use insecure registry to exercise /etc/containers in e2e

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
operator-framework · Sep 11, 2024 · 41f0aaf · 41f0aaf
1 parent 33af250
commit 41f0aaf
Show file tree

Hide file tree

Showing 7 changed files with 58 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -163,8 +163,9 @@ test-unit: $(SETUP_ENVTEST) #HELP Run the unit tests
                 $(UNIT_TEST_DIRS) \
                 -test.gocoverdir=$(ROOT_DIR)/coverage/unit
 
+E2E_REGISTRY_CERT_REF := ClusterIssuer/olmv1-ca # By default, we'll use a trusted CA for the registry.
 image-registry: ## Setup in-cluster image registry
-	./hack/test/image-registry.sh $(E2E_REGISTRY_NAMESPACE) $(E2E_REGISTRY_NAME)
+	./hack/test/image-registry.sh $(E2E_REGISTRY_NAMESPACE) $(E2E_REGISTRY_NAME) $(E2E_REGISTRY_CERT_REF)
 
 build-push-e2e-catalog: ## Build the testdata catalog used for e2e tests and push it to the image registry
 	./hack/test/build-push-e2e-catalog.sh $(E2E_REGISTRY_NAMESPACE) $(LOCAL_REGISTRY_HOST)/$(E2E_TEST_CATALOG_V1)
@@ -179,6 +180,7 @@ build-push-e2e-catalog: ## Build the testdata catalog used for e2e tests and pus
 test-e2e: KIND_CLUSTER_NAME := operator-controller-e2e
 test-e2e: KUSTOMIZE_BUILD_DIR := config/overlays/e2e
 test-e2e: GO_BUILD_FLAGS := -cover
+test-e2e: E2E_REGISTRY_CERT_REF := Issuer/selfsigned-issuer
 test-e2e: run image-registry build-push-e2e-catalog registry-load-bundles e2e e2e-coverage kind-clean #HELP Run e2e test suite on local kind cluster
 
 .PHONY: extension-developer-e2e

diff --git a/config/components/registries-conf/kustomization.yaml b/config/components/registries-conf/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+namespace: olmv1-system
+resources:
+- registries_conf_configmap.yaml
+patches:
+- path: manager_e2e_registries_conf_patch.yaml
diff --git a/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml b/config/components/registries-conf/manager_e2e_registries_conf_patch.yaml
@@ -0,0 +1,18 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: kube-rbac-proxy
+      - name: manager
+        volumeMounts:
+        - name: e2e-registries-conf
+          mountPath: /etc/containers
+      volumes:
+      - name: e2e-registries-conf
+        configMap:
+          name: e2e-registries-conf
diff --git a/config/components/registries-conf/registries_conf_configmap.yaml b/config/components/registries-conf/registries_conf_configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: e2e-registries-conf
+  namespace: system
+data:
+  registries.conf: |
+    [[registry]]
+    prefix = "docker-registry.operator-controller-e2e.svc.cluster.local:5000"
+    insecure = true
+    location = "docker-registry.operator-controller-e2e.svc.cluster.local:5000"
diff --git a/config/overlays/e2e/kustomization.yaml b/config/overlays/e2e/kustomization.yaml
@@ -7,5 +7,6 @@ resources:
 components:
 - ../../components/tls
 - ../../components/coverage
+- ../../components/registries-conf
 # ca must be last or (tls|coverage) will overwrite the namespaces
 - ../../components/ca
diff --git a/hack/test/image-registry.sh b/hack/test/image-registry.sh
@@ -7,27 +7,40 @@ set -o pipefail
 help="
 image-registry.sh is a script to stand up an image registry within a cluster.
 Usage:
-  image-registry.sh [NAMESPACE] [NAME]
+  image-registry.sh [NAMESPACE] [NAME] [CERT_REF]
 
 Argument Descriptions:
   - NAMESPACE is the namespace that should be created and is the namespace in which the image registry will be created
   - NAME is the name that should be used for the image registry Deployment and Service
+  - CERT_REF is the reference to the CA certificate that should be used to serve the image registry over HTTPS, in the
+    format of 'Issuer/<issuer-name>' or 'ClusterIssuer/<cluster-issuer-name>'
 "
 
-if [[ "$#" -ne 2 ]]; then
+if [[ "$#" -ne 3 ]]; then
   echo "Illegal number of arguments passed"
   echo "${help}"
   exit 1
 fi
 
 namespace=$1
 name=$2
+certRef=$3
+
+echo "CERT_REF: ${certRef}"
 
 kubectl apply -f - << EOF
 apiVersion: v1
 kind: Namespace
 metadata:
   name: ${namespace}
+---
+ apiVersion: cert-manager.io/v1
+ kind: Issuer
+ metadata:
+   name: selfsigned-issuer
+   namespace: ${namespace}
+ spec:
+   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
@@ -44,8 +57,8 @@ spec:
     algorithm: ECDSA
     size: 256
   issuerRef:
-    name: olmv1-ca
-    kind: ClusterIssuer
+    name: ${certRef#*/}
+    kind: ${certRef%/*}
     group: cert-manager.io
 ---
 apiVersion: apps/v1

diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go
@@ -758,6 +758,7 @@ func TestClusterExtensionInstallReResolvesWhenManagedContentChanged(t *testing.T
 		}
 		assert.Equal(ct, metav1.ConditionTrue, cond.Status)
 		assert.Equal(ct, ocv1alpha1.ReasonSuccess, cond.Reason)
+		assert.Contains(ct, cond.Message, "Installed bundle")
 		assert.Equal(ct,
 			&ocv1alpha1.ClusterExtensionResolutionStatus{Bundle: &ocv1alpha1.BundleMetadata{
 				Name:    "prometheus-operator.1.2.0",