Add PINNIPED_USE_LOCAL_KIND_REGISTRY env var

- ensures regular use of hack/prepare-for-integration-tests.sh
  - PINNIPED_USE_LOCAL_KIND_REGISTRY=1  ./hack/prepare-for-integration-tests.sh --clean --alternate-deploy ./hack/noop.sh --post-install ./hack/build-carvel-packages.sh
  - ./hack/prepare-for-integration-tests.sh --clean

hack/build-carvel-packages.sh

@@ -4,11 +4,22 @@
 # SPDX-License-Identifier: Apache-2.0
 
 #
-# This script can be used to prepare a kind cluster and deploy the app.
-# You can call this script again to redeploy the app.
-# It will also output instructions on how to run the integration.
+# This script can be used in conjunction with prepare-for-integration-tests.sh.
+# When invoked with the PINNIPED_USE_LOCAL_KIND_REGISTRY environment variable set to a non-empty value,
+# the integration tests script will create a local docker registry and configure kind to use the registry
+# and will build the Pinniped binary and container image.
+# This script will then create Carvel Packages for supervisor,concierge and local-user-authenticator.
+# It will also create a Carvel PackageRepository.
+# The PackageRepository will be installed on the kind cluster, then PackageInstall resources
+# will be created to deploy an instance of each of the packages on the cluster.
+# Once this script has completed, Pinniped can be interacted with as if it had been deployed in the usual way,
+# for example by running tests or by preparing supervisor for manual interactions:
+#  source /tmp/integration-test-env && go test -v -race -count 1 -timeout 0 ./test/integration -run  /TestE2EFullIntegration_Browser
+#  hack/prepare-supervisor-on-kind.sh --oidc
+#
+# Example usage:
+#   PINNIPED_USE_LOCAL_KIND_REGISTRY=1 ./hack/prepare-for-integration-tests.sh --clean --alternate-deploy ./hack/noop.sh --post-install ./hack/build-carvel-packages.sh
 #
-
 set -euo pipefail
 
 #
@@ -53,6 +64,14 @@ cd "$pinniped_path" || exit 1
 app=${1:-"undefined"}
 tag=${2:-$(uuidgen)}
 
+if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" == "" ]]; then
+  log_error "Building the Carvel package requires configuring kind with a local registry."
+  log_error "please set the environment variable PINNIPED_USE_LOCAL_KIND_REGISTRY"
+  log_error "for example:"
+  log_error "    PINNIPED_USE_LOCAL_KIND_REGISTRY=1 ./hack/prepare-for-integration-tests.sh --clean --alternate-deploy ./hack/noop.sh --post-install ./hack/build-carvel-packages.sh"
+fi
+
+
 # TODO: automate the version by release somehow.
 # the tag is the version in our build scripts, but we will want real versions for releases
 pinniped_package_version="${tag}" # ie, "0.25.0"
@@ -68,11 +87,10 @@ registry_repo_tag="${registry_repo}:${tag}"
 api_group_suffix="pinniped.dev"
 
 # Package prefix for concierge, supervisor, local-user-authenticator
-package_prefix="test/build-package" # + $resource_name + ":" + $tag
-package_repo_prefix="${registry_repo}/${package_prefix}" # + $resource_name + ":" + $tag
+package_repo_prefix="${registry_repo}/package" # + $resource_name + ":" + $tag
 
 # Pinniped Package repository
-package_repository_repo="test/build-package-repository-pinniped"
+package_repository_repo="pinniped-package-repository"
 package_repository_repo_tag="${registry_repo}/${package_repository_repo}:${tag}"
 
 # carvel

hack/delete-carvel-packages.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+# Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+#
+# This script can be used to prepare a kind cluster and deploy the app.
+# You can call this script again to redeploy the app.
+# It will also output instructions on how to run the integration.
+#
+
+set -euo pipefail
+
+# whats all installed
+kubectl get pkgr -A && kubectl get pkg -A && kubectl get pkgi -A
+
+# delete the package installs
+kubectl delete pkgi concierge-package-install -n concierge-install-ns
+kubectl delete pkgi supervisor-package-install -n supervisor-install-ns
+kubectl delete pkgi local-user-authenticator-package-install -n local-user-authenticator-install-ns
+
+# TODO: clean up the rest also

hack/kind-down.sh

@@ -8,9 +8,11 @@ set -euo pipefail
 ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
 cd "${ROOT}"
 
