Nightly Integration tests for self-hosted infrastructure.

Author: NishanthNalluri

.github/workflows/integration-tests.yaml

@@ -12,7 +12,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        provider: [k3d, gcp]
+        provider: [kind, gcp]
     timeout-minutes: 90
     permissions:
       contents: 'read'
@@ -43,7 +43,7 @@ jobs:
           USE_GKE_GCLOUD_AUTH_PLUGIN: True
         run: |
           set -euo pipefail
-          make test/e2e/multi-region | tee test_output.log
+          make test/nightly-e2e/multi-region | tee test_output.log
       - name: Archive test results
         if: ${{ always() }}
         uses: actions/upload-artifact@v4
@@ -130,7 +130,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        provider: [k3d, gcp]
+        provider: [kind, gcp]
     timeout-minutes: 90
     permissions:
       contents: read

Makefile

@@ -120,10 +120,10 @@ test/e2e/%: bin/cockroach bin/kubectl bin/helm build/self-signer test/cluster/up
 	$(MAKE) test/cluster/down; \
 	exit $${EXIT_CODE:-0}
 
-test/e2e/multi-region: bin/cockroach bin/kubectl bin/helm  build/self-signer bin/k3d
+test/e2e/multi-region: bin/cockroach bin/kubectl bin/helm  build/self-signer bin/k3d bin/kind
 	@PATH="$(PWD)/bin:${PATH}" go test -timeout 60m -v -test.run TestOperatorInMultiRegion ./tests/e2e/operator/multiRegion/... || (echo "Multi region tests failed with exit code $$?" && exit 1)
 
-test/e2e/single-region: bin/cockroach bin/kubectl bin/helm build/self-signer bin/k3d
+test/e2e/single-region: bin/cockroach bin/kubectl bin/helm build/self-signer bin/k3d bin/kind
 	@PATH="$(PWD)/bin:${PATH}" go test -timeout 60m -v -test.run TestOperatorInSingleRegion ./tests/e2e/operator/singleRegion/... || (echo "Single region tests failed with exit code $$?" && exit 1)
 
 test/e2e/migrate: bin/cockroach bin/kubectl bin/helm bin/migration-helper build/self-signer test/cluster/up/3

build/templates/cockroachdb-parent/charts/operator/values.yaml

@@ -9,7 +9,7 @@ image:
   # pullPolicy specifies the image pull policy.
   pullPolicy: IfNotPresent
   # tag is the image tag.
-  tag: "6f62639e9fee99d99b0387a9dccda84daa1a489b592b008f2f354ec57eae09ac"
+  tag: "24cc995b44f2ff4a2c30b8290d229602c8b5ad90c74d0843c246f701e30db872"
 # certificate defines the certificate settings for the Operator.
 certificate:
   # validForDays specifies the number of days the certificate is valid for.

cockroachdb-parent/charts/operator/values.yaml

@@ -4,13 +4,13 @@
 # image captures the container image settings for Operator pods.
 image:
   # registry is the container registry where the image is stored.
-  registry: "us-docker.pkg.dev/cockroach-cloud-images/development"
+  registry: "us-docker.pkg.dev/releases-prod/self-hosted"
   # repository defines the image repository.
-  repository: "cockroach-operator@sha256"
+  repository: "cockroachdb-operator@sha256"
   # pullPolicy specifies the image pull policy.
   pullPolicy: IfNotPresent
   # tag is the image tag.
-  tag: "72844b85354fd55b9a487abbd6e253b7d5081f65513c3813fde0ceb7d3ee2f70"
+  tag: "24cc995b44f2ff4a2c30b8290d229602c8b5ad90c74d0843c246f701e30db872"
 # certificate defines the certificate settings for the Operator.
 certificate:
   # validForDays specifies the number of days the certificate is valid for.

tests/e2e/operator/infra/common.go

@@ -18,8 +18,9 @@ import (
 
 // Provider types.
 const (
-	ProviderK3D = "k3d"
-	ProviderGCP = "gcp"
+	ProviderK3D  = "k3d"
+	ProviderKind = "kind"
+	ProviderGCP  = "gcp"
 )
 
