(chore) add fv for Sveltos running in random namespace (#1803)

Author: gianlucam76

.github/workflows/main.yaml

@@ -208,5 +208,33 @@ jobs:
         swap-storage: true
     - name: new-fv-pullmode
       run: make create-cluster-pullmode new-fv-pullmode
+      env:
+        FV: true
+  FV-NAMESPACE:
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Set up Go
+      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      with:
+        go-version: 1.26.3
+    - name: Free Disk Space (Ubuntu)
+      uses: jlumbroso/free-disk-space@main
+      with:
+        # this might remove tools that are actually needed,
+        # if set to "true" but frees about 6 GB
+        tool-cache: false
+
+        # all of these default to true, but feel free to set to
+        # "false" if necessary for your workflow
+        android: true
+        dotnet: true
+        haskell: true
+        large-packages: true
+        docker-images: true
+        swap-storage: true
+    - name: fv
+      run: make create-cluster-infra fv-namespace
       env:
         FV: true

Makefile

@@ -267,13 +267,9 @@ fv-agentless: $(KUBECTL) $(GINKGO) ## Run Sveltos Controller tests using existin
 	$(KUBECTL) wait --for=condition=Available deployment/addon-controller -n projectsveltos --timeout=$(TIMEOUT)
 	cd test/fv; $(GINKGO) -nodes $(NUM_NODES) --label-filter='FV' --v --trace --randomize-all
 
-.PHONY: create-cluster
-create-cluster: $(KIND) $(CLUSTERCTL) $(KUBECTL) $(ENVSUBST) ## Create a new kind cluster designed for development
+.PHONY: create-cluster-infra
+create-cluster-infra: $(KIND) $(CLUSTERCTL) $(KUBECTL) ## Create cluster infrastructure without deploying Sveltos
 	$(MAKE) create-control-cluster
-
-	@echo "Start projectsveltos"
-	$(MAKE) deploy-projectsveltos
-
 	$(MAKE) create-workload-cluster
 
 	@echo "prepare configMap with kustomize files"
@@ -282,9 +278,36 @@ create-cluster: $(KIND) $(CLUSTERCTL) $(KUBECTL) $(ENVSUBST) ## Create a new kin
 	@echo "prepare configMap with flux resources"
 	$(KUBECTL) create configmap install-flux --from-file=test/flux-install.yaml
 
-	@echo apply reloader CRD to managed cluster
+	@echo "apply reloader CRD to managed cluster"
 	$(KUBECTL) --kubeconfig=./test/fv/workload_kubeconfig apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_reloaders.lib.projectsveltos.io.yaml
 
+.PHONY: fv-namespace
+fv-namespace: $(GINKGO) $(KUBECTL) $(KUSTOMIZE) $(ENVSUBST) ## Run FV tests with addon-controller deployed in a random namespace
+	$(MAKE) load-image
+	$(MAKE) deploy-crds
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	SVELTOS_NS="sveltos-$$(openssl rand -hex 4)"; \
+	echo "Deploying addon-controller in namespace: $$SVELTOS_NS"; \
+	$(KUSTOMIZE) build config/default | $(ENVSUBST) | \
+		sed -E 's/^([[:space:]]+)(name|namespace): projectsveltos$$/\1\2: '"$$SVELTOS_NS"'/' | \
+		$(KUBECTL) apply -f-; \
+	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/configuration/default-debuggingconfiguration.yaml; \
+	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/sveltoscluster-manager/$(TAG)/manifest/manifest.yaml; \
+	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/register-mgmt-cluster/$(TAG)/manifest/manifest.yaml; \
+	echo "Waiting for addon-controller to be available in namespace $$SVELTOS_NS..."; \
+	$(KUBECTL) wait --for=condition=Available deployment/addon-controller -n "$$SVELTOS_NS" --timeout=$(TIMEOUT); \
+	cd test/fv && SVELTOS_NAMESPACE="$$SVELTOS_NS" $(GINKGO) -nodes $(NUM_NODES) --label-filter='FV' --v --trace --randomize-all
+
+.PHONY: kind-test-namespace
+kind-test-namespace: test create-cluster-infra fv-namespace ## Build docker image; start kind cluster; run fv in a random namespace
+
+.PHONY: create-cluster
+create-cluster: $(KIND) $(CLUSTERCTL) $(KUBECTL) $(ENVSUBST) ## Create a new kind cluster designed for development
+	$(MAKE) create-cluster-infra
+
+	@echo "Start projectsveltos"
+	$(MAKE) deploy-projectsveltos
+
 .PHONY: delete-cluster
 delete-cluster: $(KIND) ## Deletes the kind cluster $(CONTROL_CLUSTER_NAME)
 	$(KIND) delete cluster --name $(CONTROL_CLUSTER_NAME)
@@ -419,11 +442,8 @@ create-cluster-pullmode: $(KIND) $(KUBECTL) $(ENVSUBST) $(KUSTOMIZE)
 	@echo "Switching to cluster1..."
 	$(KUBECTL) config use-context kind-$(CONTROL_CLUSTER_NAME)
 
