎ci/dvp-e2e/charts/infra/templates/ingress.yaml‎
Lines changed: 0 additions & 37 deletions
@@ -166,28 +166,10 @@ jobs:
         shell: bash
         run: |
           set -euo pipefail
-          mkdir -p "$HOME/.kube"
-          cat > "$HOME/.kube/config" <<EOF
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - cluster:
-              server: ${E2E_K8S_URL}
-              insecure-skip-tls-verify: true
-            name: parent
-          contexts:
-          - context:
-              cluster: parent
-              user: sa
-            name: parent
-          current-context: parent
-          users:
-          - name: sa
-            user:
-              token: "${{ secrets.E2E_NESTED_SA_SECRET }}"
-          EOF
-          chmod 600 "$HOME/.kube/config"
-          echo "KUBECONFIG=$HOME/.kube/config" >> "$GITHUB_ENV"
+          chmod +x ci/dvp-e2e/scripts/build_parent_kubeconfig.sh
+          KCFG="$HOME/.kube/config"
+          ci/dvp-e2e/scripts/build_parent_kubeconfig.sh -o "$KCFG" -a "${E2E_K8S_URL}" -t "${{ secrets.E2E_NESTED_SA_SECRET }}"
+          echo "KUBECONFIG=$KCFG" >> "$GITHUB_ENV"
 
       - name: Prepare run values.yaml
         working-directory: ci/dvp-e2e
@@ -222,7 +204,9 @@ jobs:
       - name: Inject REGISTRY_DOCKER_CFG into values.yaml
         working-directory: ci/dvp-e2e
         run: |
-          yq eval --inplace '.deckhouse.registryDockerCfg = strenv(REGISTRY_DOCKER_CFG)' "${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/values.yaml"
+          chmod +x scripts/inject_registry_cfg.sh
+          VALS="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/values.yaml"
+          REGISTRY_DOCKER_CFG="${REGISTRY_DOCKER_CFG}" scripts/inject_registry_cfg.sh -f "$VALS" -v "$REGISTRY_DOCKER_CFG"
 
       - name: Docker login to Deckhouse registry
         uses: docker/login-action@v3
@@ -323,29 +307,14 @@ jobs:
             NESTED_KUBECONFIG="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/nested/kubeconfig" \
             PARENT_KUBECONFIG="${KUBECONFIG}"
 
-      - name: Configure storage classes
+      - name: Configure SDS in nested cluster
         working-directory: ci/dvp-e2e
         run: |
-          echo "💾 Configuring storage classes for profile: sds-replicated-volume -> sds"
-          task nested:storage:configure \
-            STORAGE_PROFILE="sds" \
-            TARGET_STORAGE_CLASS="${{ steps.profile-config.outputs.storage_class }}" \
+          echo "💾 Configuring SDS storage (sds-node-configurator + sds-replicated-volume)"
+          task nested:storage:sds \
             TMP_DIR="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}" \
-            VALUES_FILE="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/values.yaml" \
-            GENERATED_VALUES_FILE="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/generated-values.yaml" \
-            SSH_DIR="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/ssh" \
-            SSH_FILE_NAME="id_ed" \
-            PASSWORD_FILE="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/password.txt" \
-            PASSWORD_HASH_FILE="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/password-hash.txt" \
-            NAMESPACE="${{ env.RUN_ID }}" \
-            DOMAIN="" \
-            DEFAULT_USER="ubuntu" \
-            NESTED_DIR="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/nested" \
-            NESTED_KUBECONFIG="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/nested/kubeconfig"
-
-      # Ingress smoke disabled: not required for storage config
-
-      # Ceph CSI smoke check removed per request
+            NESTED_KUBECONFIG="${{ env.TMP_ROOT }}/runs/${{ env.RUN_ID }}/nested/kubeconfig" \
+            SDS_SC_NAME="${{ steps.profile-config.outputs.storage_class }}"
 
