Merge pull request #268 from gocardless/CI-1658

CI-1658: Upgrade theatre to be compatible with k8s 1.22
gocardless · Dec 19, 2022 · afaa7f7 · afaa7f7
2 parents dc945ad + c1b5d84
commit afaa7f7
Show file tree

Hide file tree

Showing 47 changed files with 5,172 additions and 1,529 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -4,7 +4,7 @@ version: 2
 references:
   docker_golang: &docker_golang
     docker:
-      - image: golang:1.17.3
+      - image: golang:1.19.3
     working_directory: /go/src/github.com/gocardless/theatre
 
 jobs:
@@ -44,14 +44,14 @@ jobs:
           name: Install ginkgo test runner
           command: go install github.com/onsi/ginkgo/ginkgo@v1.16.5
       - run:
-          name: Install Kubebuilder test helpers
+          name: Install envtest binaries for k8s 1.22.x
           command: |
-            mkdir /usr/local/kubebuilder
-            curl -fsL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_linux_amd64.tar.gz \
-              | tar -xvz --strip=1 -C /usr/local/kubebuilder
+            go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+            setup-envtest use -p path 1.22.x
       - run:
           name: Run tests
           command: |
+            source <(setup-envtest use -i -p env 1.22.x)
             ginkgo -race -randomizeSuites -randomizeAllSpecs -r -v ./...
 
 

diff --git a/.tool-versions b/.tool-versions
@@ -0,0 +1 @@
+golang 1.19.3
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build Go binary without cgo dependencies
-FROM golang:1.17.3 as builder
+FROM golang:1.19.3 as builder
 WORKDIR /go/src/github.com/gocardless/theatre
 
 COPY . /go/src/github.com/gocardless/theatre

diff --git a/Makefile b/Makefile
@@ -29,7 +29,12 @@ bin/%.darwin_amd64:
 bin/%:
 	CGO_ENABLED=0 GOARCH=amd64 $(BUILD_COMMAND) -o $@ ./cmd/$*/.
 
+# Run the below commands in order to install the required dependencies for
+# running `make test` locally.
 # go install github.com/onsi/ginkgo/ginkgo@v1.16.5
+# go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+# setup-envtest use -p path 1.22.x
+# source <(setup-envtest use -i -p env 1.22.x)
 test:
 	ginkgo -race -r ./...
 
@@ -78,7 +83,7 @@ ifeq (, $(shell which controller-gen))
 	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
 	cd $$CONTROLLER_GEN_TMP_DIR ;\
 	go mod init tmp ;\
-	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0 ;\
+	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0 ;\
 	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
 	}
 CONTROLLER_GEN=$(GOBIN)/controller-gen

diff --git a/README.md b/README.md
@@ -129,6 +129,18 @@ Theatre has test suites at several different levels, each of which play a
 specific role. All of these suites are written using the [Ginkgo][ginkgo]
 framework.
 
+In order to setup your local testing environment for unit and integration tests do the following:
+
+```bash
+$ # install setup-envtest which configures etcd and kube-apiserver binaries for envtest
+$ # https://book.kubebuilder.io/reference/envtest.html#configuring-envtest-for-integration-tests
+$ # https://github.com/kubernetes-sigs/controller-runtime/tree/master/tools/setup-envtest#envtest-binaries-manager
+$ go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+$ # configure envtest to use k8s 1.22.x binaries
+$ setup-envtest use -p path 1.22.x
+$ source <(setup-envtest use -i -p env 1.22.x)
+```
+
 - **Unit**: Standard unit tests, used to exhaustively specify the functionality of
   functions or objects.
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.10.0
+4.0.0
diff --git a/apis/rbac/v1alpha1/zz_generated.deepcopy.go b/apis/rbac/v1alpha1/zz_generated.deepcopy.go
diff --git a/apis/vault/v1alpha1/secretsinjector_webhook_test.go b/apis/vault/v1alpha1/secretsinjector_webhook_test.go
@@ -2,7 +2,7 @@ package v1alpha1
 
 import (
 	"fmt"
-	"io/ioutil"
+	"os"
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
@@ -15,7 +15,7 @@ import (
 )
 
 func mustPodFixture(path string) *corev1.Pod {
-	podFixtureYAML, _ := ioutil.ReadFile(path)
+	podFixtureYAML, _ := os.ReadFile(path)
 	decoder := scheme.Codecs.UniversalDeserializer()
 	obj, _, _ := decoder.Decode(podFixtureYAML, nil, nil)
 	return obj.(*corev1.Pod)

