Move challenger server inside the cluster and serve with TLS

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>

scripts/e2e-tests.sh

@@ -2,10 +2,11 @@
 
 set -e
 
-# This scripts prepares a cluster that runs the challenger server compiled
-# from the current checkout.
+# This scripts prepares a cluster where we install the kcrypt CRDs.
+# This is where sealed volumes are created.
 
 GINKGO_NODES="${GINKGO_NODES:-1}"
+K3S_IMAGE="rancher/k3s:v1.26.1-k3s1"
 
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 CLUSTER_NAME=$(echo $RANDOM | md5sum | head -c 10; echo;)
@@ -20,35 +21,38 @@ cleanup() {
   echo "Cleaning up $CLUSTER_NAME"
   k3d cluster delete "$CLUSTER_NAME" || true
   rm -rf "$KUBECONFIG"
-
-  # Stop the challenger server
-  kill $KMS_PID
 }
 trap cleanup EXIT
 
-# Create a cluster
-k3d cluster create "$CLUSTER_NAME" --image rancher/k3s:v1.26.1-k3s1
+# Create a cluster and bind ports 80 and 443 on the host
+# This will allow us to access challenger server on 10.0.2.2 which is the IP
+# on which qemu "sees" the host.
+k3d cluster create "$CLUSTER_NAME" -p '80:80@server:0' -p '443:443@server:0' --image "$K3S_IMAGE"
 k3d kubeconfig get "$CLUSTER_NAME" > "$KUBECONFIG"
 
+# Build the docker image
+IMG=controller:latest make docker-build
+
+# Import the image to the cluster
+k3d image import -c "$CLUSTER_NAME" controller:latest
+
 # Install cert manager
 kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml
+kubectl wait --for=condition=Available deployment --timeout=2m -n cert-manager --all
 
-# Install the CRDs
-kubectl apply -k "$SCRIPT_DIR/../config/crd/"
+# Replace the CLUSTER_IP in the kustomize resource
+# Only needed for debugging so that we can access the server from the host
+# (the 10.0.2.2 IP address is only useful from within qemu)
+export CLUSTER_IP=$(docker inspect "k3d-${CLUSTER_NAME}-server-0"  | jq -r '.[0].NetworkSettings.Networks[].IPAddress')
+envsubst \
+    < "$SCRIPT_DIR/../tests/assets/challenger-server-ingress.template.yaml" \
+    > "$SCRIPT_DIR/../tests/assets/challenger-server-ingress.yaml"
 
-# Start the challenger server locally
-CHALLENGER_PORT=$(getFreePort)
-METRICS_PORT=$(getFreePort)
-HEALTH_PROBE_PORT=$(getFreePort)
-go run "${SCRIPT_DIR}/../" \
-  --challenger-bind-address "0.0.0.0:${CHALLENGER_PORT}" \
-  --metrics-bind-address "0.0.0.0:${METRICS_PORT}" \
-  --health-probe-bind-address "0.0.0.0:${HEALTH_PROBE_PORT}" \
-  --namespace default > /dev/null 2>&1 &
-export KMS_PID=$!
+# Install the challenger server kustomization
+kubectl apply -k "$SCRIPT_DIR/../tests/assets/"
 
 # 10.0.2.2 is where the vm sees the host
 # https://stackoverflow.com/a/6752280
-export KMS_ADDRESS="10.0.2.2:${CHALLENGER_PORT}"
+export KMS_ADDRESS="10.0.2.2.challenger.sslip.io"
 
 PATH=$PATH:$GOPATH/bin ginkgo --nodes $GINKGO_NODES --fail-fast -r ./tests/