Adding GitHub Actions Job for E2E testing. Refactoring kubernetes-k3d Job to use new K3d action for setting up k3d. Adjusting root-cert-ownership kuttl test to work with POSIX shell used in Github Actions.

[sc-17404]

Author: dsessler7

.github/actions/k3d/action.yaml

@@ -0,0 +1,94 @@
+name: k3d
+description: Start k3s using k3d
+inputs:
+  k3d-tag:
+    default: latest
+    required: true
+    description: >
+      Git tag from https://github.com/rancher/k3d/releases or "latest"
+  k3s-channel:
+    default: latest
+    required: true
+    description: >
+      https://rancher.com/docs/k3s/latest/en/upgrades/basic/#release-channels
+  prefetch-images:
+    required: true
+    description: >
+      Each line is the name of an image to fetch onto all Kubernetes nodes
+  prefetch-timeout:
+    default: 90s
+    required: true
+    description: >
+      Amount of time to wait for images to be fetched
+
+outputs:
+  k3d-version:
+    value: ${{ steps.k3d.outputs.k3d }}
+    description: >
+      K3d version
+  kubernetes-version:
+    value: ${{ steps.k3s.outputs.server }}
+    description: >
+      Kubernetes server version, as reported by the Kubernetes API
+  pause-image:
+    value: ${{ steps.k3s.outputs.pause-image }}
+    description: >
+      Pause image for prefetch images DaemonSet
+
+runs:
+  using: composite
+  steps:
+    - id: k3d
+      name: Install k3d
+      shell: bash
+      env:
+        K3D_TAG: ${{ inputs.k3d-tag }}
+      run: |
+        curl --fail --silent https://raw.githubusercontent.com/rancher/k3d/main/install.sh |
+          TAG="${K3D_TAG#latest}" bash
+        k3d version | awk '{ print "${tolower($1)}=${$3}" >> $GITHUB_OUTPUT }'
+
+    - id: k3s
+      name: Start k3s
+      shell: bash
+      run: |
+        k3d cluster create --image '+${{ inputs.k3s-channel }}' --no-lb --timeout=2m --wait
+        kubectl version --short | awk '{ print "${tolower($1)}=${$3}" >> $GITHUB_OUTPUT }'
+
+        PAUSE_IMAGE=$(docker exec $(k3d node list --output json | jq --raw-output 'first.name') \
+          k3s agent --help | awk '$1 == "--pause-image" {
+            match($0, /default: "[^"]*"/);
+            print substr($0, RSTART+10, RLENGTH-11)
+          }')
+        echo "pause-image=${PAUSE_IMAGE}" >> $GITHUB_OUTPUT
+
+    - name: Prefetch container images
+      shell: bash
+      env:
+        INPUT_IMAGES:  ${{ inputs.prefetch-images  }}
+        INPUT_TIMEOUT: ${{ inputs.prefetch-timeout }}
+      run: |
+        jq <<< "$INPUT_IMAGES" --raw-input 'select(. != "")' |
+        jq --slurp \
+          --arg pause '${{ steps.k3s.outputs.pause-image }}' \
+          --argjson labels '{"name":"image-prefetch"}' \
+          --argjson name '"image-prefetch"' \
+        '{
+          apiVersion: "apps/v1", kind: "DaemonSet",
+          metadata: { name: $name, labels: $labels },
+          spec: {
+            selector: { matchLabels: $labels },
+            template: {
+              metadata: { labels: $labels },
+              spec: {
+                initContainers: to_entries | map({
+                  name: "c\(.key)", image: .value, command: ["true"],
+                }),
+                containers: [{ name: "pause", image: $pause }]
+              }
+            }
+          }
+        }' |
+        kubectl create --filename=-
+        kubectl rollout status daemonset.apps/image-prefetch --timeout "$INPUT_TIMEOUT" ||
+        kubectl describe daemonset.apps/image-prefetch

.github/workflows/test.yaml

@@ -60,43 +60,15 @@ jobs:
       - uses: actions/setup-go@v3
         with: { go-version: 1.x }
 