 // Common constants.
@@ -49,8 +50,9 @@ const (
 
 // RegionCodes maps provider types to their region codes
 var RegionCodes = map[string][]string{
-	ProviderK3D: {"us-east1", "us-east2"},
-	ProviderGCP: {"us-central1", "us-east1"},
+	ProviderK3D:  {"us-east1", "us-east2"},
+	ProviderKind: {"us-east1", "us-east2"},
+	ProviderGCP:  {"us-central1", "us-east1"},
 }
 
 // LoadBalancerAnnotations contains provider-specific service annotations.
@@ -60,7 +62,8 @@ var LoadBalancerAnnotations = map[string]map[string]string{
 		"networking.gke.io/load-balancer-type":                         "Internal",
 		"cloud.google.com/load-balancer-type":                          "Internal",
 	},
-	ProviderK3D: {},
+	ProviderK3D:  {},
+	ProviderKind: {},
 }
 
 // NetworkConfigs defines standard network configurations for each provider and region.

tests/e2e/operator/infra/local.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"strings"
 	"testing"
 	"time"
 
@@ -24,19 +25,21 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 )
 
-// LocalRegion implements CloudProvider for a local Kubernetes provider (K3d)
+// LocalRegion implements CloudProvider for local Kubernetes providers (K3d and Kind)
 type LocalRegion struct {
 	*operator.Region
-	// "k3d"
+	// "k3d" or "kind"
 	ProviderType string
 }
 
-// SetUpInfra Creates local k3d clusters, deploy CNI, deploy coredns in each cluster.
+// SetUpInfra Creates local k3d and kind clusters, deploy CNI, deploy coredns in each cluster.
 //
 // Multi-region networking approach:
 //   - K3D: Calico CNI with BGP for cross-cluster pod routing, built-in ServiceLB for LBs.
+//   - Kind: default kindnet for in-cluster, Calico objects + BGP peering to advertise
+//     pod/service CIDRs between clusters. MetalLB for CoreDNS LBs.
 //   - CoreDNS instances forward requests for other cluster domains; endpoints can be
-//     ClusterIP/pod IPs.
+//     ClusterIP/pod IPs (with Calico) or LB IPs (with MetalLB).
 func (r *LocalRegion) SetUpInfra(t *testing.T) {
 	// If using existing infra return clients.
 	if r.ReusingInfra {
@@ -70,8 +73,8 @@ func (r *LocalRegion) SetUpInfra(t *testing.T) {
 
 		kubectlOptions := k8s.NewKubectlOptions(cluster, kubeConfig, coreDNSNamespace)
 
-		// Install Calico for multi-cluster networking (k3d)
-		if r.ProviderType == ProviderK3D {
+		// Install Calico for multi-cluster networking
+		if r.ProviderType == ProviderK3D || r.ProviderType == ProviderKind {
 			calico.RegisterCalicoGVK(k8sClient.Scheme())
 			objects := calico.K3DCalicoCNI(calico.K3dClusterBGPConfig{
 				AddressAllocation: i,
@@ -99,6 +102,14 @@ func (r *LocalRegion) SetUpInfra(t *testing.T) {
 			})
 		require.NoError(t, err)
 
+		// For Kind, install MetalLB before creating LoadBalancer services
+		// Calico+BGP provides pod routing; MetalLB provides external LB IPs when needed
+		if r.ProviderType == ProviderKind {
+			// Install MetalLB with Docker network IPs
+			err = r.installMetalLBWithDockerIPs(t, kubectlOptions, i)
+			require.NoError(t, err)
+		}
+
 		// Create a CoreDNS service.
 		service := coredns.CoreDNSService(nil, GetLoadBalancerAnnotations(r.ProviderType))
 		serviceYaml := coredns.ToYAML(t, service)
@@ -153,8 +164,8 @@ func (r *LocalRegion) SetUpInfra(t *testing.T) {
 	r.Clients = clients
 	r.ReusingInfra = true
 