       - name: Upload run context
         if: always()
@@ -378,35 +347,29 @@ jobs:
         shell: bash
         run: |
           set -euo pipefail
-          mkdir -p "$HOME/.kube"
-          cat > "$HOME/.kube/config" <<EOF
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - cluster:
-              server: ${E2E_K8S_URL}
-              insecure-skip-tls-verify: true
-            name: parent
-          contexts:
-          - context:
-              cluster: parent
-              user: sa
-            name: parent
-          current-context: parent
-          users:
-          - name: sa
-            user:
-              token: "${{ secrets.E2E_NESTED_SA_SECRET }}"
-          EOF
-          chmod 600 "$HOME/.kube/config"
-          echo "KUBECONFIG=$HOME/.kube/config" >> "$GITHUB_ENV"
+          chmod +x ci/dvp-e2e/scripts/build_parent_kubeconfig.sh
+          KCFG="$HOME/.kube/config"
+          ci/dvp-e2e/scripts/build_parent_kubeconfig.sh -o "$KCFG" -a "${E2E_K8S_URL}" -t "${{ secrets.E2E_NESTED_SA_SECRET }}"
+          echo "KUBECONFIG=$KCFG" >> "$GITHUB_ENV"
 
       - name: Cleanup test namespaces
+        env:
+          CLEANUP_PREFIX: ${{ vars.CLEANUP_PREFIX || 'nightly-nested-e2e-' }}
         run: |
           set -euo pipefail
-          echo "🧹 Cleaning up namespaces matching 'nightly-nested-e2e-*'"
-          kubectl get ns -o name | grep "namespace/nightly-nested-e2e-" | cut -d/ -f2 | \
-            xargs -r kubectl delete ns --wait=false || echo "[INFO] No namespaces to delete"
+          echo "🧹 Cleaning namespaces with prefix '${CLEANUP_PREFIX}'"
+          ns_list=$(kubectl get ns -o json | jq -r --arg p "$CLEANUP_PREFIX" '.items[].metadata.name | select(startswith($p))')
+          if [ -z "$ns_list" ]; then
+            echo "[INFO] No namespaces to delete"; exit 0
+          fi
+          for ns in $ns_list; do
+            echo "[CLEANUP] Deleting namespace $ns ..."
+            kubectl delete ns "$ns" --wait=false || true
+          done
+          echo "[CLEANUP] Waiting for namespaces to be deleted..."
+          for ns in $ns_list; do
+            kubectl wait --for=delete ns/"$ns" --timeout=600s || echo "[WARN] Namespace $ns was not fully deleted within timeout"
+          done
 
       - name: Report cleanup results
         if: always()
 
@@ -232,8 +232,6 @@ tasks:
     cmds:
       - |
         set -euo pipefail
-        # Enable shell tracing when DEBUG_HOTPLUG is set
-        [ -n "${DEBUG_HOTPLUG:-}" ] && set -x || true
         echo "[INFRA] Attaching {{ .DISK_COUNT }} storage disks to worker VMs using hotplug in namespace {{ .NAMESPACE }}"
 
         # Wait for worker VMs
@@ -368,45 +366,18 @@ tasks:
               fi
               sleep 5
 
-              # Minimal periodic debug snapshot approximately every 60 seconds
-              if [ $((i % 12)) -eq 0 ]; then
-                echo "[DEBUG] VMBDA $vd summary:"
-                kubectl -n {{ .NAMESPACE }} get virtualmachineblockdeviceattachment "$vd" -o json \
-                  | jq -r '{phase: .status.phase, conditions: (.status.conditions // []) | map({type, status, reason, message})}' || true
-                echo "[DEBUG] VM $vm block devices (summary):"
-                kubectl -n {{ .NAMESPACE }} get vm "$vm" -o json \
-                  | jq -r '{phase: .status.phase, blockDeviceRefs: (.status.blockDeviceRefs // []) | map({name, virtualMachineBlockDeviceAttachmentName, attached, hotplugged})}' || true
-              fi
-            done
+              done
 
