From e5fe979df42e84b4490e5f6439aa0a91bf2f130f Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Tue, 19 Aug 2025 13:38:05 +1000
Subject: [PATCH] chore: update kind to 0.27.0

---
 .github/workflows/remote-controller.yaml      | 43 ++++++++--------
 .gitignore                                    |  2 +-
 Makefile                                      | 50 ++++++++-----------
 test-resources/test-suite.kind-config.yaml    |  6 +++
 .../test-suite.kind-config.yaml.tpl           |  8 ---
 test-resources/test-suite.registry.toml.tpl   |  2 +
 6 files changed, 53 insertions(+), 58 deletions(-)
 create mode 100644 test-resources/test-suite.kind-config.yaml
 delete mode 100644 test-resources/test-suite.kind-config.yaml.tpl
 create mode 100644 test-resources/test-suite.registry.toml.tpl

diff --git a/.github/workflows/remote-controller.yaml b/.github/workflows/remote-controller.yaml
index ce8ff07e..9ee90b6a 100644
--- a/.github/workflows/remote-controller.yaml
+++ b/.github/workflows/remote-controller.yaml
@@ -17,20 +17,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        kindest_node_version: [v1.25.16]
+        kindest_node_version: [v1.29.14@sha256:8703bd94ee24e51b778d5556ae310c6c0fa67d761fae6379c8e0bb480e6fea29]
         harbor: ["1.11.0"]
         lagoon_build_image: ["uselagoon/build-deploy-image:main"]
         experimental: [false]
         include:
-          - kindest_node_version: v1.27.13
+          - kindest_node_version: v1.30.10@sha256:4de75d0e82481ea846c0ed1de86328d821c1e6a6a91ac37bf804e5313670e507
             harbor: "1.14.3"
             lagoon_build_image: "uselagoon/build-deploy-image:main"
             experimental: false
-          - kindest_node_version: v1.29.4
-            harbor: "1.14.3"
-            lagoon_build_image: "uselagoon/build-deploy-image:main"
-            experimental: true
-          - kindest_node_version: v1.30.2
+          - kindest_node_version: v1.32.2@sha256:f226345927d7e348497136874b6d207e0b32cc52154ad8323129352923a3142f
             harbor: "1.18.0"
             lagoon_build_image: "uselagoon/build-deploy-image:main"
             experimental: true
@@ -66,30 +62,37 @@ jobs:
         curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.11.1/gojq_v0.11.1_linux_amd64.tar.gz
         tar -xf ./gojq_v0.11.1_linux_amd64.tar.gz
         sudo cp /tmp/gojq_v0.11.1_linux_amd64/gojq /usr/local/bin/jq
-        
-    - name: Configure node IP in kind-config.yaml
-      run: |
-        docker network create kind
-        LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"')
-        KIND_NODE_IP=$(echo "${LAGOON_KIND_CIDR_BLOCK%???}" | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
-        export KIND_NODE_IP
-        envsubst < test-resources/test-suite.kind-config.yaml.tpl > test-resources/test-suite.kind-config.yaml
 
     - name: Create kind cluster
       uses: helm/kind-action@v1.13.0
       with:
-        version: v0.24.0
+        version: v0.27.0
         cluster_name: remote-controller
         node_image: kindest/node:${{ matrix.kindest_node_version }}
-        kubectl_version: v1.30.4
+        kubectl_version: v1.32.2
         config: test-resources/test-suite.kind-config.yaml
-  
+
+    - name: Configure registry for containerd
+      run: |
+        LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '.[].Containers[].IPv4Address' | tr -d '"')
+        KIND_NODE_IP=$(echo "${LAGOON_KIND_CIDR_BLOCK%???}" | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
+        export KIND_NODE_IP
+        envsubst < test-resources/test-suite.registry.toml.tpl > test-resources/test-suite.registry.toml
+        REGISTRY_DIR="/etc/containerd/certs.d/registry.${KIND_NODE_IP}.nip.io"
+        export REGISTRY_DIR
+        for node in $(kind get nodes --name remote-controller); do
+          echo "fixing node $node"
+          docker exec "$node" mkdir -p "${REGISTRY_DIR}"
+          cat test-resources/test-suite.registry.toml
+          docker exec -i "$node" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml" < test-resources/test-suite.registry.toml
+        done
+
     - name: Check node IP matches kind configuration
       run: |
-        LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"')
+        LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '.[].Containers[].IPv4Address' | tr -d '"')
         NODE_IP=$(echo "${LAGOON_KIND_CIDR_BLOCK%???}" | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
         echo Checking for NODE_IP "$NODE_IP"
-        grep "$NODE_IP" test-resources/test-suite.kind-config.yaml
+        grep "$NODE_IP" test-resources/test-suite.registry.toml
 