-reg_name='kind-registry.local'
-docker network disconnect "kind" "${reg_name}" || true
-docker stop "${reg_name}" || true
-docker rm "${reg_name}" || true
+if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" != "" ]]; then
+  reg_name='kind-registry.local'
+  docker network disconnect "kind" "${reg_name}" || true
+  docker stop "${reg_name}" || true
+  docker rm "${reg_name}" || true
+fi
 
 kind delete cluster --name pinniped

hack/kind-up.sh

@@ -8,20 +8,35 @@ set -euo pipefail
 ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 cd "${ROOT}"
 
-# create registry container unless it already exists
-reg_name='kind-registry.local'
-reg_port='5000'
-if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
-  docker run \
-    -d --restart=always -p "127.0.0.1:${reg_port}:5000" --name "${reg_name}" \
-    registry:2
+
+if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" != "" ]]; then
+  # create registry container unless it already exists
+  reg_name='kind-registry.local'
+  reg_port='5000'
+  if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
+    docker run \
+      -d --restart=always -p "127.0.0.1:${reg_port}:5000" --name "${reg_name}" \
+      registry:2
+  fi
 fi
 
-if [[ "${PINNIPED_USE_CONTOUR:-}" != "" ]]; then
+
+if [[ "${PINNIPED_USE_CONTOUR:-}" != "" && "$PINNIPED_USE_LOCAL_KIND_REGISTRY" != ""  ]]; then
+  echo "Adding Contour port mapping and local registry to Kind config."
+  ytt -f "${ROOT}/hack/lib/kind-config/single-node.yaml" \
+    -f "${ROOT}/hack/lib/kind-config/contour-overlay.yaml" \
+    -f "${ROOT}/hack/lib/kind-config/kind-registry-overlay.yaml" >/tmp/kind-config.yaml
+  kind create cluster --config /tmp/kind-config.yaml --name pinniped
+elif [[ "${PINNIPED_USE_CONTOUR:-}" != "" ]]; then
   echo "Adding Contour port mapping to Kind config."
   ytt -f "${ROOT}/hack/lib/kind-config/single-node.yaml" \
     -f "${ROOT}/hack/lib/kind-config/contour-overlay.yaml" >/tmp/kind-config.yaml
   kind create cluster --config /tmp/kind-config.yaml --name pinniped
+elif [[ "$PINNIPED_USE_LOCAL_KIND_REGISTRY" != "" ]]; then
+  echo "Adding local registry to Kind config."
+  ytt -f "${ROOT}/hack/lib/kind-config/single-node.yaml" \
+    -f "${ROOT}/hack/lib/kind-config/kind-registry-overlay.yaml" >/tmp/kind-config.yaml
+  kind create cluster --config /tmp/kind-config.yaml --name pinniped
 else
   # To choose a specific version of kube, add this option to the command below: `--image kindest/node:v1.28.0`.
   # To debug the kind config, add this option to the command below: `-v 10`
@@ -29,14 +44,15 @@ else
 fi
 
 
-# connect the registry to the cluster network if not already connected
-if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
-  docker network connect "kind" "${reg_name}"
-fi
+if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" != "" ]]; then
+  # connect the registry to the cluster network if not already connected
+  if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
+    docker network connect "kind" "${reg_name}"
+  fi
 
-# Document the local registry
-# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
-cat <<EOF | kubectl apply -f -
+  # Document the local registry
+  # https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
+  cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -47,3 +63,5 @@ data:
     host: "localhost:${reg_port}"
     help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
 EOF
+
+fi

hack/lib/kind-config/kind-registry-overlay.yaml

@@ -0,0 +1,11 @@
+#! Copyright 2023 the Pinniped contributors. All Rights Reserved.
+#! SPDX-License-Identifier: Apache-2.0
+
+#@ load("@ytt:overlay", "overlay")
+#@overlay/match by=overlay.all
+---
+#@overlay/match missing_ok=True
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."kind-registry.local:5000"]
+    endpoint = ["http://kind-registry.local:5000"]