             if [ "$phase" != "Attached" ] && [ "${success_by_vm:-0}" -ne 1 ]; then
               echo "[ERROR] Disk $vd failed to attach to VM $vm within timeout" >&2
-              echo "[DEBUG] Final VMBDA summary:"
-              kubectl -n {{ .NAMESPACE }} get virtualmachineblockdeviceattachment "$vd" -o json \
-                | jq -r '{phase: .status.phase, conditions: (.status.conditions // []) | map({type, status, reason, message})}' || true
-              echo "[DEBUG] VM $vm block devices (summary):"
-              kubectl -n {{ .NAMESPACE }} get vm "$vm" -o json \
-                | jq -r '{phase: .status.phase, blockDeviceRefs: (.status.blockDeviceRefs // []) | map({name, virtualMachineBlockDeviceAttachmentName, attached, hotplugged})}' || true
+              # final debug snapshots removed
               exit 1
             fi
           done
 
           echo "[INFRA] VM $vm configured with hotplug disks"
 
-          # Optional on-node lsblk debug snapshot (requires d8 and SSH key). Always sudo for block devices visibility.
-          if command -v d8 >/dev/null 2>&1; then
-            echo "[DEBUG] Collecting lsblk from VM $vm..."
-            if ! d8 v ssh --username='{{ .DEFAULT_USER }}' \
-                  --identity-file='{{ .SSH_DIR }}/{{ .SSH_FILE_NAME }}' \
-                  --local-ssh=true \
-                  --local-ssh-opts='-o StrictHostKeyChecking=no' \
-                  --local-ssh-opts='-o UserKnownHostsFile=/dev/null' \
-                  "${vm}.{{ .NAMESPACE }}" -c "sudo lsblk -o NAME,KNAME,TYPE,SIZE,MODEL,TRAN,FSTYPE,MOUNTPOINT -p"; then
-              echo "[WARN] lsblk collection failed for $vm (SSH)" >&2
-            fi
-          else
-            echo "[WARN] 'd8' CLI not found, skipping lsblk collection for $vm" >&2
-          fi
+          
         done
 
         echo "[INFRA] All worker VMs configured with storage disks via hotplug"
@@ -711,26 +682,7 @@ tasks:
           task dhctl-bootstrap VALUES_FILE='{{ .VALUES_FILE }}' TMP_DIR='{{ .TMP_DIR }}' SSH_FILE_NAME='id_ed'
         } 2>&1 | tee '{{ .LOG_FILE }}'
 
-  local:tests:
-    desc: Local flow — prepare nested kubeconfig and run E2E (logs saved)
-    vars:
-      RUN_ID: '{{ .RUN_ID | default (printf "local-%s" (now | date "20060102-150405")) }}'
-      RUN_NAMESPACE: '{{ .RUN_NAMESPACE | default (printf "dvp-e2e-local-%s" .RUN_ID) }}'
-      TMP_DIR: '{{ .TMP_DIR | default (printf "%s/runs/%s" .TMP_ROOT .RUN_ID) }}'
-      LOG_FILE: '{{ .LOG_FILE | default (printf "%s/%s" .TMP_DIR "tests.log") }}'
-      E2E_DIR: '{{ .E2E_DIR | default (env "E2E_DIR") | default "../../tests/e2e" }}'
-      NESTED_SC: '{{ .NESTED_SC | default "ceph-pool-r2-csi-rbd-immediate" }}'
-    cmds:
-      - mkdir -p {{ .TMP_DIR }}
-      - |
-        set -euo pipefail
-        {
-          task nested:kubeconfig NAMESPACE='{{ .RUN_NAMESPACE }}' TMP_DIR='{{ .TMP_DIR }}'
-          task nested:storage:sds NESTED_KUBECONFIG='{{ .TMP_DIR }}/nested-{{ .RUN_NAMESPACE }}/kubeconfig' SDS_SC_NAME='{{ .NESTED_SC }}'
-          task nested:ensure-sc NAMESPACE='{{ .RUN_NAMESPACE }}' TMP_DIR='{{ .TMP_DIR }}' SC_NAME='{{ .NESTED_SC }}'
-          task nested:ensure-vmclass-default NESTED_KUBECONFIG='{{ .TMP_DIR }}/nested-{{ .RUN_NAMESPACE }}/kubeconfig'
-          task nested:e2e NAMESPACE='{{ .RUN_NAMESPACE }}' TMP_DIR='{{ .TMP_DIR }}' E2E_DIR='{{ .E2E_DIR }}'
-        } 2>&1 | tee '{{ .LOG_FILE }}'
+  
 