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
diff --git a/.gitignore b/.gitignore
index 3356bec3..be0533f4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,7 +23,7 @@ bin
 *.swo
 *~
 
-test-resources/test-suite.kind-config.yaml
+test-resources/test-suite.registry.toml
 test-resources/test-suite.metallb-pool.yaml
 
 local-dev
diff --git a/Makefile b/Makefile
index a7bd57ee..3f95929a 100644
--- a/Makefile
+++ b/Makefile
@@ -23,8 +23,8 @@ KIND_NETWORK ?= remote-controller
 
 TIMEOUT = 30m
 
-KIND_VERSION = v0.25.0
-KUBECTL_VERSION := v1.31.0
+KIND_VERSION = v0.27.0
+KUBECTL_VERSION := v1.32.3
 HELM_VERSION := v3.16.1
 GOJQ_VERSION = v0.12.16
 KUSTOMIZE_VERSION := v5.4.3
@@ -42,7 +42,7 @@ ARCH := $(shell uname | tr '[:upper:]' '[:lower:]')
 local-dev/kind:
 ifeq ($(KIND_VERSION), $(shell kind version 2>/dev/null | sed -nE 's/kind (v[0-9.]+).*/\1/p'))
 	$(info linking local kind version $(KIND_VERSION))
-	ln -sf $(shell command -v kind) ./local-dev/kind
+	$(eval KIND = $(realpath $(shell command -v kind)))
 else
 ifneq ($(KIND_VERSION), $(shell ./local-dev/kind version 2>/dev/null | sed -nE 's/kind (v[0-9.]+).*/\1/p'))
 	$(info downloading kind version $(KIND_VERSION) for $(ARCH))
@@ -57,10 +57,11 @@ endif
 local-dev/kustomize:
 ifeq ($(KUSTOMIZE_VERSION), $(shell kustomize version 2>/dev/null | sed -nE 's/(v[0-9.]+).*/\1/p'))
 	$(info linking local kustomize version $(KUSTOMIZE_VERSION))
-	ln -sf $(shell command -v kind) ./local-dev/kind
+	$(eval KUSTOMIZE = $(realpath $(shell command -v kustomize)))
 else
 ifneq ($(KUSTOMIZE_VERSION), $(shell ./local-dev/kustomize version 2>/dev/null | sed -nE 's/(v[0-9.]+).*/\1/p'))
 	$(info downloading kustomize version $(KUSTOMIZE_VERSION) for $(ARCH))
+	mkdir -p local-dev
 	rm local-dev/kustomize || true
 	curl -sSL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F$(KUSTOMIZE_VERSION)/kustomize_$(KUSTOMIZE_VERSION)_$(ARCH)_amd64.tar.gz | tar -xzC local-dev
 	chmod a+x local-dev/kustomize
@@ -71,10 +72,11 @@ endif
 local-dev/helm:
 ifeq ($(HELM_VERSION), $(shell helm version --short --client 2>/dev/null | sed -nE 's/(v[0-9.]+).*/\1/p'))
 	$(info linking local helm version $(HELM_VERSION))
-	ln -sf $(shell command -v helm) ./local-dev/helm
+	$(eval HELM = $(realpath $(shell command -v helm)))
 else
 ifneq ($(HELM_VERSION), $(shell ./local-dev/helm version --short --client 2>/dev/null | sed -nE 's/(v[0-9.]+).*/\1/p'))
 	$(info downloading helm version $(HELM_VERSION) for $(ARCH))
+	mkdir -p local-dev
 	rm local-dev/helm || true