-      - name: Install k3d
-        # Git tag from https://github.com/rancher/k3d/releases or "latest"
-        env: { K3D_TAG: latest }
-        run: |
-          curl --fail --silent https://raw.githubusercontent.com/rancher/k3d/main/install.sh |
-            TAG="${K3D_TAG#latest}" bash && k3d version | head -n1
-
       - name: Start k3s
-        # https://rancher.com/docs/k3s/latest/en/upgrades/basic/#release-channels
-        env: { K3S_CHANNEL: "${{ matrix.kubernetes }}" }
-        run: k3d cluster create --image="+${K3S_CHANNEL}" --no-lb --timeout=2m --wait
+        uses: ./.github/actions/k3d
+        with:
+          k3s-channel: "${{ matrix.kubernetes }}"
+          prefetch-images: |
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.41-2
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.17-5
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.9-2
 
-      - name: Prefetch container images
-        run: |
-          {
-            echo '"registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.6-1"'
-            echo '"registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.38-0"'
-            echo '"registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.16-2"'
-          } |
-          jq --slurp --arg name 'image-prefetch' --argjson labels '{"name":"image-prefetch"}' '{
-            apiVersion: "apps/v1", kind: "DaemonSet",
-            metadata: { name: $name, labels: $labels },
-            spec: {
-              selector: { matchLabels: $labels },
-              template: {
-                metadata: { labels: $labels },
-                spec: {
-                  initContainers: to_entries | map({ name: "c\(.key)", command: ["true"], image: .value }),
-                  containers: [{ name: "pause", image: "k8s.gcr.io/pause:3.5" }]
-                }
-              }
-            }
-          }' |
-          kubectl create --filename=- && {
-            kubectl rollout status daemonset.apps/image-prefetch --timeout=90s ||
-            kubectl describe daemonset.apps/image-prefetch
-          }
       - run: make createnamespaces check-envtest-existing
         env:
           PGO_TEST_TIMEOUT_SCALE: 1.2
@@ -110,6 +82,78 @@ jobs:
           path: envtest-existing.coverage.gz
           retention-days: 1
 
+  kuttl-k3d:
+    runs-on: ubuntu-20.04
+    needs: [go-test]
+    strategy:
+      fail-fast: false
+      matrix:
+        kubernetes: [v1.25, v1.24, v1.23, v1.22, v1.21]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with: { go-version: 1.x }
+
+      - name: Start k3s
+        uses: ./.github/actions/k3d
+        with:
+          k3s-channel: "${{ matrix.kubernetes }}"
+          prefetch-images: |
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-8
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.41-2
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.17-5
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.3.0-0
+            registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi8-5.3.0-0
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.9-2
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-13.9-3.1-2
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.6-2
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.1-2
+      - run: go mod download
+      - name: Build executable
+        run: PGO_VERSION='${{ github.sha }}' make build-postgres-operator
+
+      # Start a Docker container with the working directory mounted.
+      - name: Start PGO
+        run: |
+          kubectl apply --server-side -k ./config/namespace
+          kubectl apply --server-side -k ./config/dev
+          hack/create-kubeconfig.sh postgres-operator pgo
+          docker run --detach --network host --read-only \
+            --volume "$(pwd):/mnt" --workdir '/mnt' --env 'PATH=/mnt/bin' \
+            --env 'KUBECONFIG=hack/.kube/postgres-operator/pgo' \
+            --env 'RELATED_IMAGE_PGADMIN=registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-8' \
+            --env 'RELATED_IMAGE_PGBACKREST=registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.41-2' \
+            --env 'RELATED_IMAGE_PGBOUNCER=registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.17-5' \
+            --env 'RELATED_IMAGE_PGEXPORTER=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.3.0-0' \
+            --env 'RELATED_IMAGE_PGUPGRADE=registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi8-5.3.0-0' \
+            --env 'RELATED_IMAGE_POSTGRES_13=registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.9-2' \
+            --env 'RELATED_IMAGE_POSTGRES_13_GIS_3.1=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-13.9-3.1-2' \
+            --env 'RELATED_IMAGE_POSTGRES_14=registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.6-2' \
+            --env 'RELATED_IMAGE_POSTGRES_14_GIS_3.1=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.1-2' \
+            --name 'postgres-operator' ubuntu \
+            postgres-operator
+      - name: Install kuttl
+        run: |
+          curl -Lo /usr/local/bin/kubectl-kuttl https://github.com/kudobuilder/kuttl/releases/download/v0.13.0/kubectl-kuttl_0.13.0_linux_x86_64
+          chmod +x /usr/local/bin/kubectl-kuttl
+
+      - run: make generate-kuttl
+        env:
+          KUTTL_PG_UPGRADE_FROM_VERSION: '13'
+          KUTTL_PG_UPGRADE_TO_VERSION: '14'
+          KUTTL_PG_VERSION: '14'
+          KUTTL_POSTGIS_VERSION: '3.1'
+          KUTTL_PSQL_IMAGE: 'registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.6-2'
+      - run: |
+          make check-kuttl && exit
+          failed=$?
+          echo '::group::PGO logs'; docker logs 'postgres-operator'; echo '::endgroup::'
+          exit $failed
+        env:
+          KUTTL_TEST: kubectl-kuttl test
+      - name: Stop PGO
+        run: docker stop 'postgres-operator' || true
+
   coverage-report:
     if: ${{ success() || contains(needs.*.result, 'success') }}
     runs-on: ubuntu-latest