-	// BGP peering setup for multi-region Calico setups (K3D)
-	if r.IsMultiRegion && (r.ProviderType == ProviderK3D) {
+	// BGP peering setup for multi-region Calico setups
+	if r.IsMultiRegion && (r.ProviderType == ProviderK3D || r.ProviderType == ProviderKind) {
 		netConfig := calico.K3dCalicoBGPPeeringOptions{
 			ClusterConfig: map[string]calico.K3dClusterBGPConfig{},
 		}
@@ -197,6 +208,15 @@ func (r *LocalRegion) TeardownInfra(t *testing.T) {
 			},
 			WorkingDir: testutil.GetGitRoot(),
 		}
+	case ProviderKind:
+		cmd = shell.Command{
+			Command: "bash",
+			Args: []string{
+				"tests/kind/dev-multi-cluster-kind.sh",
+				"down",
+			},
+			WorkingDir: testutil.GetGitRoot(),
+		}
 	default:
 		t.Logf("[%s] Unknown provider type for teardown", r.ProviderType)
 		return
@@ -236,6 +256,8 @@ func (r *LocalRegion) setupNetworking(t *testing.T, ctx context.Context, region
 	switch r.ProviderType {
 	case ProviderK3D:
 		labelSelector = fmt.Sprintf("%s=%s", "node-role.kubernetes.io/master", "true")
+	case ProviderKind:
+		labelSelector = fmt.Sprintf("%s=%s", "node-role.kubernetes.io/control-plane", "")
 	default:
 		return fmt.Errorf("unknown provider type: %s", r.ProviderType)
 	}
@@ -266,7 +288,7 @@ func (r *LocalRegion) setupNetworking(t *testing.T, ctx context.Context, region
 	return nil
 }
 
