Mc/kind e2e 2

.github/workflows/create-dev-cluster.yml

@@ -6,6 +6,13 @@ on:
       cluster-name:
         required: true
         type: string
+      flavor:
+        required: true
+        type: string
+      args:
+        required: false
+        type: string
+        default: ''
     outputs:
       cluster-name:
         description: "Name of the created cluster"
@@ -19,9 +26,9 @@ jobs:
     steps:
       - uses: stackrox/actions/infra/create-cluster@v1
         with:
-          flavor: gke-default
+          flavor: ${{ inputs.flavor }}
           name: ${{ inputs.cluster-name }}
-          args: machine-type=e2-standard-4,nodes=3,gcp-image-type=ubuntu_containerd
+          args: ${{ inputs.args }}
           lifespan: "2h"
           wait: true
           token: ${{ secrets.INFRA_CI_TOKEN }}

.github/workflows/e2e-tests-kind.yml

@@ -0,0 +1,72 @@
+name: E2E Tests (kind)
+
+on:
+  workflow_call:
+    inputs:
+      image:
+        required: true
+        type: string
+
+env:
+  REGISTRY: quay.io
+  IMAGE_NAME: rhacs-eng/roxie
+
+jobs:
+  e2e-tests-kind:
+    runs-on: ubuntu-latest
+    env:
+      SKIP_OLM_TESTS: "true"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      - name: Log in to Quay.io
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Extract roxie binary from image
+        run: |
+          docker create --name roxie-extract "${{ inputs.image }}"
+          docker cp roxie-extract:/usr/local/bin/roxie "$GITHUB_WORKSPACE/roxie"
+          docker rm roxie-extract
+
+      - name: Install roxie binary
+        run: |
+          cp "${GITHUB_WORKSPACE}/roxie" /usr/local/bin/roxie
+          chmod +x /usr/local/bin/roxie
+          roxie version
+
+      - name: Install roxctl
+        env:
+          ROXCTL_VERSION: "4.10.0"
+          ROXCTL_SHA256: "5db647b14569465866c0162522e83393ebf02f671f4556b1b3ed551b9f8433bc"
+        run: |
+          curl -fsSLo /usr/local/bin/roxctl \
+            "https://mirror.openshift.com/pub/rhacs/assets/${ROXCTL_VERSION}/bin/Linux/roxctl"
+          echo "${ROXCTL_SHA256}  /usr/local/bin/roxctl" | sha256sum -c -
+          chmod +x /usr/local/bin/roxctl
+          roxctl version
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1
+        with:
+          cluster_name: roxie-e2e
+
+      - name: Run e2e tests
+        env:
+          REGISTRY_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }}
+        run: |
+          make run-test-e2e

.github/workflows/e2e-tests.yml

@@ -9,6 +9,14 @@ on:
       image:
         required: true
         type: string
+      cluster-type:
+        required: false
+        type: string
+        default: 'gke'
+      skip-olm-tests:
+        required: false
+        type: string
+        default: 'true'
 env:
   REGISTRY: quay.io
   IMAGE_NAME: rhacs-eng/roxie
@@ -23,7 +31,6 @@ jobs:
       KUBECONFIG: /github/home/artifacts/kubeconfig
       INFRA_TOKEN: ${{ secrets.INFRA_CI_TOKEN }}
       INFRACTL: bin/infractl -k -e localhost:8443
-      USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -65,15 +72,21 @@ jobs:
           roxctl version
 
       - name: Authenticate to GCloud
+        if: inputs.cluster-type == 'gke'
         uses: google-github-actions/auth@v3
         with:
           credentials_json: ${{ secrets.ROXIE_CI_AUTOMATION_GCP_SA }}
 
       - name: Set up Cloud SDK
+        if: inputs.cluster-type == 'gke'
         uses: "google-github-actions/setup-gcloud@v3"
         with:
           install_components: "gke-gcloud-auth-plugin"
 
