From c27101d504e9b97f76515809540c402b5382e84a Mon Sep 17 00:00:00 2001
From: Mario Manno <mario.manno@gmail.com>
Date: Fri, 10 Jan 2025 16:50:32 +0100
Subject: [PATCH] Dev scripts use same docker network (#3205)

* use same docker network for upstream/downstream
* switch all defaults to "downstream1"
* dev/setup-rancher-with-dev-fleet idempotency
---
 .github/scripts/register-downstream-clusters.sh | 6 ++----
 dev/README.md                                   | 5 +++--
 dev/env.multi-cluster-defaults                  | 2 +-
 dev/import-images-k3d                           | 2 +-
 dev/remove-fleet                                | 2 +-
 dev/setup-fleet-downstream                      | 2 +-
 dev/setup-k3d                                   | 2 +-
 dev/setup-rancher-clusters                      | 2 +-
 dev/setup-rancher-with-dev-fleet                | 3 ++-
 9 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/scripts/register-downstream-clusters.sh b/.github/scripts/register-downstream-clusters.sh
index e585856ce6..ecb2306c2b 100755
--- a/.github/scripts/register-downstream-clusters.sh
+++ b/.github/scripts/register-downstream-clusters.sh
@@ -10,7 +10,7 @@ ctx=$(kubectl config current-context)
 # hardcoded token, cluster is ephemeral and private
 token="token-ci:zfllcbdr4677rkj4hmlr8rsmljg87l7874882928khlfs2pmmcq7l5"
 
-user=$(kubectl get users -o go-template='{{range .items }}{{.metadata.name}}{{"\n"}}{{end}}' | tail -1)
+user=$(kubectl get users -l authz.management.cattle.io/bootstrapping=admin-user -o go-template='{{range .items }}{{.metadata.name}}{{"\n"}}{{end}}' | tail -1)
 sed "s/user-zvnsr/$user/" <<'EOF' | kubectl apply -f -
 apiVersion: management.cattle.io/v3
 kind: Token
@@ -42,10 +42,8 @@ rancher clusters create second --import
 until rancher cluster ls --format json | jq -r 'select(.Name=="second") | .ID' | grep -Eq "c-[a-z0-9]" ; do sleep 1; done
 id=$( rancher cluster ls --format json | jq -r 'select(.Name=="second") | .ID' )
 
+until rancher cluster import "$id" | grep -q curl; do sleep 1; done
 kubectl config use-context "$cluster_downstream"
-kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user $user
-
-until [ -n "$(rancher cluster import "$id" | grep curl)" ]; do sleep 1; done
 rancher cluster import "$id" | grep curl | sh
 
 until rancher cluster ls --format json | jq -r 'select(.Name=="second") | .Cluster.state' | grep -q active; do
diff --git a/dev/README.md b/dev/README.md
index 31ed2cd0cd..5791768a33 100644
--- a/dev/README.md
+++ b/dev/README.md
@@ -156,7 +156,7 @@ export FLEET_E2E_CLUSTER_DOWNSTREAM=k3d-upstream
 
 # running multi-cluster tests in k3d (setup-k3d;setup-k3ds-downstream)
 export FLEET_E2E_CLUSTER=k3d-upstream
-export FLEET_E2E_CLUSTER_DOWNSTREAM=k3d-downstream
+export FLEET_E2E_CLUSTER_DOWNSTREAM=k3d-downstream1
 
 # for running tests on darwin/arm64
 export GOARCH=arm64
@@ -222,11 +222,12 @@ The local infra setup creates pods for:
 To build and run the infra setup command do:
 
 ```
+dev/import-images-tests-k3d
+# ./dev/create-zot-certs 'FleetCI-RootCA'
 pushd e2e/testenv/infra
   go build
 popd
 ./e2e/testenv/infra/infra setup
-
 ```
 
 The resulting deployments use a loadbalancer service, which means the host must be able to reach the loadbalancer IP.
diff --git a/dev/env.multi-cluster-defaults b/dev/env.multi-cluster-defaults
index 49bcb129ef..b7492b7a98 100644
--- a/dev/env.multi-cluster-defaults
+++ b/dev/env.multi-cluster-defaults
@@ -2,7 +2,7 @@ export FLEET_E2E_NS=fleet-local
 export FLEET_E2E_NS_DOWNSTREAM=fleet-default
 
 export FLEET_E2E_CLUSTER=k3d-upstream
-export FLEET_E2E_CLUSTER_DOWNSTREAM=k3d-downstream
+export FLEET_E2E_CLUSTER_DOWNSTREAM=k3d-downstream1
 
 export GIT_HTTP_USER=fleet-ci
 export GIT_HTTP_PASSWORD=foo
diff --git a/dev/import-images-k3d b/dev/import-images-k3d
index 1f6af298d1..d1d8bb29db 100755
--- a/dev/import-images-k3d
+++ b/dev/import-images-k3d
@@ -6,7 +6,7 @@ set -euxo pipefail
 upstream_ctx="${FLEET_E2E_CLUSTER-k3d-upstream}"
 
 # The single downstream cluster to import the agent image to.
-downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream}"
+downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream1}"
 
 # If multi-cluster is enabled, import the agent image to all downstream clusters.
 FLEET_E2E_DS_CLUSTER_COUNT="${FLEET_E2E_DS_CLUSTER_COUNT:-1}"
diff --git a/dev/remove-fleet b/dev/remove-fleet
index 5a58d29b20..2b5c653357 100755
--- a/dev/remove-fleet
+++ b/dev/remove-fleet
@@ -2,7 +2,7 @@
 # Warning: do not use this script on a production system!
 
 upstream_ctx="${FLEET_E2E_CLUSTER-k3d-upstream}"
-downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream}"
+downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream1}"
 
 ctx=$(kubectl config current-context)
 
diff --git a/dev/setup-fleet-downstream b/dev/setup-fleet-downstream
index 9a15759e31..128999a761 100755
--- a/dev/setup-fleet-downstream
+++ b/dev/setup-fleet-downstream
@@ -9,7 +9,7 @@ if [ ! -d ./charts/fleet ]; then
 fi
 
 upstream_ctx="${FLEET_E2E_CLUSTER-k3d-upstream}"
-downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream}"
+downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream1}"
 ns="${FLEET_E2E_NS_DOWNSTREAM-fleet-local}"
 
 kubectl create ns "$ns"|| true
diff --git a/dev/setup-k3d b/dev/setup-k3d
index 5021d8603f..a6ac1c4d52 100755
--- a/dev/setup-k3d
+++ b/dev/setup-k3d
@@ -7,7 +7,7 @@ set -euxo pipefail
 # https://hub.docker.com/r/rancher/k3s/tags
 # k3d_args="-i docker.io/rancher/k3s:v1.22.15-k3s1"
 
-args=${k3d_args-}
+args=${k3d_args---network fleet}
 docker_mirror=${docker_mirror-}
 unique_api_port=${unique_api_port-36443}
 unique_tls_port=${unique_tls_port-443}
diff --git a/dev/setup-rancher-clusters b/dev/setup-rancher-clusters
index d9d24e76c4..8c6b5ad5e6 100755
--- a/dev/setup-rancher-clusters
+++ b/dev/setup-rancher-clusters
@@ -9,7 +9,7 @@ fi
 
 public_hostname="${public_hostname-172.18.0.1.sslip.io}"
 upstream_ctx="${FLEET_E2E_CLUSTER-k3d-upstream}"
-downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream}"
+downstream_ctx="${FLEET_E2E_CLUSTER_DOWNSTREAM-k3d-downstream1}"
 rancherpassword="${RANCHER_PASSWORD-rancherpassword}"
 
 version="${1-}"
diff --git a/dev/setup-rancher-with-dev-fleet b/dev/setup-rancher-with-dev-fleet
index 447e0d7389..4cfaefdb19 100755
--- a/dev/setup-rancher-with-dev-fleet
+++ b/dev/setup-rancher-with-dev-fleet
@@ -22,7 +22,7 @@ ip=$(kubectl get service -n kube-system traefik -o jsonpath='{.status.loadBalanc
 #fi
 
 helm repo update
-helm install cert-manager jetstack/cert-manager \
+helm upgrade --install cert-manager jetstack/cert-manager \
     --namespace cert-manager \
     --create-namespace \
     --set crds.enabled=true \
@@ -63,6 +63,7 @@ until kubectl get bundles -n fleet-local | grep -q "fleet-agent-local.*1/1"; do
 helm list -A
 
 export public_hostname=$ip.sslip.io
+export cluster_downstream="k3d-downstream1"
 
 ./.github/scripts/wait-for-loadbalancer.sh
 ./.github/scripts/register-downstream-clusters.sh