Bumping envtest to 1.24 (#5835)

VenkatRamaraju · everettraven · web-flow · commit 013d9c8cfca7 · 2022-06-11T00:13:46.000-04:00
* bumped envtest to 1.24
* 1.24.1
* new kind version

Signed-off-by: Venkat Ramaraju &lt;vramaraj@redhat.com&gt;

* update e2e tests per k8s 1.24 changes
* fix helm &amp; ansible e2e
* add license header to sa_secret.go

Signed-off-by: Bryce Palmer &lt;bpalmer@redhat.com&gt;

Co-authored-by: Bryce Palmer &lt;bpalmer@redhat.com&gt;
diff --git a/Makefile b/Makefile
@@ -9,9 +9,7 @@ export IMAGE_VERSION = v1.21.0
 export SIMPLE_VERSION = $(shell (test "$(shell git describe --tags)" = "$(shell git describe --tags --abbrev=0)" && echo $(shell git describe --tags)) || echo $(shell git describe --tags --abbrev=0)+git)
 export GIT_VERSION = $(shell git describe --dirty --tags --always)
 export GIT_COMMIT = $(shell git rev-parse HEAD)
-export K8S_VERSION = 1.23
-# TODO: bump this to 1.21, after kubectl `--generator` flag is removed from e2e tests.
-export ENVTEST_K8S_VERSION = 1.23.1
+export K8S_VERSION = 1.24.1
 
 # Build settings
 export TOOLS_DIR = tools/bin
@@ -155,21 +153,21 @@ e2e_targets := test-e2e $(e2e_tests)
 .PHONY: test-e2e-setup
 export KIND_CLUSTER := osdk-test
 
-KUBEBUILDER_ASSETS = $(PWD)/$(shell go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest && $(shell go env GOPATH)/bin/setup-envtest use $(ENVTEST_K8S_VERSION) --bin-dir tools/bin/ -p path)
+KUBEBUILDER_ASSETS = $(PWD)/$(shell go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest && $(shell go env GOPATH)/bin/setup-envtest use $(K8S_VERSION) --bin-dir tools/bin/ -p path)
 test-e2e-setup:: build dev-install cluster-create
 
 .PHONY: cluster-create
 cluster-create::
-	[[ "`$(TOOLS_DIR)/kind get clusters`" =~ "$(KIND_CLUSTER)" ]] || $(TOOLS_DIR)/kind create cluster --image="kindest/node:v$(ENVTEST_K8S_VERSION)" --name $(KIND_CLUSTER)
+	[[ "`$(TOOLS_DIR)/kind get clusters`" =~ "$(KIND_CLUSTER)" ]] || $(TOOLS_DIR)/kind create cluster --image="kindest/node:v$(K8S_VERSION)" --name $(KIND_CLUSTER)
 
 .PHONY: dev-install
 dev-install::
-	$(SCRIPTS_DIR)/fetch kind 0.11.0
-	$(SCRIPTS_DIR)/fetch kubectl $(ENVTEST_K8S_VERSION) # Install kubectl AFTER envtest because envtest includes its own kubectl binary
+	$(SCRIPTS_DIR)/fetch kind 0.14.0
+	$(SCRIPTS_DIR)/fetch kubectl $(K8S_VERSION) # Install kubectl AFTER envtest because envtest includes its own kubectl binary
 
 .PHONY: test-e2e-teardown
 test-e2e-teardown:
-	$(SCRIPTS_DIR)/fetch kind 0.11.0
+	$(SCRIPTS_DIR)/fetch kind 0.14.0
 	$(TOOLS_DIR)/kind delete cluster --name $(KIND_CLUSTER)
 	rm -f $(KUBECONFIG)
 
diff --git a/test/common/sa_secret.go b/test/common/sa_secret.go
@@ -0,0 +1,42 @@
+// Copyright 2022 The Operator-SDK Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package common
+
+import (
+	"fmt"
+	"os"
+)
+
+var saSecretTemplate = `---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: %s
+  annotations:
+    kubernetes.io/service-account.name: "%s"
+`
+
+// GetSASecret writes a service account token secret to a file. It returns a string to the file or an error if it fails to write the file
+func GetSASecret(name string, dir string) (string, error) {
+	secretName := name + "-secret"
+	fileName := dir + "/" + secretName + ".yaml"
+	err := os.WriteFile(fileName, []byte(fmt.Sprintf(saSecretTemplate, secretName, name)), 0777)
+	if err != nil {
+		return "", err
+	}
+
+	return fileName, nil
+}
diff --git a/test/e2e/ansible/cluster_test.go b/test/e2e/ansible/cluster_test.go
@@ -26,6 +26,7 @@ import (
 	kbtutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util"
 
 	"github.com/operator-framework/operator-sdk/internal/testutils"
+	"github.com/operator-framework/operator-sdk/test/common"
 )
 
 var _ = Describe("Running ansible projects", func() {
@@ -244,6 +245,15 @@ var _ = Describe("Running ansible projects", func() {
 			}
 			Eventually(verifyMemcachedPatch, time.Minute, time.Second).Should(Succeed())
 