 	curl -sSL https://get.helm.sh/helm-$(HELM_VERSION)-$(ARCH)-amd64.tar.gz | tar -xzC local-dev --strip-components=1 $(ARCH)-amd64/helm
 	chmod a+x local-dev/helm
@@ -86,9 +88,11 @@ local-dev/jq:
 ifeq ($(GOJQ_VERSION), $(shell gojq -v 2>/dev/null | sed -nE 's/gojq ([0-9.]+).*/v\1/p'))
 	$(info linking local gojq version $(GOJQ_VERSION))
 	ln -sf $(shell command -v gojq) ./local-dev/jq
+	$(eval JQ = $(realpath $(shell command -v gojq)))
 else
 ifneq ($(GOJQ_VERSION), $(shell ./local-dev/jq -v 2>/dev/null | sed -nE 's/gojq ([0-9.]+).*/v\1/p'))
 	$(info downloading gojq version $(GOJQ_VERSION) for $(ARCH))
+	mkdir -p local-dev
 	rm local-dev/jq || true
 ifeq ($(ARCH), darwin)
 	TMPDIR=$$(mktemp -d) \
@@ -106,12 +110,13 @@ endif
 local-dev/kubectl:
 ifeq ($(KUBECTL_VERSION), $(shell kubectl version --client 2>/dev/null | grep Client | sed -E 's/Client Version: (v[0-9.]+).*/\1/'))
 	$(info linking local kubectl version $(KUBECTL_VERSION))
-	ln -sf $(shell command -v kubectl) ./local-dev/kubectl
+	$(eval KUBECTL = $(realpath $(shell command -v kubectl)))
 else
 ifneq ($(KUBECTL_VERSION), $(shell ./local-dev/kubectl version --client 2>/dev/null | grep Client | sed -E 's/Client Version: (v[0-9.]+).*/\1/'))
 	$(info downloading kubectl version $(KUBECTL_VERSION) for $(ARCH))
+	mkdir -p local-dev
 	rm local-dev/kubectl || true
-	curl -sSLo local-dev/kubectl https://storage.googleapis.com/kubernetes-release/release/$(KUBECTL_VERSION)/bin/$(ARCH)/amd64/kubectl
+	curl -sSLo local-dev/kubectl https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(ARCH)/amd64/kubectl
 	chmod a+x local-dev/kubectl
 endif
 endif
@@ -131,24 +136,6 @@ helm/repos: local-dev/helm
 
 ARCH := $(shell uname | tr '[:upper:]' '[:lower:]')
 
-KIND = $(realpath ./local-dev/kind)
-KIND_VERSION = v0.25.0
-
-.PHONY: local-dev/kind
-local-dev/kind:
-ifeq ($(KIND_VERSION), $(shell kind version 2>/dev/null | sed -nE 's/kind (v[0-9.]+).*/\1/p'))
-	$(info linking local kind version $(KIND_VERSION))
-	ln -sf $(shell command -v kind) ./local-dev/kind
-else
-ifneq ($(KIND_VERSION), $(shell ./local-dev/kind version 2>/dev/null | sed -nE 's/kind (v[0-9.]+).*/\1/p'))
-	$(info downloading kind version $(KIND_VERSION) for $(ARCH))
-	mkdir -p local-dev
-	rm local-dev/kind || true
-	curl -sSLo local-dev/kind https://kind.sigs.k8s.io/dl/$(KIND_VERSION)/kind-$(ARCH)-amd64
-	chmod a+x local-dev/kind
-endif
-endif
-
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
 GOBIN=$(shell go env GOPATH)/bin
@@ -265,7 +252,7 @@ endif
 
