Backport support for K8s 1.24 (#3332)

Author: rjeberhard

Jenkinsfile

@@ -23,6 +23,30 @@ def kind_k8s_map = [
         '1.21':    'kindest/node:v1.21.10@sha256:84709f09756ba4f863769bdcabe5edafc2ada72d3c8c44d6515fc581b66b029c',
         '1.20.15': 'kindest/node:v1.20.15@sha256:393bb9096c6c4d723bb17bceb0896407d7db581532d11ea2839c80b28e5d8deb',
         '1.20':    'kindest/node:v1.20.15@sha256:393bb9096c6c4d723bb17bceb0896407d7db581532d11ea2839c80b28e5d8deb'
+    ],
+    '0.13.0': [
+        '1.24.0':  'kindest/node:v1.24.0@sha256:406fd86d48eaf4c04c7280cd1d2ca1d61e7d0d61ddef0125cb097bc7b82ed6a1',
+        '1.24':    'kindest/node:v1.24.0@sha256:406fd86d48eaf4c04c7280cd1d2ca1d61e7d0d61ddef0125cb097bc7b82ed6a1',
+        '1.23.6':  'kindest/node:v1.23.6@sha256:1af0f1bee4c3c0fe9b07de5e5d3fafeb2eec7b4e1b268ae89fcab96ec67e8355',
+        '1.23':    'kindest/node:v1.23.6@sha256:1af0f1bee4c3c0fe9b07de5e5d3fafeb2eec7b4e1b268ae89fcab96ec67e8355',
+        '1.22.9':  'kindest/node:v1.22.9@sha256:6e57a6b0c493c7d7183a1151acff0bfa44bf37eb668826bf00da5637c55b6d5e',
+        '1.22':    'kindest/node:v1.22.9@sha256:6e57a6b0c493c7d7183a1151acff0bfa44bf37eb668826bf00da5637c55b6d5e',
+        '1.21.12': 'kindest/node:v1.21.12@sha256:ae05d44cc636ee961068399ea5123ae421790f472c309900c151a44ee35c3e3e',
+        '1.21':    'kindest/node:v1.21.12@sha256:ae05d44cc636ee961068399ea5123ae421790f472c309900c151a44ee35c3e3e',
+        '1.20.15': 'kindest/node:v1.20.15@sha256:a6ce604504db064c5e25921c6c0fffea64507109a1f2a512b1b562ac37d652f3',
+        '1.20':    'kindest/node:v1.20.15@sha256:a6ce604504db064c5e25921c6c0fffea64507109a1f2a512b1b562ac37d652f3'
+    ],
+    '0.14.0': [
+        '1.24.0':  'kindest/node:v1.24.0@sha256:0866296e693efe1fed79d5e6c7af8df71fc73ae45e3679af05342239cdc5bc8e',
+        '1.24':    'kindest/node:v1.24.0@sha256:0866296e693efe1fed79d5e6c7af8df71fc73ae45e3679af05342239cdc5bc8e',
+        '1.23.6':  'kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae',
+        '1.23':    'kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae',
+        '1.22.9':  'kindest/node:v1.22.9@sha256:8135260b959dfe320206eb36b3aeda9cffcb262f4b44cda6b33f7bb73f453105',
+        '1.22':    'kindest/node:v1.22.9@sha256:8135260b959dfe320206eb36b3aeda9cffcb262f4b44cda6b33f7bb73f453105',
+        '1.21.12': 'kindest/node:v1.21.12@sha256:f316b33dd88f8196379f38feb80545ef3ed44d9197dca1bfd48bcb1583210207',
+        '1.21':    'kindest/node:v1.21.12@sha256:f316b33dd88f8196379f38feb80545ef3ed44d9197dca1bfd48bcb1583210207',
+        '1.20.15': 'kindest/node:v1.20.15@sha256:6f2d011dffe182bad80b85f6c00e8ca9d86b5b8922cdf433d53575c4c5212248',
+        '1.20':    'kindest/node:v1.20.15@sha256:6f2d011dffe182bad80b85f6c00e8ca9d86b5b8922cdf433d53575c4c5212248'
     ]
 ]
 def _kind_image = null
@@ -87,21 +111,28 @@ pipeline {
         choice(name: 'KIND_VERSION',
                description: 'Kind version.',
                choices: [
+                   '0.14.0',
+                   '0.13.0',
                    '0.12.0',
                    '0.11.1'
                ]
         )
         choice(name: 'KUBE_VERSION',
-               description: 'Kubernetes version. Supported values depend on the Kind version. Kind 0.12.0: 1.23, 1.23.4, 1.22, 1.22.10, 1.21, 1.21.10, 1.20, 1.20.15. Kind 0.11.1: 1.23, 1.23.3, 1.22, 1.22.5, 1.21, 1.21.1, 1.20, 1.20.7, 1.19, 1.19.11.',
+               description: 'Kubernetes version. Supported values depend on the Kind version. Kind 0.13.0 and 0.14.0: 1.24, 1.24.0, 1.23, 1.23.6, 1.22, 1.22.9, 1.21, 1.21.12, 1.20, 1.20.15, Kind 0.12.0: 1.23, 1.23.4, 1.22, 1.22.7, 1.21, 1.21.10, 1.20, 1.20.15. Kind 0.11.1: 1.23, 1.23.3, 1.22, 1.22.5, 1.21, 1.21.1, 1.20, 1.20.7, 1.19, 1.19.11.',
                choices: [
                     // The first item in the list is the default value...
-                    '1.21.10',
+                    '1.21.12',
+                    '1.24',
+                    '1.24.0',
+                    '1.23.6',
                     '1.23.4',
                     '1.23.3',
                     '1.23',
-                    '1.22.10',
+                    '1.22.9',
+                    '1.22.7',
                     '1.22.5',
                     '1.22',
+                    '1.21.10',
                     '1.21.1',
                     '1.21',
                     '1.20.15',