+			// As of Kubernetes 1.24 a ServiceAccount no longer has a ServiceAccount token secret autogenerated. We have to create it manually here
+			By("Creating the ServiceAccount token")
+			secretFile, err := common.GetSASecret(tc.Kubectl.ServiceAccount, tc.Dir)
+			Expect(err).NotTo(HaveOccurred())
+			Eventually(func() error {
+				_, err = tc.Kubectl.Apply(true, "-f", secretFile)
+				return err
+			}, time.Minute, time.Second).Should(Succeed())
+
 			By("granting permissions to access the metrics and read the token")
 			_, err = tc.Kubectl.Command("create", "clusterrolebinding", metricsClusterRoleBindingName,
 				fmt.Sprintf("--clusterrole=%s-metrics-reader", tc.ProjectName),
@@ -263,8 +273,7 @@ var _ = Describe("Running ansible projects", func() {
 
 			By("creating a curl pod")
 			cmdOpts := []string{
-				"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure",
-				"--serviceaccount", tc.Kubectl.ServiceAccount, "--",
+				"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", "--",
 				"curl", "-v", "-k", "-H", fmt.Sprintf(`Authorization: Bearer %s`, token),
 				fmt.Sprintf("https://%s-controller-manager-metrics-service.%s.svc:8443/metrics", tc.ProjectName, tc.Kubectl.Namespace),
 			}
diff --git a/test/e2e/go/cluster_test.go b/test/e2e/go/cluster_test.go
@@ -30,6 +30,7 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/operator-framework/operator-sdk/internal/testutils"
+	"github.com/operator-framework/operator-sdk/test/common"
 )
 
 var _ = Describe("operator-sdk", func() {
@@ -124,6 +125,15 @@ var _ = Describe("operator-sdk", func() {
 				fmt.Sprintf("--serviceaccount=%s:%s", tc.Kubectl.Namespace, tc.Kubectl.ServiceAccount))
 			Expect(err).NotTo(HaveOccurred())
 
+			// As of Kubernetes 1.24 a ServiceAccount no longer has a ServiceAccount token secret autogenerated. We have to create it manually here
+			By("Creating the ServiceAccount token")
+			secretFile, err := common.GetSASecret(tc.Kubectl.ServiceAccount, tc.Dir)
+			Expect(err).NotTo(HaveOccurred())
+			Eventually(func() error {
+				_, err = tc.Kubectl.Apply(true, "-f", secretFile)
+				return err
+			}, time.Minute, time.Second).Should(Succeed())
+
 			By("reading the metrics token")
 			// Filter token query by service account in case more than one exists in a namespace.
 			query := fmt.Sprintf(`{.items[?(@.metadata.annotations.kubernetes\.io/service-account\.name=="%s")].data.token}`,
@@ -137,8 +147,7 @@ var _ = Describe("operator-sdk", func() {
 
 			By("creating a curl pod")
 			cmdOpts := []string{
-				"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure",
-				"--serviceaccount", tc.Kubectl.ServiceAccount, "--",
+				"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", "--",
 				"curl", "-v", "-k", "-H", fmt.Sprintf(`Authorization: Bearer %s`, token),
 				fmt.Sprintf("https://%s-controller-manager-metrics-service.%s.svc:8443/metrics", tc.ProjectName, tc.Kubectl.Namespace),
 			}
diff --git a/test/e2e/helm/cluster_test.go b/test/e2e/helm/cluster_test.go
@@ -26,6 +26,7 @@ import (
 	kbutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util"
 
 	"github.com/operator-framework/operator-sdk/internal/testutils"
+	"github.com/operator-framework/operator-sdk/test/common"
 )
 
 var _ = Describe("Running Helm projects", func() {
@@ -201,6 +202,15 @@ var _ = Describe("Running Helm projects", func() {
 			}
 			Eventually(verifyReleaseUpgrade, time.Minute, time.Second).Should(Succeed())
 
+			// As of Kubernetes 1.24 a ServiceAccount no longer has a ServiceAccount token secret autogenerated. We have to create it manually here
+			By("Creating the ServiceAccount token")
+			secretFile, err := common.GetSASecret(tc.Kubectl.ServiceAccount, tc.Dir)
+			Expect(err).NotTo(HaveOccurred())
+			Eventually(func() error {
+				_, err = tc.Kubectl.Apply(true, "-f", secretFile)
+				return err
+			}, time.Minute, time.Second).Should(Succeed())
+
 			By("granting permissions to access the metrics and read the token")
 			_, err = tc.Kubectl.Command("create", "clusterrolebinding", metricsClusterRoleBindingName,
 				fmt.Sprintf("--clusterrole=%s-metrics-reader", tc.ProjectName),
@@ -220,8 +230,7 @@ var _ = Describe("Running Helm projects", func() {
 
 			By("creating a curl pod")
 			cmdOpts := []string{
-				"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure",
-				"--serviceaccount", tc.Kubectl.ServiceAccount, "--",
+				"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", "--",
 				"curl", "-v", "-k", "-H", fmt.Sprintf(`Authorization: Bearer %s`, token),
 				fmt.Sprintf("https://%s-controller-manager-metrics-service.%s.svc:8443/metrics", tc.ProjectName, tc.Kubectl.Namespace),
 			}