diff --git a/apis/workloads/v1alpha1/console_attach_webhook.go b/apis/workloads/v1alpha1/console_attach_webhook.go
@@ -49,7 +49,7 @@ func (c *ConsoleAttachObserverWebhook) Handle(ctx context.Context, req admission
 	)
 	logger.Info("starting request", "event", "request.start")
 	defer func(start time.Time) {
-		logging.WithNoRecord(logger).Info("completed request", "event", "request.end", "duration", time.Now().Sub(start).Seconds())
+		logging.WithNoRecord(logger).Info("completed request", "event", "request.end", "duration", time.Since(start).Seconds())
 	}(time.Now())
 
 	attachOptions := &corev1.PodAttachOptions{}
@@ -120,7 +120,7 @@ func (c *ConsoleAttachObserverWebhook) Handle(ctx context.Context, req admission
 
 	// Attach an event recorder to the logger, based on the
 	// associated pod
-	logger = logging.WithEventRecorder(logger, c.recorder, pod)
+	logger = logging.WithEventRecorder(logger.GetSink(), c.recorder, pod)
 
 	// Log an event observing the attachment
 	logger.Info(

diff --git a/apis/workloads/v1alpha1/console_authenticator_webhook.go b/apis/workloads/v1alpha1/console_authenticator_webhook.go
@@ -34,7 +34,7 @@ func (c *ConsoleAuthenticatorWebhook) Handle(ctx context.Context, req admission.
 	logger := c.logger.WithValues("uuid", string(req.UID))
 	logger.Info("starting request", "event", "request.start")
 	defer func(start time.Time) {
-		logger.Info("completed request", "event", "request.end", "duration", time.Now().Sub(start).Seconds())
+		logger.Info("completed request", "event", "request.end", "duration", time.Since(start).Seconds())
 	}(time.Now())
 
 	csl := &Console{}

diff --git a/apis/workloads/v1alpha1/console_authorisation_webhook.go b/apis/workloads/v1alpha1/console_authorisation_webhook.go
@@ -42,7 +42,7 @@ func (c *ConsoleAuthorisationWebhook) Handle(ctx context.Context, req admission.
 	logger := c.logger.WithValues("uuid", string(req.UID))
 	logger.Info("starting request", "event", "request.start")
 	defer func(start time.Time) {
-		logger.Info("completed request", "event", "request.end", "duration", time.Now().Sub(start).Seconds())
+		logger.Info("completed request", "event", "request.end", "duration", time.Since(start).Seconds())
 	}(time.Now())
 
 	// request console authorisation object

diff --git a/apis/workloads/v1alpha1/console_authorisation_webhook_test.go b/apis/workloads/v1alpha1/console_authorisation_webhook_test.go
@@ -1,8 +1,8 @@
 package v1alpha1
 
 import (
-	"io/ioutil"
 	"net/http"
+	"os"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -14,7 +14,7 @@ import (
 func mustConsoleAuthorisationFixture(path string) *ConsoleAuthorisation {
 	consoleAuthorisation := &ConsoleAuthorisation{}
 
-	consoleAuthorisationFixtureYAML, _ := ioutil.ReadFile(path)
+	consoleAuthorisationFixtureYAML, _ := os.ReadFile(path)
 
 	decoder := serializer.NewCodecFactory(runtime.NewScheme()).UniversalDeserializer()
 	if err := runtime.DecodeInto(decoder, consoleAuthorisationFixtureYAML, consoleAuthorisation); err != nil {

diff --git a/apis/workloads/v1alpha1/console_template_validation_webhook.go b/apis/workloads/v1alpha1/console_template_validation_webhook.go
@@ -33,7 +33,7 @@ func (c *ConsoleTemplateValidationWebhook) Handle(ctx context.Context, req admis
 	logger.Info("starting request", "event", "request.start")
 
 	defer func(start time.Time) {
-		logger.Info("request completed", "event", "request.end", "duration", time.Now().Sub(start).Seconds())
+		logger.Info("request completed", "event", "request.end", "duration", time.Since(start).Seconds())
 	}(time.Now())
 
 	template := &ConsoleTemplate{}

diff --git a/apis/workloads/v1alpha1/integration/priority_integration_test.go b/apis/workloads/v1alpha1/integration/priority_integration_test.go
@@ -4,10 +4,9 @@ import (
 	"context"
 	"time"
 
