Use known kindest/node image versions by sha where they exist

Signed-off-by: killianmuldoon <kmuldoon@vmware.com>
kubernetes-sigs · Jun 15, 2023 · a25b0b2 · a25b0b2
1 parent 52fd7eb
commit a25b0b2
Show file tree

Hide file tree

Showing 8 changed files with 78 additions and 17 deletions.
diff --git a/test/e2e/clusterctl_upgrade_test.go b/test/e2e/clusterctl_upgrade_test.go
@@ -35,6 +35,7 @@ var _ = Describe("When testing clusterctl upgrades (v0.4=>current)", func() {
 			SkipCleanup:               skipCleanup,
 			InitWithBinary:            "https://github.com/kubernetes-sigs/cluster-api/releases/download/v0.4.8/clusterctl-{OS}-{ARCH}",
 			InitWithProvidersContract: "v1alpha4",
+			// NOTE: If this version is changed here the image and SHA must also be updated in all DockerMachineTemplates in `test/data/infrastructure-docker/v0.4/bases.
 			InitWithKubernetesVersion: "v1.23.17",
 			WorkloadKubernetesVersion: "v1.23.17",
 			MgmtFlavor:                "topology",
@@ -73,10 +74,11 @@ var _ = Describe("When testing clusterctl upgrades (v1.0=>current)", func() {
 			// runtime extension providers. If we don't do this the test will automatically
 			// try to deploy the latest version of our test-extension from docker.yaml.
 			InitWithRuntimeExtensionProviders: []string{},
-			InitWithKubernetesVersion:         "v1.23.17",
-			WorkloadKubernetesVersion:         "v1.23.17",
-			MgmtFlavor:                        "topology",
-			WorkloadFlavor:                    "",
+			// NOTE: If this version is changed here the image and SHA must also be updated in all DockerMachineTemplates in `test/data/infrastructure-docker/v1.0/bases.
+			InitWithKubernetesVersion: "v1.23.17",
+			WorkloadKubernetesVersion: "v1.23.17",
+			MgmtFlavor:                "topology",
+			WorkloadFlavor:            "",
 			// This check ensures that ownerReference apiVersions are updated for all types after the upgrade.
 			PostUpgrade: func(proxy framework.ClusterProxy, namespace, clusterName string) {
 				framework.ValidateOwnerReferencesOnUpdate(proxy, namespace,
@@ -112,10 +114,11 @@ var _ = Describe("When testing clusterctl upgrades (v1.3=>current)", func() {
 			// try to deploy the latest version of our test-extension from docker.yaml.
 			InitWithRuntimeExtensionProviders: []string{},
 			InitWithProvidersContract:         "v1beta1",
-			InitWithKubernetesVersion:         "v1.26.4",
-			WorkloadKubernetesVersion:         "v1.26.4",
-			MgmtFlavor:                        "topology",
-			WorkloadFlavor:                    "",
+			// NOTE: If this version is changed here the image and SHA must also be updated in all DockerMachineTemplates in `test/data/infrastructure-docker/v0.4/bases.
+			InitWithKubernetesVersion: "v1.26.4",
+			WorkloadKubernetesVersion: "v1.26.4",
+			MgmtFlavor:                "topology",
+			WorkloadFlavor:            "",
 			// This check ensures that ownerReference apiVersions are updated for all types after the upgrade.
 			PostUpgrade: func(proxy framework.ClusterProxy, namespace, clusterName string) {
 				framework.ValidateOwnerReferencesOnUpdate(proxy, namespace,
@@ -151,10 +154,11 @@ var _ = Describe("When testing clusterctl upgrades using ClusterClass (v1.3=>cur
 			// try to deploy the latest version of our test-extension from docker.yaml.
 			InitWithRuntimeExtensionProviders: []string{},
 			InitWithProvidersContract:         "v1beta1",
-			InitWithKubernetesVersion:         "v1.26.4",
-			WorkloadKubernetesVersion:         "v1.26.4",
-			MgmtFlavor:                        "topology",
-			WorkloadFlavor:                    "topology",
+			// NOTE: If this version is changed here the image and SHA must also be updated in all DockerMachineTemplates in `test/data/infrastructure-docker/v0.4/bases.
+			InitWithKubernetesVersion: "v1.26.4",
+			WorkloadKubernetesVersion: "v1.26.4",
+			MgmtFlavor:                "topology",
+			WorkloadFlavor:            "topology",
 			// This check ensures that ownerReference apiVersions are updated for all types after the upgrade.
 			PostUpgrade: func(proxy framework.ClusterProxy, namespace, clusterName string) {
 				framework.ValidateOwnerReferencesOnUpdate(proxy, namespace,
@@ -180,6 +184,7 @@ var _ = Describe("When testing clusterctl upgrades (v1.4=>current)", func() {
 			SkipCleanup:               skipCleanup,
 			InitWithBinary:            "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.0/clusterctl-{OS}-{ARCH}",
 			InitWithProvidersContract: "v1beta1",
+			// NOTE: If this version is changed here the image and SHA must also be updated in all DockerMachineTemplates in `test/data/infrastructure-docker/v0.4/bases.
 			InitWithKubernetesVersion: "v1.27.1",
 			WorkloadKubernetesVersion: "v1.27.1",
 			MgmtFlavor:                "topology",
@@ -209,6 +214,7 @@ var _ = Describe("When testing clusterctl upgrades using ClusterClass (v1.4=>cur
 			SkipCleanup:               skipCleanup,
 			InitWithBinary:            "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.0/clusterctl-{OS}-{ARCH}",
 			InitWithProvidersContract: "v1beta1",
+			// NOTE: If this version is changed here the image and SHA must also be updated in all DockerMachineTemplates in `test/data/infrastructure-docker/v0.4/bases.
 			InitWithKubernetesVersion: "v1.27.1",
 			WorkloadKubernetesVersion: "v1.27.1",
 			MgmtFlavor:                "topology",

