chore: Update e2e and integration test Kubernetes/kOps versions

deploy/example.yaml

@@ -227,7 +227,7 @@ spec:
       # - output (output kubeconfig to plug into your apiserver configuration, mounted from the host)
       containers:
       - name: aws-iam-authenticator
-        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.3
+        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.6.14
         args:
         - server
         # uncomment if using EKS-Style ConfigMap

go.sum

@@ -1,5 +1,3 @@
-github.com/aws/aws-sdk-go v1.44.332 h1:Ze+98F41+LxoJUdsisAFThV+0yYYLYw17/Vt0++nFYM=
-github.com/aws/aws-sdk-go v1.44.332/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g=
 github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -173,7 +171,6 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
@@ -194,19 +191,16 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
 golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=

hack/e2e/README.md

@@ -5,20 +5,22 @@ End-to-end testing verifies the functionality of the AWS IAM authenticator for K
 ## Prerequisites
 
 Have the following installed on your system:
-- go (1.16+)
+
+- go (1.22+)
 - jq
 - awscli
-    - Configure your AWS credentials, as well.
+  - Configure your AWS credentials, as well.
 - docker
 
 ## Operation
 
-From the base directory, run `./hack/e2e/run.sh`. Alternatively, run `make test-<testname>` or `GINKGO_FOCUS="[<test_group>]" ./hack/e2e/run.sh` to run a specific subset of tests. 
+From the base directory, run `./hack/e2e/run.sh`. Alternatively, run `make test-<testname>` or `GINKGO_FOCUS="[<test_group>]" ./hack/e2e/run.sh` to run a specific subset of tests.
 
 You can change the behavior of the tests by setting certain environment variables beforehand. Most of these can stay unchanged, but some should be noted:
+
 - `REGION`, `ZONES`: AWS region that the tests should be run on.
 - `KOPS_STATE_FILE`: An S3 bucket that you have access to. **Change this to a bucket you own!**
-- `K8S_VERSION`: Kuberenetes version. Don't change this off `1.22.10`; you might end up with a bunch of build errors otherwise.
+- `K8S_VERSION`: Kuberenetes version.
 - `TEST_ID`: Normally a random number, but can be set for a more controlled environment.
 - `CLEAN`: Set to false if you don't want the cluster to be torn down after the tests are done running. Useful if you want to inspect the cluster state after setup.
 

hack/e2e/deploy.yaml

@@ -194,12 +194,9 @@ spec:
     type: RollingUpdate
   template:
     metadata:
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ""
       labels:
         k8s-app: aws-iam-authenticator
     spec:
-
       # use service account with access to
       serviceAccountName: aws-iam-authenticator
 
@@ -209,6 +206,10 @@ spec:
       # run on each master node
       nodeSelector:
         node-role.kubernetes.io/master: ""
+
+      # mark pod as critical to the cluster
+      priorityClassName: system-cluster-critical
+
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master

hack/e2e/kops.sh

@@ -28,10 +28,11 @@ function kops_create_cluster() {
   K8S_VERSION=${8}
   CLUSTER_FILE=${9}
   KUBECONFIG=${10}
-  KUBECONFIG_ADMIN=${11}
-  TEST_DIR=${12}
-  KOPS_STATE_FILE=${13}
-  KOPS_PATCH_FILE=${14}
+  USER=${11}
+  KUBECONFIG_ADMIN=${12}
+  TEST_DIR=${13}
+  KOPS_STATE_FILE=${14}
+  KOPS_PATCH_FILE=${15}
 
   if [[ ! -e ${SSH_KEY_PATH} ]]; then
     loudecho "Generating SSH key $SSH_KEY_PATH"
@@ -72,7 +73,7 @@ function kops_create_cluster() {
     --ssh-public-key="${SSH_KEY_PATH}".pub --yes
 
   ${KOPS_BIN} export kubeconfig --state "${KOPS_STATE_FILE}" --kubeconfig "${KUBECONFIG_ADMIN}" "${CLUSTER_NAME}" --admin
-  ${KOPS_BIN} export kubeconfig --state "${KOPS_STATE_FILE}" --kubeconfig "${KUBECONFIG}" "${CLUSTER_NAME}"
+  ${KOPS_BIN} export kubeconfig --state "${KOPS_STATE_FILE}" --kubeconfig "${KUBECONFIG}" "${CLUSTER_NAME}" --user "${USER}"
 
   loudecho "Waiting on cluster ${CLUSTER_NAME}..."
   # we can't just use kops validate, because it requires the authenticator to be ready, but it's not set up yet...

hack/e2e/run.sh

@@ -54,9 +54,9 @@ ECR_URL=${AWS_ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com
 IMAGE_NAME=${IMAGE_NAME:-${ECR_URL}/${REPO_NAME}}
 IMAGE_TAG=${IMAGE_TAG:-${TEST_ID}}
 
