chore: sideload envtest binaries for unpackaged k8s releases#102
Merged
Conversation
controller-tools' envtest-releases index lags upstream K8s releases sporadically, so `make test` fails when ENVTEST_K8S_VERSION points at a release it hasn't packaged yet (e.g. 1.36.1). Add hack/envtest-sideload.sh, which populates the envtest cache directly from dl.k8s.io (kube-apiserver, kubectl) and the etcd GitHub releases — checksum-verified, idempotent, and a no-op when the version is already cached or available upstream. Wire it into `make test` via a new envtest-binaries-sideload prerequisite, and switch the KUBEBUILDER_ASSETS lookup to `-i` so it reads the sideloaded cache. Ports the envtest half of opendefensecloud/solution-arsenal#610 (issue #556).
📝 WalkthroughWalkthroughThe Makefile adds an ChangesEnvtest sideload wiring
Sequence Diagram(s)sequenceDiagram
participant Makefile
participant script as hack/envtest-sideload.sh
participant setup as setup-envtest
participant GitHub
participant dl as dl.k8s.io
Makefile->>script: envtest-binaries-sideload
script->>setup: use <K8S_VERSION>
alt cache already populated
setup-->>script: envtest binaries available
else cache missing
script->>GitHub: fetch build/dependencies.yaml
script->>dl: download kube-apiserver, kubectl, and etcd artifacts
script->>setup: sideload sideload.tar.gz
script->>setup: use <K8S_VERSION>
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
yocaba
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Sideload envtest binaries from upstream when controller-tools hasn't packaged the requested K8s release, so
make testdoesn't break on fresh K8s versions.Why
controller-tools' envtest index lags upstream K8s releases (solution-arsenal#556), so
make testbreaks whenENVTEST_K8S_VERSIONtargets a release it hasn't packaged yet (e.g. 1.36.1).hack/envtest-sideload.shpopulates the cache directly from dl.k8s.io and the etcd GitHub releases — checksum-verified, idempotent, and a no-op when already cached or available upstream. On non-Linux hosts it defers to vanillasetup-envtest use(dl.k8s.io has no Darwin builds).Ports the envtest half of opendefensecloud/solution-arsenal#610; the Kind-cluster half doesn't apply here.
Testing
shellcheck hack/envtest-sideload.sh— cleanmake envtest-binaries-sideloadagainst 1.36.1 (not in controller-tools' index): downloaded + checksum-verified kube-apiserver, kubectl, and etcd 3.6.8, sideloaded into the cache successfully-icache lookup thetesttarget now relies onNotes for reviewers
No CRD/API/RBAC changes. Build/CI-only: new
hack/envtest-sideload.shplus anenvtest-binaries-sideloadprerequisite onmake test, and theKUBEBUILDER_ASSETSlookup switched to-i(read installed/sideloaded cache only).Checklist
Tests added/updatedn/aSummary by CodeRabbit
New Features
Bug Fixes