documentation/3.4/content/userguide/prerequisites/introduction.md

@@ -7,7 +7,7 @@ weight: 2
 
 For the current production release {{< latestVersion >}}:
 
-* Kubernetes 1.19.15+, 1.20.11+, 1.21.5+, 1.22.5+, and 1.23.4+ (check with `kubectl version`).
+* Kubernetes 1.19.15+, 1.20.11+, 1.21.5+, 1.22.5+, 1.23.4+, and 1.24.0+ (check with `kubectl version`).
 * Flannel networking v0.13.0-amd64 or later (check with `docker images | grep flannel`), Calico networking v3.16.1 or later,
  *or* OpenShift SDN on OpenShift 4.3 systems.
 * Docker 19.03.1+ (check with `docker version`) *or* CRI-O 1.20.2+ (check with `crictl version | grep RuntimeVersion`).

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItManageNameSpace.java

@@ -480,7 +480,7 @@ private boolean isOperatorFailedToScaleDomain(String opNamespace, String domainU
 
   private static void setLabelToNamespace(String domainNS, Map<String, String> labels) {
     testUntil(() -> {
-      V1Namespace namespaceObject = assertDoesNotThrow(() -> Kubernetes.getNamespaceAsObject(domainNS));
+      V1Namespace namespaceObject = assertDoesNotThrow(() -> Kubernetes.getNamespace(domainNS));
       if (namespaceObject == null) {
         logger.info("namespace object is null");
         return false;
@@ -491,7 +491,7 @@ private static void setLabelToNamespace(String domainNS, Map<String, String> lab
         logger.info("Before replacing the namespace object\n {0}", Yaml.dump(namespaceObject));
         Kubernetes.replaceNamespace(namespaceObject);
         logger.info("After replacing the namespace object\n {0}",
-            Yaml.dump(Kubernetes.getNamespaceAsObject(domainNS)));
+            Yaml.dump(Kubernetes.getNamespace(domainNS)));
       } catch (ApiException e) {
         logger.warning(e.getResponseBody());
         return false;

integration-tests/src/test/java/oracle/weblogic/kubernetes/actions/impl/Secret.java

@@ -1,27 +1,24 @@
-// Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+// Copyright (c) 2020, 2022, Oracle and/or its affiliates.
 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 package oracle.weblogic.kubernetes.actions.impl;
 
 import java.util.ArrayList;
 import java.util.Base64;
+import java.util.Collections;
 import java.util.List;
-import java.util.concurrent.TimeUnit;
+import java.util.Map;
+import java.util.Optional;
 
 import io.kubernetes.client.openapi.ApiException;
-import io.kubernetes.client.openapi.models.V1ObjectReference;
+import io.kubernetes.client.openapi.models.V1ObjectMeta;
 import io.kubernetes.client.openapi.models.V1Secret;
 import io.kubernetes.client.openapi.models.V1SecretList;
-import io.kubernetes.client.openapi.models.V1ServiceAccount;
-import io.kubernetes.client.openapi.models.V1ServiceAccountList;
 import oracle.weblogic.kubernetes.actions.impl.primitive.Kubernetes;
 import oracle.weblogic.kubernetes.logging.LoggingFacade;
 