-K8S_VERSION=${K8S_VERSION:-1.22.10}
-
-KOPS_VERSION=${KOPS_VERSION:-1.23.0}
+K8S_VERSION=${K8S_VERSION:-1.29.0}
+KUBECTL_VERSION=${KUBECTL_VERSION:-1.29.0}
+KOPS_VERSION=${KOPS_VERSION:-1.28.4}
 
 KOPS_STATE_FILE=${KOPS_STATE_FILE:-s3://${KOPS_STATE_BUCKET}}
 KOPS_PATCH_FILE=${KOPS_PATCH_FILE:-${BASE_DIR}/kops-patch.yaml}
@@ -66,8 +66,6 @@ ROLES_SPEC_FILE=${ROLES_SPEC_FILE:-${BASE_DIR}/roles.yaml}
 APISERVER_UPDATE_FILE=${APISERVER_UPDATE_FILE:-${BASE_DIR}/apiserver-update.yaml}
 KUBECONFIG_UPDATE_FILE=${KUBECONFIG_UPDATE_FILE:-${BASE_DIR}/kubeconfig-update.yaml}
 
-KUBECTL_VERSION=${KUBECTL_VERSION:-1.24.0}
-
 TEST_PATH=${TEST_PATH:-"./..."}
 ARTIFACTS=${ARTIFACTS:-"${TEST_DIR}/artifacts"}
 GINKGO_FOCUS=${GINKGO_FOCUS:-"\[iam-auth-e2e\]"}
@@ -100,7 +98,7 @@ loudecho "Installing ginkgo to ${BIN_DIR}"
 GINKGO_BIN=${BIN_DIR}/ginkgo
 if [[ ! -e ${GINKGO_BIN} ]]; then
   pushd /tmp
-  GOPATH=${TEST_DIR} GOBIN=${BIN_DIR} GO111MODULE=on go install github.com/onsi/ginkgo/ginkgo@v1.12.0
+  GOPATH=${TEST_DIR} GOBIN=${BIN_DIR} GO111MODULE=on go install github.com/onsi/ginkgo/v2/ginkgo@v2.15.0
   popd
 fi
 
@@ -173,6 +171,7 @@ kops_create_cluster \
   "$K8S_VERSION" \
   "$CLUSTER_FILE" \
   "$KUBECONFIG" \
+  "$CLUSTER_NAME" \
   "$KUBECONFIG_ADMIN" \
   "$TEST_DIR" \
   "$KOPS_STATE_FILE" \

hack/test-integration.sh

@@ -57,7 +57,7 @@ EOF
 CREATE_TEST_ROLE="${CREATE_TEST_ROLE:-true}"
 GENERATED_TEST_ROLE_NAME="aws-iam-authenticator-test-role-${RANDOM}"
 GENERATED_TEST_ROLE_POLICY_FILE=/tmp/role-policy.json
-KUBERNETES_TAG="v1.22.1"
+KUBERNETES_TAG="v1.29.0"
 REPO_ROOT="$(cd "$( dirname "${BASH_SOURCE[0]}" )"/.. &> /dev/null && pwd)"
 TEST_ARTIFACTS="${TEST_ARTIFACTS:-"${REPO_ROOT}/test-artifacts"}"
 TEST_ROLE_ARN="${TEST_ROLE_ARN:-$(role_arn_from_default_credentials)}"
@@ -89,11 +89,15 @@ if [[ -d ${TEST_ARTIFACTS}/k8s.io/kubernetes ]]; then
     rm -rf ${TEST_ARTIFACTS}/k8s.io/kubernetes
 fi
 
+GOPROXY=direct go install golang.org/x/tools/cmd/goimports
+
 mkdir -p ${TEST_ARTIFACTS}/k8s.io/kubernetes
 git clone --branch ${KUBERNETES_TAG} --depth 1 https://github.com/kubernetes/kubernetes.git ${TEST_ARTIFACTS}/k8s.io/kubernetes --depth 1
 
 pushd ${TEST_ARTIFACTS}/k8s.io/kubernetes
-make generated_files
+./hack/install-protoc.sh
+export PATH="/home/prow/go/src/github.com/kubernetes-sigs/aws-iam-authenticator/test-artifacts/k8s.io/kubernetes/third_party/protoc:${PATH}"
+./hack/update-codegen.sh
 ./hack/install-etcd.sh
 export PATH="${TEST_ARTIFACTS}/k8s.io/kubernetes/third_party/etcd:${PATH}"
 popd

tests/e2e/go.mod

@@ -1,6 +1,6 @@
 module sigs.k8s.io/aws-iam-authenticator/tests/e2e
 
-go 1.22.2
+go 1.22.4
 
 require (
 	github.com/onsi/ginkgo/v2 v2.15.0