Skip to content

chore: sideload envtest binaries for unpackaged k8s releases#102

Merged
dermorz merged 1 commit into
mainfrom
chore/envtest-binaries-sideload
Jun 26, 2026
Merged

chore: sideload envtest binaries for unpackaged k8s releases#102
dermorz merged 1 commit into
mainfrom
chore/envtest-binaries-sideload

Conversation

@dermorz

@dermorz dermorz commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

What

Sideload envtest binaries from upstream when controller-tools hasn't packaged the requested K8s release, so make test doesn't break on fresh K8s versions.

Why

controller-tools' envtest index lags upstream K8s releases (solution-arsenal#556), so make test breaks when ENVTEST_K8S_VERSION targets a release it hasn't packaged yet (e.g. 1.36.1). hack/envtest-sideload.sh populates the cache directly from dl.k8s.io and the etcd GitHub releases — checksum-verified, idempotent, and a no-op when already cached or available upstream. On non-Linux hosts it defers to vanilla setup-envtest use (dl.k8s.io has no Darwin builds).

Ports the envtest half of opendefensecloud/solution-arsenal#610; the Kind-cluster half doesn't apply here.

Testing

  • shellcheck hack/envtest-sideload.sh — clean
  • make envtest-binaries-sideload against 1.36.1 (not in controller-tools' index): downloaded + checksum-verified kube-apiserver, kubectl, and etcd 3.6.8, sideloaded into the cache successfully
  • Verified the idempotent path (no-op when already cached) and the -i cache lookup the test target now relies on

Notes for reviewers

No CRD/API/RBAC changes. Build/CI-only: new hack/envtest-sideload.sh plus an envtest-binaries-sideload prerequisite on make test, and the KUBEBUILDER_ASSETS lookup switched to -i (read installed/sideloaded cache only).

Checklist

  • Tests added/updated n/a
  • No breaking changes (or upgrade path documented above)
  • Readable commit history (squashed and cleaned up as desired)
  • AI code review considered and comments resolved

Summary by CodeRabbit

  • New Features

    • Added automatic setup for Kubernetes test binaries used during local and CI test runs.
    • Test runs now prepare the required environment test cache before execution.
  • Bug Fixes

    • Improved handling for missing test binaries by downloading and verifying the needed artifacts more reliably, with clearer fallback behavior across platforms.

controller-tools' envtest-releases index lags upstream K8s releases
sporadically, so `make test` fails when ENVTEST_K8S_VERSION points at a
release it hasn't packaged yet (e.g. 1.36.1). Add hack/envtest-sideload.sh,
which populates the envtest cache directly from dl.k8s.io (kube-apiserver,
kubectl) and the etcd GitHub releases — checksum-verified, idempotent, and a
no-op when the version is already cached or available upstream.

Wire it into `make test` via a new envtest-binaries-sideload prerequisite,
and switch the KUBEBUILDER_ASSETS lookup to `-i` so it reads the sideloaded
cache.

Ports the envtest half of opendefensecloud/solution-arsenal#610 (issue #556).
@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The Makefile adds an envtest-binaries-sideload target and makes test depend on it. A new Bash script resolves the requested Kubernetes version, downloads and verifies Kubernetes and etcd binaries, packages them, and sideloads them into setup-envtest.

Changes

Envtest sideload wiring

Layer / File(s) Summary
Makefile wiring
Makefile
Adds envtest-binaries-sideload and makes test depend on it.
Script bootstrap and resolution
hack/envtest-sideload.sh
Parses K8S_VERSION, validates required environment variables, checks cache state, handles non-Linux hosts, detects CPU architecture, resolves the etcd version, and creates a temporary workspace.
Binary downloads and checksums
hack/envtest-sideload.sh
Downloads kube-apiserver, kubectl, and etcd, verifies checksums, and stages the binaries.
Archive and sideload
hack/envtest-sideload.sh
Builds sideload.tar.gz, runs setup-envtest sideload, and confirms the cache with setup-envtest use.

Sequence Diagram(s)

sequenceDiagram
  participant Makefile
  participant script as hack/envtest-sideload.sh
  participant setup as setup-envtest
  participant GitHub
  participant dl as dl.k8s.io
  Makefile->>script: envtest-binaries-sideload
  script->>setup: use <K8S_VERSION>
  alt cache already populated
    setup-->>script: envtest binaries available
  else cache missing
    script->>GitHub: fetch build/dependencies.yaml
    script->>dl: download kube-apiserver, kubectl, and etcd artifacts
    script->>setup: sideload sideload.tar.gz
    script->>setup: use <K8S_VERSION>
  end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

Hoppity hop, I sniffed the Makefile tree,
Envtest caches now bounce with glee.
I packed kube bits in a tarball bright,
Checked each checksum crumb just right.
🐇 “Binky-bonk, the tests take flight!”

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding envtest binary sideloading for unpackaged Kubernetes releases.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The description follows the template with clear What, Why, Testing, Notes, and Checklist sections; only the issue-closing reference is omitted.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/envtest-binaries-sideload

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@dermorz dermorz enabled auto-merge June 26, 2026 11:11
@yocaba yocaba added the ok-to-test PR is allowed to be tested label Jun 26, 2026
@dermorz dermorz merged commit 70f187a into main Jun 26, 2026
13 checks passed
@dermorz dermorz deleted the chore/envtest-binaries-sideload branch June 26, 2026 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ok-to-test PR is allowed to be tested

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants