✨ Add e2e tests & clusterctl changes for cross-ns CC ref

[Danil-Grigorev]

What this PR does / why we need it:
This PR allows clusterctl to create a template with a reference to CC located in a different namespace.
This change allows to perform e2e tests in a multi-ns environment.

Added e2e tests to verify cluster-class quick-start scenario and runtime extension scenario in a cross-namespaced context.

The PR is built on top of:

• 🐛 Use namespace of the reference on external.Get #11361
• ✨ Add classNamespace to topology #11352

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #5673

[fabriziopandini]

Renamed wip since it builds on a PR not yet merged

[fabriziopandini]

Made first pass, I will get back to this when the PR it builds on top are merged

[fabriziopandini]

Considering we are trying to keep PR-blocking duration as short as possible, and that the code paths touched by this change are limited and very specific to CC management, would it be possible to add this test on a PR only on demand + on periodic (once it is added to a PR, then it became blocking)

[Danil-Grigorev]

Currently using this as a way to quickly test subset of scenarios without having to invoke full-test-suite. I’ll unmark it from pre-submits. Should all added test cases be on demand + perodic?

[fabriziopandini]

Just to check if I'm getting this right.
As of today, when we are deploying objects, clusterctl allows to override the namespace set into templates (use case: the user wants to deploy to namespace xyz instead of namespace original).

With this PR we are changing this behaviour, and always preserving the namespace from the template when we are adding the cluster class to the template being deployed (cc preserve: namespace original).

If this is correct, and if I'm not wrong, this change might break users that are deploying a Cluster with ClassNamespace empty, and are expecting that also the CC gets deployed in the target namespace xyz along side with the cluster.

[Danil-Grigorev]

It shouldn’t break these users, since regular process of overriding the namespace of the templated resources is still performed. This new field was never a part of this logic, and the SoT here is the template initially.

This change avoids problems in discovering the existence of the CC in the specified namespace, allowing to template only a Cluster resource.

There is no support in clusterclt to distinguish that some of the resources should go into A namespace, and some other into B, so this multi-namespace setup is intended to happen in a multiple passes.

1. ClusterClass and referenced templates
2. A cluster resource in a different namespace
3. repeat 2 for any namespace without failures on clusterctl side, or any existing template modifications.

[sbueringer]

I'm not entirely sure, but I think this shouldn't break anything.

The namespace-thing for cluster-templates is only envsubst, right?

(while for provider installations it's a lot more)

EDIT: I'll take that one back

[sbueringer]

My best guess is that it still works as good as before :)

[sbueringer]

Okay took another look, seems all good

[fabriziopandini]

Can we have a similar test when both namespaces are the same, and one where both are empty?

[sbueringer]

Initial round of review.

But let's wait a bit with adjustments. I have to talk to @fabriziopandini a bit about the test coverage we want / need

[sbueringer]

Suggested change

	Byf("Deleting namespace used for hosting the %q test spec", specName)
	framework.DeleteNamespace(ctx, framework.DeleteNamespaceInput{
	Deleter: input.BootstrapClusterProxy.GetClient(),
	Name: clusterClassNamespace.Name,
	})

Duplicate with below

[sbueringer]

Suggested change

	Byf("Deleting namespace used for optionally hosting the %q infrastructure spec", specName)
	Byf("Deleting namespace used for hosting the %q test spec ClusterClass", specName)

maybe

[sbueringer]

I get why we need this change and I also saw that it doesn't lead to problems.

The way we are using this func now leads to an invalid merged.targetNamespace. Before this PR targetNamespace was correct because all templates are in the same namespace. Now merged.targetNamespace is not the namespace of all objects in the template anymore. This doesn't lead to problems because after we call MergeTemplates we only call YAML() and VariableMap() on the returned template, but this seems a bit brittle

Not sure what we should do, maybe rather not set the targetNamespace field if the templates are not all in the same namespace? Let's wait what @fabriziopandini thinks.

In any case, if we keep dropping this check here, please update the godoc of this func ("The merge operation returns an error if all the templates do not have the same TargetNamespace.").

[sbueringer]

comment above

		// Fix up default for well-know variables that have a special logic implemented in clusterctl.
		// NOTE: this logic mimics the defaulting rules implemented in client.GetClusterTemplate;

Sounds like if we do this here we should also add the same in client.GetClusterTemplate? (which is actually in client/config.go templateOptionsToVariables)

@fabriziopandini WDYT?

[sbueringer]

Suggested change

	// DeployClusterClassInSeparateNamespace is set if a second namespace is required for the ClusterClass deployment
	// DeployClusterClassInSeparateNamespace defines if the ClusterClass should be deployed in a separate namespace.

[sbueringer]

Suggested change

	variables["CLUSTER_CLASS_NAMESPACE"] = clusterClassNamespace.Name
	By("Creating a cluster referencing a clusterClass from another namespace")
	} else {
	By("Creating a cluster referencing a clusterClass")
	variables["CLUSTER_CLASS_NAMESPACE"] = clusterClassNamespace.Name
	By("Creating a cluster referencing a ClusterClass from another namespace")
	} else {
	By("Creating a cluster referencing a ClusterClass")

nit

[sbueringer]

Hm quickstart also works with clusters without ClusterClass. Do we need these logs? :)

[sbueringer]

Suggested change

	framework.DeleteNamespace(ctx, framework.DeleteNamespaceInput{
	Deleter: input.BootstrapClusterProxy.GetClient(),
	Name: clusterClassNamespace.Name,
	})
	if input.DeployClusterClassInSeparateNamespace {
	framework.DeleteNamespace(ctx, framework.DeleteNamespaceInput{
	Deleter: input.BootstrapClusterProxy.GetClient(),
	Name: clusterClassNamespace.Name,
	})
	}

[sbueringer]

Hm. I would like to preserve the existing test coverage here for C + CC in the same namespace. Which is the mainstream use case at the moment.

I'm fine with implementing the flag for the quickstart coverage, but I wonder if we have to run the test with the flag in core CAPI. The quickstart part of the test is a subset of what we test in the Runtime SDK test

[sbueringer]

Okay took another look, seems all good

[k8s-ci-robot]

@Danil-Grigorev: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-e2e-blocking-main	d2a4e3b	link	true	/test pull-cluster-api-e2e-blocking-main

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.