hack/lib/kind-config/single-node.yaml

@@ -44,11 +44,3 @@ kubeadmConfigPatches:
     extraArgs:
       # See comment above.
       enable-aggregator-routing: "true"
-# TODO: in kind-up.sh these variables are created, but aren't passed in here, so we are hard-coding them
-# reg_name='kind-registry.local'
-# reg_port='5000'
-# perhaps we need to ytt --overlay it like we do the contour configuration?
-containerdConfigPatches:
-- |-
-  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."kind-registry.local:5000"]
-    endpoint = ["http://kind-registry.local:5000"]

hack/prepare-for-integration-tests.sh

@@ -8,7 +8,15 @@
 # You can call this script again to redeploy the app.
 # It will also output instructions on how to run the integration.
 #
-
+# When invoked with the PINNIPED_USE_LOCAL_KIND_REGISTRY environment variable set to a non-empty value,
+# the script will create a local docker registry and configure kind to use the registry.  When building
+# and installing Pinniped normally this is unnecessary. However, if an alternative build and install approach
+# is taken, such as via a Carvel packaging mechanism, a local registry might be needed (for example, the
+# kbld tool requires a registry to resolve images to shas).
+#
+# Example usage:
+#   PINNIPED_USE_LOCAL_KIND_REGISTRY=1  ./hack/prepare-for-integration-tests.sh --clean --alternate-deploy ./hack/noop.sh --post-install ./hack/build-carvel-packages.sh
+#
 set -euo pipefail
 
 #
@@ -231,27 +239,31 @@ else
   fi
 fi
 
+registry="pinniped.local"
+registry_with_port="$registry"
+if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" != "" ]]; then
+  registry="kind-registry.local"
+  registry_with_port="$registry:5000"
+fi
 
-# registry="pinniped.local"
-registry="kind-registry.local"
-registry_with_port="$registry:5000"
 repo="test/build"
 registry_repo="$registry_with_port/$repo"
 tag="0.0.0-$(uuidgen)" # always a new tag to force K8s to reload the image on redeploy
 
 
-etc_hosts_local_registry_missing=no
-if ! grep -q "$registry" /etc/hosts; then
-  etc_hosts_local_registry_missing=yes
-fi
-
-if [[ "$etc_hosts_local_registry_missing" == "yes" ]]; then
-  echo
-  log_error "In order to configure the kind cluster to use the local registry properly,"
-  log_error "please run this command to edit /etc/hosts, and then run this script again with the same options."
-  echo "sudo bash -c \"echo '127.0.0.1 $registry' >> /etc/hosts\""
-  log_error "When you are finished with your Kind cluster, you can remove this line from /etc/hosts."
-  exit 1
+if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" != "" ]]; then
+  etc_hosts_local_registry_missing=no
+  if ! grep -q "$registry" /etc/hosts; then
+    etc_hosts_local_registry_missing=yes
+  fi
+  if [[ "$etc_hosts_local_registry_missing" == "yes" ]]; then
+    echo
+    log_error "In order to configure the kind cluster to use the local registry properly,"
+    log_error "please run this command to edit /etc/hosts, and then run this script again with the same options."
+    echo "sudo bash -c \"echo '127.0.0.1 $registry' >> /etc/hosts\""
+    log_error "When you are finished with your Kind cluster, you can remove this line from /etc/hosts."
+    exit 1
+  fi
 fi
 
 if [[ "$skip_build" == "yes" ]]; then
@@ -282,10 +294,15 @@ if [[ "$do_build" == "yes" ]]; then
   fi
 fi
 
-# Load it into the cluster
-log_note "Loading the app's container image into the local registry ($registry_with_port)..."
-docker push "$registry_repo_tag"
-
+if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" != "" ]]; then
+  # if registry used, push to the registry
+  log_note "Loading the app's container image into the local registry ($registry_with_port)..."
+  docker push "$registry_repo_tag"
+else
+  # otherwise side-load directly
+  log_note "Loading the app's container image into the kind cluster..."
+  kind load docker-image "$registry_repo_tag" --name pinniped
+fi
 #
 # Deploy local-user-authenticator
 #