Enhance pipeline setup for IT to adapt to gardener environment changes

[himanshu-kun]

How to categorize this issue?

/area dev-productivity
/kind enhancement
/priority 1

What would you like to be added:

Enhance the following in current pipeline setup for mcm-provider IT

with @rishabh-11

• Log file renaming should be fixed ( Fix Rotation of log files in IT #864)
• Remove Dependence on kubeconfig for figuring out if control cluster is seed (Remove Kubeconfig dependency for verification of control cluster in IT #869)

with @himanshu-kun

non-pipeline changes:

• Remove old IT code from MCM repo (@piyuagr)

pipeline changes:
@himanshu-kun

• Create a service account mcm-ci-it in mcm-ci with Admin role
• Security requirement: Internal job needed to rotate the token for the kubeconfig associated to SA. The token expires every 90 days (default and max) .
  More info here : https:// pages.github.tools.sap/kubernetes/gardener/docs/guides/sap-internal/security/token-request-api/) (Remove interim spaces to make the link)
  • need to be rotated manually every 90days and updated in secret-server, as cc-config rotation method
• should we create another service account for userData refreshing, or use existing account of any other developer.

@piyuagr

• Use the kubeconfig to generate admin kubeconfig for *-oot-control and *-oot-target clusters (This step will need to be done everytime the IT is run in pipeline)
• Turn *-oot-control clusters Worker less to save costs (we can remove *-oot-control also)
  • See if control cluster = target cluster is working fine in IT

@sssash18

• Create a cluster role and binding which gives access to secrets in garden-core namespace. Associate binding with service account.

Why is this needed:

Recently security hardening has been done for gardener deployment where the kubeconfigs have turned non-static (expires after 24h max). This has created problems for our pipeline IT , given the way we currently set them up. Through this issue we plan to make minimal changes to get the IT up and running.
Some other changes (not-urgent-for-now) are tracked in #787

[himanshu-kun]

/assign @rishabh-11 for point 4

[gardener-robot]

@himanshu-kun You have mentioned internal references in the public. Please check.

[gardener-robot]

@himanshu-kun You have mentioned internal references in the public. Please check.

[gardener-robot]

@himanshu-kun You have mentioned internal references in the public. Please check.

[gardener-robot]

@himanshu-kun You have mentioned internal references in the public. Please check.

[gardener-robot]

@himanshu-kun You have mentioned internal references in the public. Please check.

[himanshu-kun]

/close , as this is now tracked in an internal issue

[gardener-robot]

@piyuagr You have mentioned internal references in the public. Please check.