+      - name: Configure GKE auth plugin
+        if: inputs.cluster-type == 'gke'
+        run: echo "USE_GKE_GCLOUD_AUTH_PLUGIN=True" >> "$GITHUB_ENV"
+
       - name: Download production infractl
         uses: stackrox/actions/infra/install-infractl@v1
 
@@ -89,7 +102,7 @@ jobs:
         env:
           REGISTRY_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }}
           REGISTRY_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }}
-          SKIP_OLM_TESTS: "true"
+          SKIP_OLM_TESTS: ${{ inputs.skip-olm-tests == 'true' && 'true' || '' }}
         run: |
           make run-test-e2e
 

.github/workflows/main-push.yml

@@ -15,7 +15,9 @@ jobs:
   create-dev-cluster:
     uses: ./.github/workflows/create-dev-cluster.yml
     with:
-      cluster-name: infra-roxie-main-${{ github.run_number }}
+      cluster-name: infra-roxie-main-${{ github.run_number }}-gke
+      flavor: gke-default
+      args: machine-type=e2-standard-4,nodes=3,gcp-image-type=ubuntu_containerd
     secrets: inherit
 
   build-roxie-image:
@@ -33,6 +35,13 @@ jobs:
       image: ${{ needs.build-roxie-image.outputs.image }}
     secrets: inherit
 
+  e2e-tests-kind:
+    needs: [ build-roxie-image ]
+    uses: ./.github/workflows/e2e-tests-kind.yml
+    with:
+      image: ${{ needs.build-roxie-image.outputs.image }}
+    secrets: inherit
+
   delete-dev-cluster:
     if: ${{ always() && needs.create-dev-cluster.result == 'success' }}
     needs: [ create-dev-cluster, e2e-tests ]

.github/workflows/pr.yml

@@ -12,10 +12,38 @@ jobs:
   unit-tests:
     uses: ./.github/workflows/unit-tests.yml
 
-  create-dev-cluster:
+  check-olm-label:
+    runs-on: ubuntu-latest
+    outputs:
+      has-label: ${{ steps.check.outputs.has-label }}
+    steps:
+      - name: Check for olm-tests label
+        id: check
+        run: |
+          has_label="${{ contains(github.event.pull_request.labels.*.name, 'olm-tests') }}"
+          echo "has-label=${has_label}" >> "$GITHUB_OUTPUT"
+          if [ "$has_label" = "true" ]; then
+            echo "::notice::olm-tests label is set — OpenShift cluster will be created"
+          else
+            echo "::notice::olm-tests label is not set — skipping OpenShift cluster"
+          fi
+
+  create-gke-cluster:
+    uses: ./.github/workflows/create-dev-cluster.yml
+    with:
+      cluster-name: infra-roxie-pr-${{ github.event.pull_request.number }}-gke
+      flavor: gke-default
+      args: machine-type=e2-standard-4,nodes=3,gcp-image-type=ubuntu_containerd
+    secrets: inherit
+
+  create-openshift-cluster:
+    needs: check-olm-label
+    if: needs.check-olm-label.outputs.has-label == 'true'
     uses: ./.github/workflows/create-dev-cluster.yml
     with:
-      cluster-name: infra-roxie-pr-${{ github.event.pull_request.number }}
+      cluster-name: infra-roxie-pr-${{ github.event.pull_request.number }}-openshift
+      flavor: ocp-4
+      args: master-node-type=e2-standard-4,worker-node-type=e2-standard-8,master-node-count=3,worker-node-count=3
     secrets: inherit
 