-	kitlog "github.com/go-kit/kit/log"
 	"github.com/google/uuid"
 	corev1 "k8s.io/api/core/v1"
-	scheduling_v1beta1 "k8s.io/api/scheduling/v1beta1"
+	scheduling_v1 "k8s.io/api/scheduling/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -16,18 +15,13 @@ import (
 	. "github.com/onsi/gomega"
 )
 
-var (
-	timeout = 5 * time.Second
-	logger  = kitlog.NewLogfmtLogger(GinkgoWriter)
-)
-
 var _ = Describe("PriorityInjector", func() {
 	var (
 		ctx             context.Context
 		cancel          func()
 		namespace       string
 		labelValue      string
-		priorityClasses []*scheduling_v1beta1.PriorityClass
+		priorityClasses []*scheduling_v1.PriorityClass
 
 		c client.Client
 	)
@@ -50,13 +44,13 @@ var _ = Describe("PriorityInjector", func() {
 		By("Creating test namespace: " + namespace)
 		Expect(c.Create(ctx, ns)).To(Succeed())
 
-		priorityClasses = []*scheduling_v1beta1.PriorityClass{
-			&scheduling_v1beta1.PriorityClass{
+		priorityClasses = []*scheduling_v1.PriorityClass{
+			{
 				ObjectMeta:    metav1.ObjectMeta{Name: "default"},
 				GlobalDefault: true,
 				Value:         1000,
 			},
-			&scheduling_v1beta1.PriorityClass{
+			{
 				ObjectMeta: metav1.ObjectMeta{Name: "best-effort"},
 				Value:      900,
 			},
@@ -100,7 +94,7 @@ var _ = Describe("PriorityInjector", func() {
 			Spec: corev1.PodSpec{
 				PriorityClassName: priorityClassName,
 				Containers: []corev1.Container{
-					corev1.Container{
+					{
 						Name:  "app",
 						Image: "something",
 					},

diff --git a/apis/workloads/v1alpha1/integration/priority_suite_test.go b/apis/workloads/v1alpha1/integration/priority_suite_test.go
@@ -24,8 +24,6 @@ import (
 var (
 	mgr     ctrl.Manager
 	testEnv *envtest.Environment
-
-	finished = make(chan struct{})
 )
 
 func TestSuite(t *testing.T) {
@@ -34,24 +32,24 @@ func TestSuite(t *testing.T) {
 	RunSpecs(t, "apis/workloads/v1alpha1")
 }
 
-var _ = BeforeSuite(func(done Done) {
-	logf.SetLogger(zap.LoggerTo(GinkgoWriter, true))
+var _ = BeforeSuite(func() {
+	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
 
 	By("bootstrapping test environment")
 	testEnv = &envtest.Environment{
 		CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "base", "crds")},
 		WebhookInstallOptions: envtest.WebhookInstallOptions{
-			DirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "base", "webhooks")},
+			Paths: []string{filepath.Join("..", "..", "..", "..", "config", "base", "webhooks")},
 		},
 	}
 
 	cfg, err := testEnv.Start()
 	Expect(err).ToNot(HaveOccurred())
 	Expect(cfg).ToNot(BeNil())
 
-	cfg.Impersonate = rest.ImpersonationConfig{
-		UserName: "user@example.com",
-	}
+	user, err := testEnv.AddUser(envtest.User{Name: "user@example.com"}, &rest.Config{})
+	Expect(err).ToNot(HaveOccurred())
+	Expect(user).ToNot(BeNil())
 
 	scheme := runtime.NewScheme()
 	err = clientgoscheme.AddToScheme(scheme)
@@ -80,23 +78,13 @@ var _ = BeforeSuite(func(done Done) {
 		},
 	)
 
-	go func() {
-		<-ctrl.SetupSignalHandler()
-		close(finished)
-	}()
-
 	go func() {
 		defer GinkgoRecover()
-		err = mgr.Start(finished)
+		err = mgr.Start(ctrl.SetupSignalHandler())
 		Expect(err).ToNot(HaveOccurred(), "failed to run manager")
 		gexec.KillAndWait(4 * time.Second)
 		err := testEnv.Stop()
 		Expect(err).ToNot(HaveOccurred())
 	}()
 