testing/kuttl/e2e/root-cert-ownership/01--check-owners.yaml

@@ -10,7 +10,8 @@ commands:
           CURRENT_OWNERS=$(kubectl --namespace="${NAMESPACE}" get secret \
             pgo-root-cacert -o jsonpath='{.metadata.ownerReferences[*].name}')
           # If owner1 and owner2 are both listed, exit successfully
-          if [[ "$CURRENT_OWNERS" == *"owner1"* ]] && [[ "$CURRENT_OWNERS" == *"owner2"* ]]; then
+          contains() { bash -ceu '[[ "$1" == *"$2"* ]]' - "$@"; }
+          if contains "${CURRENT_OWNERS}" "owner1" && contains "${CURRENT_OWNERS}" "owner2"; then
               exit 0
           fi
       done

testing/kuttl/e2e/root-cert-ownership/03--check-owners.yaml

@@ -10,7 +10,8 @@ commands:
           CURRENT_OWNERS=$(kubectl --namespace="${NAMESPACE}" get secret \
             pgo-root-cacert -o jsonpath='{.metadata.ownerReferences[*].name}')
           # If owner1 is removed and owner2 is still listed, exit successfully
-          if [[ "$CURRENT_OWNERS" != *"owner1"* ]] && [[ "$CURRENT_OWNERS" == *"owner2"* ]]; then
+          contains() { bash -ceu '[[ "$1" == *"$2"* ]]' - "$@"; }
+          if ! contains "${CURRENT_OWNERS}" "owner1" && contains "${CURRENT_OWNERS}" "owner2"; then
               exit 0
           fi
       done

testing/kuttl/e2e/root-cert-ownership/05--check-secret.yaml

@@ -8,13 +8,14 @@ commands:
   # secret should be deleted.
   - script: |
       NUM_CLUSTERS=$(kubectl --namespace="${NAMESPACE}" get postgrescluster --output name | wc -l)
-      if [[ "$NUM_CLUSTERS" != 0 ]]; then
+      if [ "$NUM_CLUSTERS" != 0 ]; then
           for i in {1..5}; do
               sleep 1 # This sleep allows time for the owner reference list to be updated
               CURRENT_OWNERS=$(kubectl --namespace="${NAMESPACE}" get secret \
                 pgo-root-cacert -o jsonpath='{.metadata.ownerReferences[*].name}')
               # If neither owner is listed, exit successfully
-              if [[ "$CURRENT_OWNERS" != *"owner1"* ]] || [[ "$CURRENT_OWNERS" != *"owner2"* ]]; then
+              contains() { bash -ceu '[[ "$1" == *"$2"* ]]' - "$@"; }
+              if ! contains "${CURRENT_OWNERS}" "owner1" && ! contains "${CURRENT_OWNERS}" "owner2"; then
                   exit 0
               fi
           done
@@ -25,7 +26,7 @@ commands:
               sleep 1 # this sleep allows time for garbage collector to delete the secret
               ROOT_SECRET=$(kubectl --namespace="${NAMESPACE}" get --ignore-not-found \
                 secret pgo-root-cacert --output name | wc -l)
-              if [[ "$ROOT_SECRET" == 0 ]]; then
+              if [ "$ROOT_SECRET" = 0 ]; then
                   exit 0
               fi
           done