test: harden kubernetes v2 e2e harness

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

e2e/Makefile

@@ -2,29 +2,55 @@ MAKEFLAGS   += --warn-undefined-variables
 SHELL       := /usr/bin/env bash
 .SHELLFLAGS := -euo pipefail -c
 
-KIND_IMG       = "kindest/node:v1.33.4@sha256:25a6018e48dfcaee478f4a59af81157a437f15e6e140bf103f85a2e7cd0cbbf2"
+KIND_IMG ?= kindest/node:v1.33.4@sha256:25a6018e48dfcaee478f4a59af81157a437f15e6e140bf103f85a2e7cd0cbbf2
+KIND_CLUSTER_NAME ?= external-secrets
+KIND_CONTEXT ?= kind-$(KIND_CLUSTER_NAME)
 DOCKER_BUILD_ARGS     ?=
 
 export E2E_IMAGE_NAME ?= ghcr.io/external-secrets/external-secrets-e2e
 export GINKGO_LABELS ?= !managed && !v2
 export V2_GINKGO_LABELS ?= v2
 export TEST_SUITES ?= provider generator flux argocd
+export GOCACHE ?= $(CURDIR)/.cache/go-build
+export GOMODCACHE ?= $(CURDIR)/.cache/go-mod
 
 export OCI_IMAGE_NAME = ghcr.io/external-secrets/external-secrets
 export IMAGE_NAME ?= $(OCI_IMAGE_NAME)
 
+ifeq ($(shell git tag),)
+export VERSION ?= $(shell echo "v0.0.0-$$(git rev-list HEAD --count)-g$$(git describe --dirty --always)" | sed 's/-/./2' | sed 's/-/./2')
+else
+export VERSION ?= $(shell git describe --dirty --always --tags --exclude 'helm*' | sed 's/-/./2' | sed 's/-/./2')
+endif
+
 start-kind: ## Start kind cluster
-	kind create cluster \
-	  --name external-secrets \
-	  --config kind.yaml \
-	  --retain \
-	  --image "$(KIND_IMG)"
+	@if kind get clusters | grep -qx "$(KIND_CLUSTER_NAME)"; then \
+		kind export kubeconfig --name "$(KIND_CLUSTER_NAME)"; \
+		if kubectl --context "$(KIND_CONTEXT)" --request-timeout=5s get --raw=/readyz >/dev/null 2>&1; then \
+			echo "kind cluster $(KIND_CLUSTER_NAME) is ready"; \
+		else \
+			echo "kind cluster $(KIND_CLUSTER_NAME) exists but is unhealthy, recreating"; \
+			kind delete cluster --name "$(KIND_CLUSTER_NAME)"; \
+			kind create cluster \
+			  --name "$(KIND_CLUSTER_NAME)" \
+			  --config kind.yaml \
+			  --retain \
+			  --image "$(KIND_IMG)"; \
+		fi; \
+	else \
+		kind create cluster \
+		  --name "$(KIND_CLUSTER_NAME)" \
+		  --config kind.yaml \
+		  --retain \
+		  --image "$(KIND_IMG)"; \
+	fi
+	kind export kubeconfig --name "$(KIND_CLUSTER_NAME)"
 
 stop-kind: ## Stop kind cluster
 	kind delete cluster \
-		--name external-secrets \
+		--name "$(KIND_CLUSTER_NAME)" \
 
-test: e2e-image ## Run e2e tests against current kube context
+test: start-kind e2e-image ## Run e2e tests against current kube context
 	$(MAKE) -C ../ docker.build \
 		IMAGE_NAME=$(IMAGE_NAME) \
 		VERSION=$(VERSION) \
@@ -35,12 +61,12 @@ test: e2e-image ## Run e2e tests against current kube context
 		VERSION=$(VERSION) \
 		ARCH=amd64 \
 		DOCKER_BUILD_ARGS="${DOCKER_BUILD_ARGS} --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux"
-	kind load docker-image --name="external-secrets" $(IMAGE_NAME):$(VERSION)
-	kind load docker-image --name="external-secrets" $(OCI_IMAGE_NAME):$(VERSION)
-	kind load docker-image --name="external-secrets" $(E2E_IMAGE_NAME):$(VERSION)
-	./run.sh
+	kind load docker-image --name="$(KIND_CLUSTER_NAME)" $(IMAGE_NAME):$(VERSION)
+	kind load docker-image --name="$(KIND_CLUSTER_NAME)" $(OCI_IMAGE_NAME):$(VERSION)
+	kind load docker-image --name="$(KIND_CLUSTER_NAME)" $(E2E_IMAGE_NAME):$(VERSION)
+	KUBECTL_CONTEXT="$(KIND_CONTEXT)" ./run.sh
 