-	close(done)
 }, 60)
-
-var _ = AfterSuite(func() {
-	close(finished)
-})
diff --git a/apis/workloads/v1alpha1/priority_webhook.go b/apis/workloads/v1alpha1/priority_webhook.go
@@ -101,7 +101,7 @@ func (i *priorityInjector) Handle(ctx context.Context, req admission.Request) (r
 			Name: req.Namespace,
 		},
 	}
-	nsName, _ := client.ObjectKeyFromObject(ns)
+	nsName := client.ObjectKeyFromObject(ns)
 	if err := i.client.Get(ctx, nsName, ns); err != nil {
 		return admission.Errored(http.StatusBadRequest, err)
 	}

diff --git a/apis/workloads/v1alpha1/zz_generated.deepcopy.go b/apis/workloads/v1alpha1/zz_generated.deepcopy.go
diff --git a/cmd/acceptance/main.go b/cmd/acceptance/main.go
@@ -37,7 +37,7 @@ var (
 	prepareImage         = prepare.Flag("image", "Docker image tag used for exchanging test images").Default("theatre:latest").String()
 	prepareConfigFile    = prepare.Flag("config-file", "Path to Kind config file").Default("kind-e2e.yaml").ExistingFile()
 	prepareDockerfile    = prepare.Flag("dockerfile", "Path to acceptance dockerfile").Default("Dockerfile").ExistingFile()
-	prepareKindNodeImage = prepare.Flag("kind-node-image", "Kind Node Image").Default("kindest/node:v1.21.1").String()
+	prepareKindNodeImage = prepare.Flag("kind-node-image", "Kind Node Image").Default("kindest/node:v1.22.2").String()
 	prepareVerbose       = prepare.Flag("verbose", "Use a higher log level when creating the cluster").Short('v').Bool()
 
 	destroy = app.Command("destroy", "Destroys the test Kubernetes cluster and other resources")

diff --git a/cmd/rbac-manager/main.go b/cmd/rbac-manager/main.go
@@ -9,6 +9,7 @@ import (
 	"github.com/alecthomas/kingpin"
 	"golang.org/x/oauth2/google"
 	directoryv1 "google.golang.org/api/admin/directory/v1"
+	"google.golang.org/api/option"
 	"k8s.io/apimachinery/pkg/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp" // this is required to auth against GCP
@@ -89,7 +90,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err := mgr.Start(ctx.Done()); err != nil {
+	if err := mgr.Start(ctx); err != nil {
 		app.Fatalf("failed to run manager: %v", err)
 	}
 }
@@ -113,5 +114,5 @@ func createGoogleDirectory(ctx context.Context, subject string) (*directoryv1.Se
 	// Access to the directory API must be signed with a Subject to enable domain selection.
 	conf.Subject = subject
 
-	return directoryv1.New(conf.Client(ctx))
+	return directoryv1.NewService(ctx, option.WithHTTPClient(conf.Client(ctx)))
 }
diff --git a/cmd/theatre-secrets/main.go b/cmd/theatre-secrets/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	execpkg "os/exec"
@@ -243,7 +242,7 @@ func mainError(ctx context.Context, command string) (err error) {
 			path := file.filesystemPath
 			if path == "" {
 				// generate file path prefixed by key
-				tempFilePath, err := ioutil.TempFile("", fmt.Sprintf("%s-*", key))
+				tempFilePath, err := os.CreateTemp("", fmt.Sprintf("%s-*", key))
 				if err != nil {
 					return errors.Wrap(err, fmt.Sprintf("failed to write temporary file for key %s", key))
 				}
@@ -264,7 +263,7 @@ func mainError(ctx context.Context, command string) (err error) {
 			)
 
 			// write file with value of envMap[key]
-			if err := ioutil.WriteFile(path, []byte(secretEnv[file.vaultKey]), 0600); err != nil {
+			if err := os.WriteFile(path, []byte(secretEnv[file.vaultKey]), 0600); err != nil {
 				return errors.Wrap(err,
 					fmt.Sprintf("failed to write file with key %s to path %s", key, path))
 			}
@@ -304,7 +303,7 @@ func mainError(ctx context.Context, command string) (err error) {
 // in cluster auth but falling back to other detection methods if that fails.
 func getKubernetesToken(tokenFileOverride string) (string, error) {
 	if tokenFileOverride != "" {
-		tokenBytes, err := ioutil.ReadFile(tokenFileOverride)
+		tokenBytes, err := os.ReadFile(tokenFileOverride)
 
 		return string(tokenBytes), errors.Wrap(err, "failed to read kubernetes token file")
 	}
@@ -470,7 +469,7 @@ type Config struct {
 func loadConfigFromFile(configFile string) (Config, error) {
 	var cfg Config
 
-	yamlContent, err := ioutil.ReadFile(configFile)
+	yamlContent, err := os.ReadFile(configFile)
 	if err != nil {
 		return cfg, errors.Wrap(err, "failed to open config file")
 	}