-deploy-projectsveltos: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL)
-	# Load projectsveltos image into cluster
-	@echo 'Load projectsveltos image into cluster'
-	$(MAKE) load-image
-
+.PHONY: deploy-crds
+deploy-crds: $(KUBECTL) ## Install libsveltos CRDs
 	@echo 'Install libsveltos CRDs'
 	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_debuggingconfigurations.lib.projectsveltos.io.yaml
 	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_classifiers.lib.projectsveltos.io.yaml
@@ -436,6 +456,13 @@ deploy-projectsveltos: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL)
 	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_configurationbundles.lib.projectsveltos.io.yaml
 	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_sveltoslicenses.lib.projectsveltos.io.yaml
 
+deploy-projectsveltos: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL)
+	# Load projectsveltos image into cluster
+	@echo 'Load projectsveltos image into cluster'
+	$(MAKE) load-image
+
+	$(MAKE) deploy-crds
+
 	# Install projectsveltos addon-controller components
 	@echo 'Install projectsveltos addon-controller components'
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}

controllers/management_cluster.go

@@ -20,6 +20,7 @@ import (
 	"context"
 
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/discovery"
 	memory "k8s.io/client-go/discovery/cached"
@@ -128,6 +129,39 @@ func getSveltosNamespace() string {
 	return sveltosNamespace
 }
 
+func updateResourceNamespace(policy *unstructured.Unstructured, namespace string) error {
+	if policy.GetKind() == namespaceKind {
+		policy.SetName(namespace)
+		return nil
+	}
+
+	if policy.GetNamespace() != "" {
+		policy.SetNamespace(namespace)
+	}
+
+	if policy.GetKind() != clusterRoleBindingKind {
+		return nil
+	}
+
+	subjects, found, err := unstructured.NestedSlice(policy.Object, "subjects")
+	if err != nil || !found {
+		return err
+	}
+
+	for i := range subjects {
+		subject, ok := subjects[i].(map[string]interface{})
+		if !ok {
+			continue
+		}
+		if subject["kind"] == "ServiceAccount" {
+			subject["namespace"] = namespace
+			subjects[i] = subject
+		}
+	}
+
+	return unstructured.SetNestedSlice(policy.Object, subjects, "subjects")
+}
+
 func resetManagementClusterMapper() {
 	managementClusterMapper.Reset()
 }

controllers/resourcesummary.go

@@ -49,7 +49,9 @@ import (
 )
 
 const (
-	deploymentKind = "Deployment"
+	deploymentKind         = "Deployment"
+	namespaceKind          = "Namespace"
+	clusterRoleBindingKind = "ClusterRoleBinding"
 
 	driftDetectionClusterNamespaceLabel = "cluster-namespace"
 	driftDetectionClusterNameLabel      = "cluster-name"
@@ -337,8 +339,9 @@ func deployDriftDetectionManagerResources(ctx context.Context, restConfig *rest.
 			}
 		}
 
-		if policy.GetNamespace() != "" {
-			policy.SetNamespace(getSveltosNamespace())
+		if err := updateResourceNamespace(policy, getSveltosNamespace()); err != nil {
+			logger.V(logs.LogInfo).Error(err, "failed to update resource namespace")
+			return err
 		}
 
 		var referencedUnstructured []*unstructured.Unstructured
@@ -612,7 +615,9 @@ func removeDriftDetectionManagerFromManagementCluster(ctx context.Context,
 			return err
 		}
 
-		if policy.GetNamespace() != "" {
+		if policy.GetKind() == namespaceKind {
+			policy.SetName(getSveltosNamespace())
+		} else if policy.GetNamespace() != "" {
 			policy.SetNamespace(getSveltosNamespace())
 		}
 