-// createLocalCluster creates a new local cluster (k3d)
+// createLocalCluster creates a new local cluster (k3d or kind)
 // by calling the appropriate shell command.
 func (r *LocalRegion) createLocalCluster(t *testing.T, clusterName string, nodeCount int) error {
 	t.Logf("[%s] Creating new %s cluster: %s with %d nodes", r.ProviderType, r.ProviderType, clusterName, nodeCount)
@@ -281,6 +303,18 @@ func (r *LocalRegion) createLocalCluster(t *testing.T, clusterName string, nodeC
 			},
 			WorkingDir: testutil.GetGitRoot(),
 		}
+	case ProviderKind:
+		cmd = shell.Command{
+			Command: "bash",
+			Args: []string{
+				"tests/kind/dev-multi-cluster-kind.sh",
+				"up",
+				"--name=chart-testing",
+				fmt.Sprintf("--nodes=%d", nodeCount),
+				fmt.Sprintf("--clusters=%d", len(r.Clusters)),
+			},
+			WorkingDir: testutil.GetGitRoot(),
+		}
 	default:
 		return fmt.Errorf("unknown provider type: %s", r.ProviderType)
 	}
@@ -297,3 +331,113 @@ func (r *LocalRegion) createLocalCluster(t *testing.T, clusterName string, nodeC
 	t.Logf("[%s] Successfully created new %s cluster: %s", r.ProviderType, r.ProviderType, clusterName)
 	return nil
 }
+
+// installMetalLBWithDockerIPs installs MetalLB in a Kind cluster and configures it with
+// auto-detected Docker network IPs.
+func (r *LocalRegion) installMetalLBWithDockerIPs(t *testing.T, kubectlOptions *k8s.KubectlOptions, clusterIndex int) error {
+	t.Logf("Installing MetalLB for cluster %s with Docker network IPs", kubectlOptions.ContextName)
+
+	// Create kubectl options for MetalLB namespace
+	kubectlOptionsMetallb := k8s.NewKubectlOptions(kubectlOptions.ContextName, kubectlOptions.ConfigPath, "metallb-system")
+
+	// 1. Install MetalLB using official manifests
+	metallbManifest := "https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yaml"
+
+	t.Logf("Applying MetalLB manifests from %s", metallbManifest)
+	err := k8s.RunKubectlE(t, kubectlOptionsMetallb, "apply", "-f", metallbManifest)
+	if err != nil {
+		return fmt.Errorf("failed to apply MetalLB manifests: %w", err)
+	}
+
+	// 2. Wait for MetalLB controller and speaker to be ready
+	t.Log("Waiting for MetalLB controller deployment to be ready")
+	_, err = retry.DoWithRetryE(t, "wait for metallb controller", defaultRetries, defaultRetryInterval,
+		func() (string, error) {
+			return k8s.RunKubectlAndGetOutputE(t, kubectlOptionsMetallb,
+				"wait", "--for=condition=Available", "deployment/controller", "--timeout=120s")
+		})
+	if err != nil {
+		return fmt.Errorf("MetalLB controller failed to become ready: %w", err)
+	}
+
+	t.Log("Waiting for MetalLB speaker daemonset to be ready")
+	_, err = retry.DoWithRetryE(t, "wait for metallb speaker", defaultRetries, defaultRetryInterval,
+		func() (string, error) {
+			return k8s.RunKubectlAndGetOutputE(t, kubectlOptionsMetallb,
+				"wait", "--for=condition=Ready", "pod", "-l", "app=metallb,component=speaker", "--timeout=120s")
+		})
+	if err != nil {
+		return fmt.Errorf("MetalLB speaker failed to become ready: %w", err)
+	}
+
+	// Note: strictARP (needed for kube-proxy IPVS) is not required for Kind's default iptables mode.
+	// 3. Auto-detect Docker network subnet for the shared multi-cluster network
+	networkName := "kind-chart-testing"
+	t.Logf("Detecting Docker network subnet for %s", networkName)
+
+	cmd := shell.Command{
+		Command: "docker",
+		Args: []string{
+			"network", "inspect", networkName,
+			"--format", "{{(index .IPAM.Config 0).Subnet}}",
+		},
+	}
+
+	output, err := shell.RunCommandAndGetOutputE(t, cmd)
+	if err != nil {
+		return fmt.Errorf("failed to detect Docker network subnet for %s: %w", networkName, err)
+	}
+
+	subnet := strings.TrimSpace(output)
+	t.Logf("Detected Docker subnet for cluster %d: %s", clusterIndex, subnet)
+
+	// 4. Parse subnet and create a unique per-cluster IP range from the high end
+	// Example: 172.20.0.0/16 -> cluster 0: 172.20.255.200-172.20.255.214, cluster 1: 215-229, cluster 2: 230-244
+	parts := strings.Split(subnet, ".")
+	if len(parts) != 4 {
+		return fmt.Errorf("invalid subnet format: %s", subnet)
+	}
+
+	// Compute a non-overlapping range per cluster index within the .255.x space
+	rangeStart := 200 + (clusterIndex * 15)
+	if rangeStart > 254 {
+		rangeStart = 240
+	}
+	rangeEnd := rangeStart + 14
+	if rangeEnd > 254 {
+		rangeEnd = 254
+	}
+	ipRange := fmt.Sprintf("%s.%s.%s.%d-%s.%s.%s.%d", parts[0], parts[1], "255", rangeStart, parts[0], parts[1], "255", rangeEnd)
+	t.Logf("MetalLB IP address pool: %s", ipRange)
+
+	// 5. Apply MetalLB IPAddressPool and L2Advertisement
+	ipPoolYAML := fmt.Sprintf(`
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: kind-pool-%d
+  namespace: metallb-system
+spec:
+  addresses:
+  - %s
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: kind-l2adv-%d
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - kind-pool-%d
+`, clusterIndex, ipRange, clusterIndex, clusterIndex)
+
+	t.Log("Applying MetalLB IPAddressPool and L2Advertisement config")
+	err = k8s.KubectlApplyFromStringE(t, kubectlOptionsMetallb, ipPoolYAML)
+	if err != nil {
+		return fmt.Errorf("failed to apply MetalLB IP pool configuration: %w", err)
+	}
+
+	t.Logf("Successfully installed and configured MetalLB for cluster %s", kubectlOptions.ContextName)
+	t.Logf("MetalLB installed with IP pool: %s", ipRange)
+	return nil
+}

tests/e2e/operator/infra/provider.go

@@ -31,6 +31,10 @@ func ProviderFactory(providerType string, region *operator.Region) CloudProvider
 		provider := LocalRegion{Region: region, ProviderType: ProviderK3D}
 		provider.RegionCodes = GetRegionCodes(providerType)
 		return &provider
+	case ProviderKind:
+		provider := LocalRegion{Region: region, ProviderType: ProviderKind}
+		provider.RegionCodes = GetRegionCodes(providerType)
+		return &provider
 	case ProviderGCP:
 		provider := GcpRegion{Region: region}
 		provider.RegionCodes = GetRegionCodes(providerType)