diff --git a/test/e2e/data/infrastructure-docker/v0.4/bases/cluster-with-kcp.yaml b/test/e2e/data/infrastructure-docker/v0.4/bases/cluster-with-kcp.yaml
@@ -38,6 +38,8 @@ metadata:
 spec:
   template:
     spec:
+      # NOTE: If the Kubernetes version is changed in `clusterctl_upgrade_test.go` the image and SHA must be updated here.
+      customImage: "kindest/node:v1.23.17@sha256:f77f8cf0b30430ca4128cc7cfafece0c274a118cd0cdb251049664ace0dee4ff"
       extraMounts:
         - containerPath: "/var/run/docker.sock"
           hostPath: "/var/run/docker.sock"

diff --git a/test/e2e/data/infrastructure-docker/v0.4/bases/md.yaml b/test/e2e/data/infrastructure-docker/v0.4/bases/md.yaml
@@ -8,6 +8,8 @@ metadata:
 spec:
   template:
     spec:
+      # NOTE: If the Kubernetes version is changed in `clusterctl_upgrade_test.go` the image and SHA must be updated here.
+      customImage: "kindest/node:v1.23.17@sha256:f77f8cf0b30430ca4128cc7cfafece0c274a118cd0cdb251049664ace0dee4ff"
       extraMounts:
         - containerPath: "/var/run/docker.sock"
           hostPath: "/var/run/docker.sock"

diff --git a/test/e2e/data/infrastructure-docker/v0.4/bases/mp.yaml b/test/e2e/data/infrastructure-docker/v0.4/bases/mp.yaml
@@ -26,6 +26,11 @@ apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
 kind: DockerMachinePool
 metadata:
   name: "${CLUSTER_NAME}-dmp-0"
+spec:
+  template:
+    # NOTE: If the Kubernetes version is changed in `clusterctl_upgrade_test.go` the image and SHA must be updated here.
+    customImage: "kindest/node:v1.23.17@sha256:f77f8cf0b30430ca4128cc7cfafece0c274a118cd0cdb251049664ace0dee4ff"
+
 ---
 # KubeadmConfigTemplate referenced by the MachinePool
 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4

diff --git a/test/e2e/data/infrastructure-docker/v1.0/bases/cluster-with-kcp.yaml b/test/e2e/data/infrastructure-docker/v1.0/bases/cluster-with-kcp.yaml
@@ -56,6 +56,8 @@ metadata:
 spec:
   template:
     spec:
+      # NOTE: If the Kubernetes version is changed in `clusterctl_upgrade_test.go` the image and SHA must be updated here.
+      customImage: "kindest/node:v1.23.17@sha256:f77f8cf0b30430ca4128cc7cfafece0c274a118cd0cdb251049664ace0dee4ff"
       extraMounts:
         - containerPath: "/var/run/docker.sock"
           hostPath: "/var/run/docker.sock"