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/gdexlab/go-render v1.0.1
 	github.com/go-logr/logr v1.4.3
 	github.com/hexops/gotextdiff v1.0.3
-	github.com/onsi/ginkgo/v2 v2.28.3
+	github.com/onsi/ginkgo/v2 v2.29.0
 	github.com/onsi/gomega v1.41.0
 	github.com/pkg/errors v0.9.1
 	github.com/projectsveltos/libsveltos v1.10.1-0.20260521153750-a1f348424b3f

go.sum

@@ -256,6 +256,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/onsi/ginkgo/v2 v2.28.3 h1:4JvMdwtFU0imd8fHx25OJXoDMRexnf8v5NHKYSTTji4=
 github.com/onsi/ginkgo/v2 v2.28.3/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44=
+github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag=
+github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44=
 github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA=
 github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A=
 github.com/opencontainers/go-digest v1.0.1-0.20260423074420-acc66fb5367c h1:dTJQx6HDrRNmA3p5JlfVYw81R3g2RfWdG0+ZBaJeqcc=

hack/tools/go.mod

@@ -4,7 +4,7 @@ go 1.26.3
 
 require (
 	github.com/a8m/envsubst v1.4.3
-	github.com/onsi/ginkgo/v2 v2.28.3
+	github.com/onsi/ginkgo/v2 v2.29.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/tools v0.45.0
 	k8s.io/client-go v0.36.1

hack/tools/go.sum

@@ -132,8 +132,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.28.3 h1:4JvMdwtFU0imd8fHx25OJXoDMRexnf8v5NHKYSTTji4=
-github.com/onsi/ginkgo/v2 v2.28.3/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44=
+github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag=
+github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44=
 github.com/onsi/gomega v1.40.0 h1:Vtol0e1MghCD2ZVIilPDIg44XSL9l2QAn8ZNaljWcJc=
 github.com/onsi/gomega v1.40.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=

test/fv/capi_onboard_annotation_test.go

@@ -42,20 +42,19 @@ var _ = Describe("Helm", Serial, func() {
 		namePrefix        = "onboard-"
 		onboardAnnotation = "onboard-capi"
 
-		addonDeplNamespace = "projectsveltos"
-		addonDeplName      = "addon-controller"
+		addonDeplName = "addon-controller"
 	)
 
 	BeforeEach(func() {
-		Byf("Set capi-onboard-annotation for deployment %s/%s", addonDeplNamespace, addonDeplName)
-		updateOnboardAnnotationArg(addonDeplNamespace, addonDeplName, onboardAnnotation)
+		Byf("Set capi-onboard-annotation for deployment %s/%s", sveltosNamespace, addonDeplName)
+		updateOnboardAnnotationArg(sveltosNamespace, addonDeplName, onboardAnnotation)
 
 		removeAnnotationFromCluster(onboardAnnotation)
 	})
 
 	AfterEach(func() {
-		Byf("Reset capi-onboard-annotation for deployment %s/%s", addonDeplNamespace, addonDeplName)
-		updateOnboardAnnotationArg(addonDeplNamespace, addonDeplName, "")
+		Byf("Reset capi-onboard-annotation for deployment %s/%s", sveltosNamespace, addonDeplName)
+		updateOnboardAnnotationArg(sveltosNamespace, addonDeplName, "")
 
 		removeAnnotationFromCluster(onboardAnnotation)
 	})

test/fv/drift_test.go

@@ -311,7 +311,7 @@ reportsController:
 			Eventually(func() bool {
 				depl := &appsv1.Deployment{}
 				err = workloadClient.Get(context.TODO(),
-					types.NamespacedName{Namespace: "projectsveltos", Name: "drift-detection-manager"}, depl)
+					types.NamespacedName{Namespace: sveltosNamespace, Name: "drift-detection-manager"}, depl)
 				if err != nil {
 					return false
 				}
@@ -529,7 +529,7 @@ func isAgentLessMode() bool {
 	By("Getting addon-controller pod")
 	addonControllerDepl := &appsv1.Deployment{}
 	Expect(k8sClient.Get(context.TODO(),
-		types.NamespacedName{Namespace: "projectsveltos", Name: "addon-controller"},
+		types.NamespacedName{Namespace: sveltosNamespace, Name: "addon-controller"},
 		addonControllerDepl)).To(Succeed())
 
 	Expect(len(addonControllerDepl.Spec.Template.Spec.Containers)).To(Equal(1))