-import static oracle.weblogic.kubernetes.TestConstants.OKD;
-import static oracle.weblogic.kubernetes.actions.impl.primitive.Kubernetes.listServiceAccounts;
-import static oracle.weblogic.kubernetes.actions.impl.primitive.Kubernetes.readSecretByReference;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.testUntil;
 import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 
 public class Secret {
 
@@ -56,52 +53,52 @@ public static boolean delete(String name, String namespace) {
   public static String getSecretOfServiceAccount(String namespace, String serviceAccountName) {
 
     LoggingFacade logger = getLogger();
-    List<V1Secret> v1Secrets = new ArrayList<>();
-    List<V1ServiceAccount> v1ServiceAccounts = new ArrayList<>();
-    List<V1Secret> v1SaSecrets = new ArrayList<>();
-    String token = null;
-
-    if (!OKD) {
-      V1SecretList secretList = listSecrets(namespace);
-      if (secretList != null) {
-        v1Secrets = secretList.getItems();
-      }
 
-      for (V1Secret v1Secret : v1Secrets) {
-        if (v1Secret.getMetadata() != null && v1Secret.getMetadata().getName() != null) {
-          logger.info(" secret name = {0}", v1Secret.getMetadata().getName());
-          if (v1Secret.getMetadata().getName().startsWith(serviceAccountName)) {
-            return v1Secret.getMetadata().getName();
-          }
-        }
-      }
-    } else {
-      logger.info("service account = {0}", serviceAccountName);
-      logger.info("namespace = {0}", namespace);
-      V1ServiceAccountList serviceAccountList = listServiceAccounts(namespace);
-      if (serviceAccountList != null) {
-        v1ServiceAccounts = serviceAccountList.getItems();
+    logger.info("service account = {0}", serviceAccountName);
+    logger.info("namespace = {0}", namespace);
+    V1SecretList secretList = listSecrets(namespace);
+    for (V1Secret v1Secret : secretList.getItems()) {
+      V1ObjectMeta meta = Optional.ofNullable(v1Secret).map(V1Secret::getMetadata).orElse(new V1ObjectMeta());
+      Map<String, String> annotations =
+              Optional.of(meta).map(V1ObjectMeta::getAnnotations).orElse(Collections.emptyMap());
+      String saName = annotations.get("kubernetes.io/service-account.name");
+      if (serviceAccountName.equals(saName)) {
+        logger.info("secret name = {0}", meta.getName());
+        return meta.getName();
       }
+    }
 
-      try {
-        for (V1ServiceAccount v1ServiceAccount : v1ServiceAccounts) {
-          if (v1ServiceAccount.getMetadata() != null && v1ServiceAccount.getMetadata().getName() != null) {
-            if (v1ServiceAccount.getMetadata().getName().startsWith(serviceAccountName)) {
-              List<V1ObjectReference> saSecretList = v1ServiceAccount.getSecrets();
-              for (V1ObjectReference reference : saSecretList) {
-                // Get the secret.
-                V1Secret secret = readSecretByReference(reference, namespace);
-                logger.info("secret token = {0}", secret.getMetadata().getName());
-                return secret.getMetadata().getName();
-              }
-            }
-          }
-        }
-      } catch (ApiException apie) {
-        logger.info(" got ApiException");
-      }
+    logger.info("No secret found for service account; creating one");
+    String saSecretName = serviceAccountName + "-" + "sa-token";
+    V1Secret saSecret = new V1Secret()
+            .type("kubernetes.io/service-account-token")
+            .metadata(new V1ObjectMeta()
+                    .name(saSecretName)
+                    .namespace(namespace)
+                    .putAnnotationsItem("kubernetes.io/service-account.name", serviceAccountName));
+
+    try {
+      Kubernetes.createSecret(saSecret);
+    } catch (ApiException e) {
+      logger.severe("failed to create secret for service account", e);
+      return "";
     }
-    return "";
+
+    testUntil(
+            () -> hasToken(saSecretName, namespace),
+            logger,
+            "Waiting for token to be populated in secret");
+
+    return saSecretName;
+  }
+
+  private static boolean hasToken(String saSecretName, String namespace) throws ApiException {
+    V1Secret secret = Kubernetes.getSecret(saSecretName, namespace);
+    if (secret != null) {
+      Map<String, byte[]> data = Optional.of(secret).map(V1Secret::getData).orElse(Collections.emptyMap());
+      return data.containsKey("token");
+    }
+    return false;
   }
 