diff --git a/test/e2e/data/infrastructure-docker/v1.0/bases/md.yaml b/test/e2e/data/infrastructure-docker/v1.0/bases/md.yaml
@@ -8,6 +8,8 @@ metadata:
 spec:
   template:
     spec:
+      # NOTE: If the Kubernetes version is changed in `clusterctl_upgrade_test.go` the image and SHA must be updated here.
+      customImage: "kindest/node:v1.23.17@sha256:f77f8cf0b30430ca4128cc7cfafece0c274a118cd0cdb251049664ace0dee4ff"
       extraMounts:
         - containerPath: "/var/run/docker.sock"
           hostPath: "/var/run/docker.sock"

diff --git a/test/infrastructure/docker/internal/docker/kind_version.go b/test/infrastructure/docker/internal/docker/kind_version.go
@@ -0,0 +1,39 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package docker
+
+// knownKindImageVersions is a map that maps KIND node images and tags to the shas of images recommended for use with a
+// specific KIND version.
+// Contains shas for KIND v0.19.0. NOTE: These must be updated when the kind version is updated.
+var knownKindImageVersions = map[string]string{
+	"kindest/node:v1.27.1":  "kindest/node:v1.27.1@sha256:b7d12ed662b873bd8510879c1846e87c7e676a79fefc93e17b2a52989d3ff42b",
+	"kindest/node:v1.26.4":  "kindest/node:v1.26.4@sha256:f4c0d87be03d6bea69f5e5dc0adb678bb498a190ee5c38422bf751541cebe92e",
+	"kindest/node:v1.25.9":  "kindest/node:v1.25.9@sha256:c08d6c52820aa42e533b70bce0c2901183326d86dcdcbedecc9343681db45161",
+	"kindest/node:v1.24.13": "kindest/node:v1.24.13@sha256:cea86276e698af043af20143f4bf0509e730ec34ed3b7fa790cc0bea091bc5dd",
+	"kindest/node:v1.23.17": "kindest/node:v1.23.17@sha256:f77f8cf0b30430ca4128cc7cfafece0c274a118cd0cdb251049664ace0dee4ff",
+	"kindest/node:v1.22.17": "kindest/node:v1.22.17@sha256:9af784f45a584f6b28bce2af84c494d947a05bd709151466489008f80a9ce9d5",
+	"kindest/node:v1.21.14": "kindest/node:v1.21.14@sha256:220cfafdf6e3915fbce50e13d1655425558cb98872c53f802605aa2fb2d569cf",
+}
+
+// kindImageVersionFix maps an input image and tag to a known SHA for a given KIND release.
+// If the passed in image version is not found, this function returns the original image string.
+func kindImageVersionFix(image string) string {
+	if knownImage, ok := knownKindImageVersions[image]; ok {
+		return knownImage
+	}
+	return image
+}
diff --git a/test/infrastructure/docker/internal/docker/machine.go b/test/infrastructure/docker/internal/docker/machine.go
@@ -205,21 +205,24 @@ func (m *Machine) ContainerImage() string {
 }
 
 // Create creates a docker container hosting a Kubernetes node.
-func (m *Machine) Create(ctx context.Context, image string, role string, version *string, labels map[string]string, mounts []infrav1.Mount) error {
+func (m *Machine) Create(ctx context.Context, customImage string, role string, version *string, labels map[string]string, mounts []infrav1.Mount) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	// Create if not exists.
 	if m.container == nil {
 		var err error
 
 		machineImage := m.machineImage(version)
-		if image != "" {
-			machineImage = image
+		if customImage != "" {
+			machineImage = customImage
 		}
 
+		// Ensure the image is using a known good kindest/node image if one exists.
+		machineImage = kindImageVersionFix(machineImage)
+
 		switch role {
 		case constants.ControlPlaneNodeRoleValue:
-			log.Info("Creating control plane machine container")
+			log.Info(fmt.Sprintf("Creating control plane machine container with machine image %s", machineImage))
 			m.container, err = m.nodeCreator.CreateControlPlaneNode(
 				ctx,
 				m.ContainerName(),
@@ -236,7 +239,7 @@ func (m *Machine) Create(ctx context.Context, image string, role string, version
 				return errors.WithStack(err)
 			}
 		case constants.WorkerNodeRoleValue:
-			log.Info("Creating worker machine container")
+			log.Info(fmt.Sprintf("Creating worker machine container with machine image %s", machineImage))
 			m.container, err = m.nodeCreator.CreateWorkerNode(
 				ctx,
 				m.ContainerName(),