Merge pull request #1120 from gianlucam76/fv-agentless-fix

(chore) fix functional verification for agentless mode

Author: gianlucam76

Makefile

@@ -248,7 +248,7 @@ fv-sharding: $(KUBECTL) $(GINKGO) ## Run Sveltos Controller tests using existing
 
 .PHONY: fv-agentless
 fv-agentless: $(KUBECTL) $(GINKGO) ## Run Sveltos Controller tests using existing cluster
-	$(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/$(TAG)/manifest/mgmt_cluster_common_manifest.yaml
+	$(KUBECTL) apply -f test/drift-detection-mgmt_cluster_common_manifest.yaml
 	$(KUBECTL) apply -f manifest/drift_detection_manager_rbac.yaml
 	cp manifest/deployment-agentless.yaml test/addon-controller-deployment-agentless.yaml
 	$(KUBECTL) apply -f test/addon-controller-deployment-agentless.yaml
@@ -431,8 +431,11 @@ drift-detection-manager:
 	@echo "Downloading drift detection manager yaml"
 	$(eval digest :=$(call get-digest))
 	@echo "image digest is $(digest)"
-	curl -L https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/$(TAG)/manifest/manifest.yaml -o ./pkg/drift-detection/drift-detection-manager.yaml
+	curl -L -H "Authorization: token $$GITHUB_PAT" https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/$(TAG)/manifest/manifest.yaml -o ./pkg/drift-detection/drift-detection-manager.yaml
 	sed -i'' -e "s#image: docker.io/projectsveltos/drift-detection-manager:${TAG}#image: docker.io/projectsveltos/drift-detection-manager@${digest}#g" ./pkg/drift-detection/drift-detection-manager.yaml
-	curl -L https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/$(TAG)/manifest/mgmt_cluster_manifest.yaml -o ./pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml
+	curl -L -H "Authorization: token $$GITHUB_PAT" https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/$(TAG)/manifest/mgmt_cluster_manifest.yaml -o ./pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml
 	sed -i'' -e "s#image: docker.io/projectsveltos/drift-detection-manager:${TAG}#image: docker.io/projectsveltos/drift-detection-manager@${digest}#g" ./pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml
 	cd pkg/drift-detection; go generate
+	@echo "Downloading drift detection manager common yaml for agentless fv"
+	curl -L -H "Authorization: token $$GITHUB_PAT" https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/$(TAG)/manifest/mgmt_cluster_common_manifest.yaml -o ./test/drift-detection-mgmt_cluster_common_manifest.yaml
+	

pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go

@@ -47,7 +47,7 @@ spec:
         - --version=main
         command:
         - /manager
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:f95c3d8328feeaf4e6b00615010c4c850cf772a948c4f2031f4ea732e4a11031
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:8f9e2d913dff4a38b85a5ca51157a004f3f67731be33a9fe05e695924c3e2cab
         livenessProbe:
           failureThreshold: 3
           httpGet:

pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml

@@ -29,7 +29,7 @@ spec:
         - --version=main
         command:
         - /manager
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:f95c3d8328feeaf4e6b00615010c4c850cf772a948c4f2031f4ea732e4a11031
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:8f9e2d913dff4a38b85a5ca51157a004f3f67731be33a9fe05e695924c3e2cab
         livenessProbe:
           failureThreshold: 3
           httpGet:

pkg/drift-detection/drift-detection-manager.go

@@ -141,7 +141,7 @@ spec:
         - --version=main
         command:
         - /manager
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:f95c3d8328feeaf4e6b00615010c4c850cf772a948c4f2031f4ea732e4a11031
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:8f9e2d913dff4a38b85a5ca51157a004f3f67731be33a9fe05e695924c3e2cab
         livenessProbe:
           failureThreshold: 3
           httpGet:

pkg/drift-detection/drift-detection-manager.yaml

@@ -123,7 +123,7 @@ spec:
         - --version=main
         command:
         - /manager
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:f95c3d8328feeaf4e6b00615010c4c850cf772a948c4f2031f4ea732e4a11031
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:8f9e2d913dff4a38b85a5ca51157a004f3f67731be33a9fe05e695924c3e2cab
         livenessProbe:
           failureThreshold: 3
           httpGet:

test/drift-detection-mgmt_cluster_common_manifest.yaml

@@ -0,0 +1,137 @@
+# Those YAML are all needed when drift-detection-manager is started in the
+# management cluster. Those are not installed by addon-controller when deploying
+# drift-detection-manager in the management cluster to avoid granting addon-controller
+# extra permissions
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: drift-detection-manager
+  namespace: projectsveltos
+---
+# When running in the management cluster, drift-detection-manager needs
+# to access Secret containing Kubeconfig for managed cluster (and consequently
+# access Cluster/SveltosCluster to verify existance)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: drift-detection-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - lib.projectsveltos.io
+  resources:
+  - debuggingconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - lib.projectsveltos.io
+  resources:
+  - resourcesummaries
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - lib.projectsveltos.io
+  resources:
+  - resourcesummaries/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - lib.projectsveltos.io
+  resources:
+  - resourcesummaries/status
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: drift-detection-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: drift-detection-proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: drift-detection-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: drift-detection-manager-role
+subjects:
+- kind: ServiceAccount
+  name: drift-detection-manager
+  namespace: projectsveltos
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: drift-detection-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: drift-detection-proxy-role
+subjects:
+- kind: ServiceAccount
+  name: drift-detection-manager
+  namespace: projectsveltos
+---