e2e: add OpenShift infrastructure support for single and multi-region operator tests

Adds OpenShift as a supported cloud provider in the e2e operator test framework,
enabling the full operator test suite to run on OpenShift clusters provisioned
on GCP via openshift-install, for both single-region and multi-region setups.

Author: shreyaskm623

.gitignore

@@ -2,4 +2,9 @@
 bin/
 build/artifacts
 bazel-*
-/vendor/
+/vendor/
+
+# Submariner broker credentials — generated at runtime by subctl deploy-broker,
+# never committed. Contains service account tokens, CA certs, and PSK.
+broker-info.subm
+*.subm

Makefile

@@ -123,11 +123,20 @@ test/e2e/%: bin/cockroach bin/kubectl bin/helm build/self-signer test/cluster/up
 	$(MAKE) test/cluster/down; \
 	exit $${EXIT_CODE:-0}
 
+# E2E_MULTI_REGION_TIMEOUT controls the go test timeout for multi-region tests.
+# OpenShift clusters take ~40–60 min to provision, so the default is generous.
+# Override to a lower value (e.g. 60m) when running against faster providers.
+E2E_MULTI_REGION_TIMEOUT ?= 300m
+
 test/e2e/multi-region: bin/cockroach bin/kubectl bin/helm  build/self-signer bin/k3d bin/kind
-	@PATH="$(PWD)/bin:${PATH}" go test -timeout 60m -v -test.run TestOperatorInMultiRegion ./tests/e2e/operator/multiRegion/... || (echo "Multi region tests failed with exit code $$?" && exit 1)
+	@PATH="$(PWD)/bin:${PATH}" go test -timeout $(E2E_MULTI_REGION_TIMEOUT) -v -test.run TestOperatorInMultiRegion ./tests/e2e/operator/multiRegion/... || (echo "Multi region tests failed with exit code $$?" && exit 1)
+
+# E2E_SINGLE_REGION_TIMEOUT controls the go test timeout for single-region tests.
+# OpenShift provisioning takes ~40-60 min, so override when running against it.
+E2E_SINGLE_REGION_TIMEOUT ?= 60m
 
 test/e2e/single-region: bin/cockroach bin/kubectl bin/helm build/self-signer bin/k3d bin/kind
-	@PATH="$(PWD)/bin:${PATH}" go test -timeout 60m -v -test.run TestOperatorInSingleRegion ./tests/e2e/operator/singleRegion/... || (echo "Single region tests failed with exit code $$?" && exit 1)
+	@PATH="$(PWD)/bin:${PATH}" go test -timeout $(E2E_SINGLE_REGION_TIMEOUT) -v -test.run TestOperatorInSingleRegion ./tests/e2e/operator/singleRegion/... || (echo "Single region tests failed with exit code $$?" && exit 1)
 
 test/e2e/migrate: bin/cockroach bin/kubectl bin/helm bin/migration-helper build/self-signer test/cluster/up/3
 	@PATH="$(PWD)/bin:${PATH}" go test -timeout 60m -v ./tests/e2e/migrate/... || EXIT_CODE=$$?; \

tests/e2e/coredns/coredns.go

@@ -148,6 +148,46 @@ func CoreDNSService(IpAddress *string, annotations map[string]string) *corev1.Se
 	return svc
 }
 
+// CoreDNSInternalService returns a ClusterIP-only Service that exposes both UDP/53 and TCP/53
+// to the CoreDNS pods. This is used by OpenShift so the built-in DNS operator can forward
+// queries via UDP (its default protocol) to our custom CoreDNS. The main LoadBalancer service
+// (CoreDNSService) only exposes TCP/53 due to GCP LB constraints.
+func CoreDNSInternalService() *corev1.Service {
+	return &corev1.Service{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Service",
+			APIVersion: "v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "crl-core-dns-internal",
+			Namespace: "kube-system",
+			Labels: map[string]string{
+				"k8s-app": "kube-dns",
+			},
+		},
+		Spec: corev1.ServiceSpec{
+			Type: corev1.ServiceTypeClusterIP,
+			Ports: []corev1.ServicePort{
+				{
+					Name:       "dns-udp",
+					Port:       53,
+					Protocol:   corev1.ProtocolUDP,
+					TargetPort: intstr.Parse("53"),
+				},
+				{
+					Name:       "dns-tcp",
+					Port:       53,
+					Protocol:   corev1.ProtocolTCP,
+					TargetPort: intstr.Parse("53"),
+				},
+			},
+			Selector: map[string]string{
+				"k8s-app": "kube-dns",
+			},
+		},
+	}
+}
+
 // CoreDNSDeployment returns coredns deployment object.
 func CoreDNSDeployment(replicas int32) *appsv1.Deployment {
 	healthCheckPort := intstr.FromInt32(8080)

tests/e2e/operator/infra/common.go

@@ -18,9 +18,10 @@ import (
 
 // Provider types.
 const (
-	ProviderK3D  = "k3d"
-	ProviderKind = "kind"
-	ProviderGCP  = "gcp"
+	ProviderK3D       = "k3d"
+	ProviderKind      = "kind"
+	ProviderGCP       = "gcp"
+	ProviderOpenShift = "openshift"
 )
 
 // Common constants.
@@ -32,7 +33,8 @@ const (
 	loadBalancerInterval  = 10 * time.Second
 	coreDNSDeploymentName = "coredns"
 	coreDNSServiceName    = "crl-core-dns"
-	coreDNSNamespace      = "kube-system"
+	coreDNSInternalServiceName = "crl-core-dns-internal"
+	coreDNSNamespace           = "kube-system"
 	coreDNSReplicas       = 2
 )
 
@@ -50,9 +52,10 @@ const (
 
 // RegionCodes maps provider types to their region codes
 var RegionCodes = map[string][]string{
-	ProviderK3D:  {"us-east1", "us-east2"},
-	ProviderKind: {"us-east1", "us-east2"},
-	ProviderGCP:  {"us-central1", "us-east1"},
+	ProviderK3D:       {"us-east1", "us-east2"},
+	ProviderKind:      {"us-east1", "us-east2"},
+	ProviderGCP:       {"us-central1", "us-east1"},
+	ProviderOpenShift: {"us-central1", "us-east1"},
 }
 
 // LoadBalancerAnnotations contains provider-specific service annotations.
@@ -62,8 +65,9 @@ var LoadBalancerAnnotations = map[string]map[string]string{
 		"networking.gke.io/load-balancer-type":                         "Internal",
 		"cloud.google.com/load-balancer-type":                          "Internal",
 	},
-	ProviderK3D:  {},
-	ProviderKind: {},
+	ProviderK3D:       {},
+	ProviderKind:      {},
+	ProviderOpenShift: {},
 }
 
 // NetworkConfigs defines standard network configurations for each provider and region.
@@ -216,6 +220,15 @@ func deployCoreDNSService(t *testing.T, kubectlOpts *k8s.KubectlOptions, staticI
 		return fmt.Errorf("failed to apply CoreDNS Service: %w", err)
 	}
 
+	// For OpenShift, also deploy an internal ClusterIP service 
+	if provider == ProviderOpenShift {
+		internalSvc := coredns.CoreDNSInternalService()
+		internalSvcYAML := coredns.ToYAML(t, internalSvc)
+		if err := k8s.KubectlApplyFromStringE(t, kubectlOpts, internalSvcYAML); err != nil {
+			return fmt.Errorf("failed to apply CoreDNS internal ClusterIP service: %w", err)
+		}
+	}
+
 	return nil
 }