feat(main): add e2e with kamaji case

[Andrey Kolkov (androndo)]

inspired by cozystack use-case with Kamaji DataStore and TenantControlPlane

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cc7165c4-b2cf-4170-8299-4d393a25e765

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Timofei Larkin (lllamnyp)]

The e2e suite here is excellent and exactly the right shape — more on that below. But this branch was cut from an early point on fix/align_to_prev (before that PR's outstanding review fixes), and that creates two ordering problems that need to be resolved before this can be reviewed fairly, plus one change that should be dropped outright.

Blocking

1. Revert the publish.yml change

publish.yml shouldn't be touched in this PR at all. The commit flips its trigger from master to main while the image is still lllamnyp/etcd-operator and the push authenticates with secrets.DOCKER_USERNAME (publish.yml:18,28). Today that workflow is harmlessly dead (the master filter matches nothing); this change arms it to build and push latest to a Docker Hub repo the project no longer owns. The registry/identity cleanup is a separate, tracked concern — please drop the publish.yml edit here and leave it to that follow-up. (The ci.yml and e2e.yml trigger changes are fine to keep — they only run verification, with no outbound side effect.)

2. Rebase onto the updated fix/align_to_prev first

This branch's merge-base is b417c71, but fix/align_to_prev has since advanced (and has one more TLS fix still in flight). Two parts of this diff depend on that newer base and can't be assessed fairly against the stale fork point:

• Plugin TLS tests. The new cmd/kubectl-etcd/helpers_test.go pins the current --trusted-ca-file-only TLS detection (TestFindSecretNameForTLS_NoCAFlag asserts the errNoTrustedCAFile sentinel; TestGetTLSConfig_* cover only plaintext and mTLS, with no server-TLS-only case). That detection is being corrected on the base branch to key on --cert-file and resolve from the tls-client mount, returning a non-nil RootCAs config for server-TLS-only clusters. Once that lands, these assertions are wrong and must be updated — and a server-TLS-only case added. The tests aren't incorrect against the code they ship with today; they just encode behavior the base is about to change.
• Seed IsVoter controller change. Switching the seed's IsVoter stamp from Status().Update to Status().Patch(MergeFrom) is a genuine, correct fix (and nicely covered by TestBootstrap_SeedIsVoterStampSurvivesConcurrentStatusWriter). But controllers/etcdcluster_controller.go and its test are the only files both this PR and the updated base changed since the fork, so this will conflict on rebase and needs a careful manual reconcile.

Please rebase onto the current fix/align_to_prev tip (after its review fixes land), reconcile the controller file, and align the plugin TLS tests with the corrected detection. I'll re-review the e2e work against that base.

Non-blocking

• Scope/commit hygiene. The IsVoter race fix and the manager_auth_proxy image bump (dead gcr.io/kubebuilder → quay.io/brancz) are both legitimate, but they're behavioral/infra changes riding inside a commit titled feat(main): add e2e with kamaji case. Split them into their own commits (or at least call them out in the PR description) so they bisect and review cleanly — the IsVoter fix in particular deserves to stand on its own.
• Repeated literal. kamaji-e2e is duplicated across hack/e2e.sh, the test, and the fixtures (documented as a sync hazard); consider sourcing it from one env var passed into the suite.

What's genuinely good

The Kamaji test proves the full consumer story end to end: an operator-managed full-mTLS EtcdCluster backs a Kamaji DataStore, a TenantControlPlane comes up on it, a ConfigMap written through the tenant API is then found as a key in our etcd (via etcdctl exec). That validates the real contract rather than a proxy for it. hack/e2e.sh is careful too — diagnostics dumped from the EXIT trap before teardown (with a comment on why a post-step can't do it), pinned component versions with rationale, and the Kamaji webhook/datastore chicken-and-egg broken the same way the chart's own pre-install hook does. Build-tag-gated so it stays out of unit runs, and e2e.yml gates all PRs with a docs-only paths-ignore.