-test.v2: e2e-image ## Run v2 e2e tests against current kube context
+test.v2: start-kind e2e-image ## Run v2 e2e tests against current kube context
 	$(MAKE) -C ../ docker.build.controller.e2e \
 		IMAGE_NAME=$(IMAGE_NAME) \
 		VERSION=$(VERSION) \
@@ -55,11 +81,11 @@ test.v2: e2e-image ## Run v2 e2e tests against current kube context
 		VERSION=$(VERSION) \
 		ARCH=amd64 \
 		DOCKER_BUILD_ARGS="${DOCKER_BUILD_ARGS} --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux"
-	kind load docker-image --name="external-secrets" $(IMAGE_NAME):$(VERSION)
-	kind load docker-image --name="external-secrets" $(OCI_IMAGE_NAME):$(VERSION)
-	kind load docker-image --name="external-secrets" $(E2E_IMAGE_NAME):$(VERSION)
-	kind load docker-image --name="external-secrets" ghcr.io/external-secrets/provider-kubernetes:$(VERSION)
-	GINKGO_LABELS="$(V2_GINKGO_LABELS)" E2E_PROVIDER_MODE="v2" TEST_SUITES="provider" ./run.sh
+	kind load docker-image --name="$(KIND_CLUSTER_NAME)" $(IMAGE_NAME):$(VERSION)
+	kind load docker-image --name="$(KIND_CLUSTER_NAME)" $(OCI_IMAGE_NAME):$(VERSION)
+	kind load docker-image --name="$(KIND_CLUSTER_NAME)" $(E2E_IMAGE_NAME):$(VERSION)
+	kind load docker-image --name="$(KIND_CLUSTER_NAME)" ghcr.io/external-secrets/provider-kubernetes:$(VERSION)
+	KUBECTL_CONTEXT="$(KIND_CONTEXT)" GINKGO_LABELS="$(V2_GINKGO_LABELS)" E2E_PROVIDER_MODE="v2" TEST_SUITES="provider" ./run.sh
 
 test.managed: e2e-image ## Run e2e tests against current kube context
 	$(MAKE) -C ../ docker.build \

e2e/run.sh

@@ -23,29 +23,44 @@ fi
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $DIR
 
+KUBECTL_CONTEXT="${KUBECTL_CONTEXT:-kind-external-secrets}"
+if kubectl config get-contexts "${KUBECTL_CONTEXT}" >/dev/null 2>&1; then
+  KUBECTL=(kubectl --context "${KUBECTL_CONTEXT}")
+else
+  echo "warning: kubectl context ${KUBECTL_CONTEXT} not found, using current context"
+  KUBECTL=(kubectl)
+fi
+
+go_clean_best_effort() {
+  local target="$1"
+  if ! go clean "${target}"; then
+    echo "warning: unable to clean ${target}; continuing"
+  fi
+}
+
 echo "Kubernetes cluster:"
-kubectl get nodes -o wide
+"${KUBECTL[@]}" get nodes -o wide
 
 echo -e "Granting permissions to e2e service account..."
-kubectl create serviceaccount external-secrets-e2e || true
-kubectl create clusterrolebinding permissive-binding \
+"${KUBECTL[@]}" create serviceaccount external-secrets-e2e || true
+"${KUBECTL[@]}" create clusterrolebinding permissive-binding \
   --clusterrole=cluster-admin \
   --user=admin \
   --user=kubelet \
   --serviceaccount=default:external-secrets-e2e || true
 
 echo -e "Granting anonymous access to service account issuer discovery"
-kubectl create clusterrolebinding service-account-issuer-discovery-binding \
+"${KUBECTL[@]}" create clusterrolebinding service-account-issuer-discovery-binding \
   --clusterrole=system:service-account-issuer-discovery \
   --group=system:unauthenticated || true
 
 echo -e "Cleaning cache before running tests"
 docker system prune --force
-go clean -cache
-go clean -modcache
+go_clean_best_effort -cache
+go_clean_best_effort -modcache
 
 echo -e "Starting the e2e test pod ${E2E_IMAGE_NAME}:${VERSION}"
-kubectl run --rm \
+"${KUBECTL[@]}" run --rm \
   --attach \
   --restart=Never \
   --pod-running-timeout=5m \