 .PHONY: install-metallb
 install-metallb:
-	LAGOON_KIND_CIDR_BLOCK=$$(docker network inspect $(KIND_NETWORK) | $(JQ) '. [0].IPAM.Config[0].Subnet' | tr -d '"') && \
+	LAGOON_KIND_CIDR_BLOCK=$$(docker network inspect $(KIND_NETWORK) | $(JQ) '.[].Containers[].IPv4Address' | tr -d '"') && \
 	export LAGOON_KIND_NETWORK_RANGE=$$(echo $${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $$1,$$2,$$3,240}' OFS='.')/29 && \
 	$(HELM) upgrade \
 		--install \
@@ -374,11 +361,16 @@ install-lagoon-remote: install-registry
 .PHONY: create-kind-cluster
 create-kind-cluster: local-dev/tools helm/repos
 	docker network inspect $(KIND_NETWORK) >/dev/null || docker network create $(KIND_NETWORK) \
-		&& LAGOON_KIND_CIDR_BLOCK=$$(docker network inspect $(KIND_NETWORK) | $(JQ) '. [0].IPAM.Config[0].Subnet' | tr -d '"') \
-		&& export KIND_NODE_IP=$$(echo $${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $$1,$$2,$$3,240}' OFS='.') \
- 		&& envsubst < test-resources/test-suite.kind-config.yaml.tpl > test-resources/test-suite.kind-config.yaml \
 		&& export KIND_EXPERIMENTAL_DOCKER_NETWORK=$(KIND_NETWORK) \
  		&& $(KIND) create cluster --wait=60s --name=$(KIND_CLUSTER) --config=test-resources/test-suite.kind-config.yaml
+	LAGOON_KIND_CIDR_BLOCK=$$(docker network inspect $(KIND_NETWORK) | $(JQ) '.[].Containers[].IPv4Address' | tr -d '"') \
+		&& export KIND_NODE_IP=$$(echo $${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $$1,$$2,$$3,240}' OFS='.') \
+		&& envsubst < test-resources/test-suite.registry.toml.tpl > test-resources/test-suite.registry.toml \
+		&& export REGISTRY_DIR="/etc/containerd/certs.d/registry.$${KIND_NODE_IP}.nip.io" && \
+		for node in $$($(KIND) get nodes --name $(KIND_CLUSTER)); do \
+			docker exec "$$node" mkdir -p "$${REGISTRY_DIR}"; \
+			cat test-resources/test-suite.registry.toml | docker exec -i "$$node" cp /dev/stdin "$${REGISTRY_DIR}/hosts.toml"; \
+		done
 
 # generate-broker-certs will generate a ca, server and client certificate used for the test suite
 .PHONY: generate-broker-certs
diff --git a/test-resources/test-suite.kind-config.yaml b/test-resources/test-suite.kind-config.yaml
new file mode 100644
index 00000000..c2890cc1
--- /dev/null
+++ b/test-resources/test-suite.kind-config.yaml
@@ -0,0 +1,6 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
\ No newline at end of file
diff --git a/test-resources/test-suite.kind-config.yaml.tpl b/test-resources/test-suite.kind-config.yaml.tpl
deleted file mode 100644
index 1141b978..00000000
--- a/test-resources/test-suite.kind-config.yaml.tpl
+++ /dev/null
@@ -1,8 +0,0 @@
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-containerdConfigPatches:
-- |-
-  [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.${KIND_NODE_IP}.nip.io".tls]
-    insecure_skip_verify = true
-  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.${KIND_NODE_IP}.nip.io"]
-    endpoint = ["http://registry.${KIND_NODE_IP}.nip.io"]
\ No newline at end of file
diff --git a/test-resources/test-suite.registry.toml.tpl b/test-resources/test-suite.registry.toml.tpl
new file mode 100644
index 00000000..1cc92752
--- /dev/null
+++ b/test-resources/test-suite.registry.toml.tpl
@@ -0,0 +1,2 @@
+[host."https://registry.${KIND_NODE_IP}.nip.io"]
+	skip_verify = true
\ No newline at end of file