Merge branch 'main' into renovate/gcr.io-kubebuilder-kube-rbac-proxy-0.x

Author: beeme1mr

.github/workflows/pr-checks.yml

@@ -4,7 +4,11 @@ on:
   push:
     branches:
       - main
+    paths-ignore:
+      - '**.md'
   pull_request:
+    paths-ignore:
+      - '**.md'
 env:
   # Default minimum version of Go to support.
   DEFAULT_GO_VERSION: 1.18
@@ -68,8 +72,6 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-        with:
-          submodules: recursive
       - name: Set up QEMU
         uses: docker/setup-qemu-action@master
         with:
@@ -80,9 +82,10 @@ jobs:
       - name: Build
         uses: docker/build-push-action@v3
         with:
+          builder: ${{ steps.buildx.outputs.name }}
           context: .
           outputs: type=docker,dest=${{ github.workspace }}/open-feature-operator-local.tar
-          tags: open-feature-operator-local:test
+          tags: open-feature-operator-local:${{ github.sha }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
@@ -95,3 +98,39 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"
+      - name: Upload image as artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: open-feature-operator-local-${{ github.sha }}
+          path: ${{ github.workspace }}/open-feature-operator-local.tar
+
+  e2e-test:
+    runs-on: ubuntu-latest
+    needs: docker-local
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.DEFAULT_GO_VERSION }}
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Download image
+        uses: actions/download-artifact@v3
+        with:
+          name: open-feature-operator-local-${{ github.sha }}
+          path: ${{ github.workspace }}
+      - name: Load open-feature-operator image into docker
+        run: |
+          docker load --input ${{ github.workspace }}/open-feature-operator-local.tar
+      - name: Create k8s Kind Cluster
+        uses: helm/[email protected]
+        with:
+          config: ./test/e2e/kind-cluster.yml
+          cluster_name: open-feature-operator-test
+      - name: Load open-feature-operator image into Kind cluster
+        run: |
+          kind load docker-image open-feature-operator-local:${{ github.sha }} --name open-feature-operator-test
+      - name: Run e2e test
+        run: |
+          IMG=open-feature-operator-local:${{ github.sha }} make deploy-operator
+          IMG=open-feature-operator-local:${{ github.sha }} make e2e-test

Makefile

@@ -66,6 +66,13 @@ vet: ## Run go vet against code.
 test: manifests generate fmt vet envtest ## Run tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out
 
+## Requires the operator to be deployed
+.PHONY: e2e-test
+e2e-test: manifests generate fmt vet
+	kubectl -n open-feature-operator-system apply -f ./test/e2e/e2e.yml
+	kubectl wait --for=condition=Available=True deploy --all -n 'open-feature-operator-system'
+	./test/e2e/e2e.sh '{"value":true,"reason":"DEFAULT","variant":"on"}'
+
 .PHONY: lint
 lint:
 	go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@latest

config/manager/manager.yaml

@@ -31,7 +31,7 @@ spec:
         - /manager
         args:
         - --leader-elect
-        imagePullPolicy: Always
+        imagePullPolicy: IfNotPresent
         image: controller:main
         name: manager
         env:

test/e2e/DEVELOPER.md

@@ -0,0 +1,21 @@
+# E2E Testing
+
+This suite tests the end-to-end deployment of open-feature-operator by deploying an nginx reverse proxy and asserting that a curl to the proxy reaches the flagd sidecar created by open-feature-operator.
+
+## Running on a Kind cluster
+
+```shell
+kind create cluster --config ./test/e2e/kind-cluster.yml
+IMG=ghcr.io/open-feature/open-feature-operator:main make deploy-operator
+IMG=ghcr.io/open-feature/open-feature-operator:main make e2e-test
+```
+
+## Running on a Kind cluster using a locally built image
+
+```shell
+kind create cluster --config ./test/e2e/kind-cluster.yml
+kind load docker-image local-image-tag:latest
+IMG=local-image-tag:latest make deploy-operator
+IMG=local-image-tag:latest make e2e-test
+```
+

test/e2e/e2e.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+EXPECTED_RESPONSE="$1"
+
+# attempt up to 5 times
+ATTEMPT_COUNTER=0
+MAX_ATTEMPTS=5
+until RESPONSE=$(curl -s -X POST "localhost:30000/schema.v1.Service/ResolveBoolean" -d '{"flagKey":"simple-flag","context":{}}' -H "Content-Type: application/json"); do
+    if [ ${ATTEMPT_COUNTER} -eq ${MAX_ATTEMPTS} ];then
+      echo "Max attempts reached"
+      exit 1
+    fi
+
+    printf '.'
+    ATTEMPT_COUNTER=$((ATTEMPT_COUNTER+1))
+    sleep 1
+done
+
+RESPONSE="${RESPONSE//[[:space:]]/}" # strip whitespace from response
+
+if [ "$RESPONSE" == "$EXPECTED_RESPONSE" ]
+then
+  echo "Success."
+  exit 0
+else
+  echo "Expected response: $EXPECTED_RESPONSE"
+  echo "Got response: $RESPONSE"
+  exit 1
+fi

test/e2e/e2e.yml

@@ -0,0 +1,95 @@
+# This configuration deploys the means to test the mutating injection webhook by proxying through an nginx server
+# to assert that flagd is reachable
+---
+apiVersion: core.openfeature.dev/v1alpha1
+kind: FeatureFlagConfiguration
+metadata:
+  name: end-to-end-test
+spec:
+  featureFlagSpec: |
+    {
+      "flags": {
+        "simple-flag": {
+          "state": "ENABLED",
+          "variants": {
+            "on": true,
+            "off": false
+          },
+          "defaultVariant": "on"
+        }
+      }
+    }
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: open-feature-e2e-test-sa
+automountServiceAccountToken: true
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: open-feature-e2e-nginx-conf
+data:
+  nginx.conf: |
+    events {}
+    http {
+      server {
+        location / {
+          proxy_pass http://127.0.0.1:8013;
+        }
+      }
+    }
+---
+# Deployment of nginx using our custom resource
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: open-feature-e2e-test-deployment
+  labels:
+    app: open-feature-e2e-test
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: open-feature-e2e-test
+  template:
+    metadata:
+      labels:
+        app: open-feature-e2e-test
+      annotations:
+        openfeature.dev: "enabled"
+        openfeature.dev/featureflagconfiguration: "end-to-end-test"
+    spec:
+      serviceAccountName: open-feature-e2e-test-sa
+      volumes:
+        - name: open-feature-e2e-nginx-conf
+          configMap:
+            name: open-feature-e2e-nginx-conf
+            items:
+              - key: nginx.conf
+                path: nginx.conf
+      containers:
+        - name: open-feature-e2e-test
+          image: nginx:stable-alpine
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: open-feature-e2e-nginx-conf
+              mountPath: /etc/nginx
+              readOnly: true
+---
+# Service exposed using NodePort
+apiVersion: v1
+kind: Service
+metadata:
+  name: open-feature-e2e-test-service
+spec:
+  type: NodePort
+  selector:
+    app: open-feature-e2e-test
+  ports:
+    - protocol: TCP
+      port: 30000
+      targetPort: 80
+      nodePort: 30000

test/e2e/kind-cluster.yml

@@ -0,0 +1,12 @@
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+  - role: control-plane
+    extraPortMappings:
+      - containerPort: 30000
+        hostPort: 30000
+        listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
+        protocol: tcp # Optional, defaults to tcp
+  - role: worker
+  - role: worker
+  - role: worker