   /**
@@ -112,38 +109,26 @@ public static String getSecretOfServiceAccount(String namespace, String serviceA
    * @return the encoded token of the secret
    */
   public static String getSecretEncodedToken(String namespace, String secretName) {
-    LoggingFacade logger = getLogger();
-    for (int i = 0; i < 10; i++) {
-      String token = getToken(namespace, secretName);
-      if (token != null) {
-        logger.info("Got the token {0}", token);
-        return token;
-      }
-      logger.info("Token is null, retrying after 5 seconds");
-      assertDoesNotThrow(() -> TimeUnit.SECONDS.sleep(5));
-    }
-    logger.warning("Secret token is null");
-    return null;
-  }
 
-  private static String getToken(String namespace, String secretName) {
-    String token = null;
     List<V1Secret> v1Secrets = new ArrayList<>();
+
     V1SecretList secretList = listSecrets(namespace);
     if (secretList != null) {
       v1Secrets = secretList.getItems();
     }
+
     for (V1Secret v1Secret : v1Secrets) {
       if (v1Secret.getMetadata() != null && v1Secret.getMetadata().getName() != null) {
         if (v1Secret.getMetadata().getName().equals(secretName)) {
-          if (v1Secret.getData() != null && v1Secret.getData().get("token") != null) {
+          if (v1Secret.getData() != null) {
             byte[] encodedToken = v1Secret.getData().get("token");
-            token = Base64.getEncoder().encodeToString(encodedToken);
+            return Base64.getEncoder().encodeToString(encodedToken);
           }
         }
       }
     }
-    return token;
+
+    return "";
   }
 
   /**

integration-tests/src/test/java/oracle/weblogic/kubernetes/actions/impl/primitive/Kubernetes.java

@@ -990,12 +990,12 @@ public static V1NamespaceList listNamespacesAsObjects() throws ApiException {
   }
 
   /**
-   * Return Namespace object for the given name from the Kubernetes cluster as V1Namespace object.
+   * Gets namespace.
    * @name name of namespace.
    * @return V1Namespace  Namespace object from the Kubernetes cluster
    * @throws ApiException if Kubernetes client API call fails
    */
-  public static V1Namespace getNamespaceAsObject(String name) throws ApiException {
+  public static V1Namespace getNamespace(String name) throws ApiException {
     try {
       V1NamespaceList namespaceList = coreV1Api.listNamespace(
           PRETTY, // pretty print output
@@ -1633,6 +1633,18 @@ public static boolean createSecret(V1Secret secret) throws ApiException {
     return true;
   }
 
+  /**
+   * Gets a Kubernetes Secret.
+   *
+   * @param secretName Name of secret
+   * @param namespace Namespace
+   * @return secret, if found
+   * @throws ApiException if Kubernetes client API call fails
+   */
+  public static V1Secret getSecret(String secretName, String namespace) throws ApiException {
+    return coreV1Api.readNamespacedSecret(secretName, namespace, PRETTY);
+  }
+
   /**
    * Delete a Kubernetes Secret.
    *

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/BuildApplication.java

@@ -30,13 +30,12 @@
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.podReady;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.testUntil;
 import static oracle.weblogic.kubernetes.utils.ImageUtils.createBaseRepoSecret;
-import static oracle.weblogic.kubernetes.utils.SecretUtils.verifyDefaultTokenExists;
+import static oracle.weblogic.kubernetes.utils.SecretUtils.verifyNamespaceActive;
 import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
 import static org.apache.commons.io.FileUtils.copyDirectory;
 import static org.apache.commons.io.FileUtils.deleteDirectory;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 
-
 /**
  * Utility class to build application.
  */
@@ -233,7 +232,7 @@ public static Path buildApplication(
    */
   public static V1Pod setupWebLogicPod(String namespace, V1Container container) {
     final LoggingFacade logger = getLogger();
-    verifyDefaultTokenExists();
+    verifyNamespaceActive();
 
     //want to create a pod with a unique name
     //If a test calls buildApplication for 2 (or more) different applications