   # ------------------------------------------------------------
   # Nested cluster helpers (SC + kubeconfig)
@@ -851,33 +803,6 @@ tasks:
           sleep 10
         done
 
-  nested:storage:configure:
-    desc: Configure SDS storage profile inside nested cluster
-    vars:
-      STORAGE_PROFILE: '{{ .STORAGE_PROFILE | default "sds" }}'
-      NESTED_KUBECONFIG: "{{ .NESTED_KUBECONFIG }}"
-      TARGET_STORAGE_CLASS: "{{ .TARGET_STORAGE_CLASS }}"
-      STORAGE_PROFILE_NORMALIZED:
-        sh: |
-          case '{{ .STORAGE_PROFILE }}' in
-            sds|sds-local|sds_local|sds-replicated|sds_replicated) echo sds ;;
-            *) echo '{{ .STORAGE_PROFILE }}' ;;
-          esac
-    cmds:
-      - cmd: 'echo "[STORAGE] normalized profile = {{ .STORAGE_PROFILE_NORMALIZED }}"'
-      - |
-        set -euo pipefail
-        if [ '{{ .STORAGE_PROFILE_NORMALIZED }}' != "sds" ]; then
-          echo "[ERR] Only SDS storage profile is supported. Got: {{ .STORAGE_PROFILE_NORMALIZED }}" >&2
-          exit 1
-        fi
-      - |
-        echo "[SDS] Configuring SDS storage..."
-      - |
-        task nested:storage:sds \
-          NESTED_KUBECONFIG='{{ .NESTED_KUBECONFIG }}' \
-          SDS_SC_NAME='{{ .TARGET_STORAGE_CLASS }}'
-
   nested:storage:sds:
     desc: Configure SDS storage profile in nested cluster
     vars:
 
@@ -1,6 +1,5 @@
 ---
-{{- if hasKey .Values "features" }}
-{{- if .Values.features.virtualization }}
+{{- if and (hasKey .Values "features") (.Values.features.virtualization) }}
 apiVersion: deckhouse.io/v1alpha1
 kind: ModuleConfig
 metadata:
@@ -25,4 +24,3 @@ spec:
   imageTag: {{ .Values.virtualization.tag }}
   scanInterval: 15s
 {{- end }}
-{{- end }}
@@ -46,32 +46,8 @@ storageClasses:
   workers:
     root: ceph-pool-r2-csi-rbd-immediate
 
-# Infrastructure components
-infra:
-  nfs:
-    storageClass: nfs-4-1-wffc
-  dvcr:
-    storageClass: ceph-pool-r2-csi-rbd-immediate
-
-# Virtual disks configuration
-virtualDisks:
-  os:
-    storageClass: ceph-pool-r2-csi-rbd-immediate
-  data:
-    storageClass: nfs-4-1-wffc
-
-# Security settings
-security:
-  admissionPolicyEngine:
-    enabled: true
-  networkPolicies:
-    enabled: true
-
-# Feature flags
+# Feature flags (only those used by templates)
 features:
   virtualization: true
-  monitoring: true
-  logging: true
-  ingress: true
   nfs:
     enabled: false
@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: dvp-over-dvp-80
-  namespace: {{ .Values.namespace }}
-spec:
-  ports:
-  - port: 80
-    targetPort: 80
-    protocol: TCP
-    name: http
-  selector:
-    dvp.deckhouse.io/node-group: master
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -50,25 +35,3 @@ spec:
             port:
               number: 443
   {{- end }}
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: wildcard-http
-  namespace: {{ .Values.namespace }}
-  annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "false"
-    nginx.ingress.kubernetes.io/rewrite-target: /
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: "*.{{ .Values.namespace }}.{{ .Values.domain }}"
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: dvp-over-dvp-80
-            port:
-              number: 80