   build-roxie-image:
@@ -26,17 +54,42 @@ jobs:
     secrets: inherit
 
   e2e-tests:
-    needs: [ create-dev-cluster, build-roxie-image ]
+    needs: [ create-gke-cluster, build-roxie-image ]
+    uses: ./.github/workflows/e2e-tests.yml
+    with:
+      cluster-name: ${{ needs.create-gke-cluster.outputs.cluster-name }}
+      image: ${{ needs.build-roxie-image.outputs.image }}
+    secrets: inherit
+
+  e2e-tests-kind:
+    needs: [ build-roxie-image ]
+    uses: ./.github/workflows/e2e-tests-kind.yml
+    with:
+      image: ${{ needs.build-roxie-image.outputs.image }}
+    secrets: inherit
+
+  e2e-tests-openshift:
+    needs: [ create-openshift-cluster, build-roxie-image ]
     uses: ./.github/workflows/e2e-tests.yml
     with:
-      cluster-name: ${{ needs.create-dev-cluster.outputs.cluster-name }}
+      cluster-name: ${{ needs.create-openshift-cluster.outputs.cluster-name }}
       image: ${{ needs.build-roxie-image.outputs.image }}
+      cluster-type: openshift
+      skip-olm-tests: 'false'
+    secrets: inherit
+
+  delete-gke-cluster:
+    if: ${{ always() && needs.create-gke-cluster.result == 'success' }}
+    needs: [ create-gke-cluster, e2e-tests ]
+    uses: ./.github/workflows/delete-dev-cluster.yml
+    with:
+      cluster-name: ${{ needs.create-gke-cluster.outputs.cluster-name }}
     secrets: inherit
 
-  delete-dev-cluster:
-    if: ${{ always() && needs.create-dev-cluster.result == 'success' }}
-    needs: [ create-dev-cluster, e2e-tests ]
+  delete-openshift-cluster:
+    if: ${{ always() && needs.create-openshift-cluster.result == 'success' }}
+    needs: [ create-openshift-cluster, e2e-tests-openshift ]
     uses: ./.github/workflows/delete-dev-cluster.yml
     with:
-      cluster-name: ${{ needs.create-dev-cluster.outputs.cluster-name }}
+      cluster-name: ${{ needs.create-openshift-cluster.outputs.cluster-name }}
     secrets: inherit

cmd/deploy.go

@@ -76,14 +76,6 @@ func runDeploy(cmd *cobra.Command, args []string) error {
 		return errors.New("running without a controlling terminal requires --envrc to be set")
 	}
 
-	if envrc != "" && portForwarding {
-		return errors.New("cannot use --envrc with --port-forwarding. The --envrc flag is for non-interactive mode with remote cluster access")
-	}
-
-	if envrc != "" && exposure == "none" {
-		return errors.New("cannot use --envrc with --exposure=none. The --envrc flag requires a remotely accessible endpoint (e.g., --exposure=loadbalancer)")
-	}
-
 	portForwardEnabledFinal := portForwarding || exposure == "none"
 
 	if env.RunningInRoxieContainer {

internal/deployer/deploy_via_operator.go

@@ -607,11 +607,20 @@ func (d *Deployer) configureCentralEndpoint(ctx context.Context, exposure string
 			}
 		}
 
-		endpoint, err := d.portForward.Start(d.centralNamespace, serviceName, 443, 8443)
-		if err != nil {
-			return fmt.Errorf("failed to start port-forward: %w", err)
+		if d.envrcFile != "" {
+			endpoint, pid, err := d.portForward.StartDetached(d.centralNamespace, serviceName, 443, 8443)
+			if err != nil {
+				return fmt.Errorf("failed to start detached port-forward: %w", err)
+			}
+			d.centralEndpoint = endpoint
+			d.portForwardPID = pid
+		} else {
+			endpoint, err := d.portForward.Start(d.centralNamespace, serviceName, 443, 8443)
+			if err != nil {
+				return fmt.Errorf("failed to start port-forward: %w", err)
+			}
+			d.centralEndpoint = endpoint
 		}
-		d.centralEndpoint = endpoint
 	} else if exposure == "loadbalancer" {
 		endpoint, err := d.waitForLoadBalancer(ctx, d.centralNamespace, "central-loadbalancer", 300)
 		if err != nil {