Skip to content

Add local environment support#2364

Open
delthas wants to merge 9 commits intodevelopment/2.14from
improvement/ZENKO-5243/local-env-support
Open

Add local environment support#2364
delthas wants to merge 9 commits intodevelopment/2.14from
improvement/ZENKO-5243/local-env-support

Conversation

@delthas
Copy link
Contributor

@delthas delthas commented Mar 25, 2026

Summary

The end-to-end scripts were designed to run in GitHub Codespaces (Docker-in-Docker).
Running them locally with rootless podman on Linux exposed several issues. This PR
fixes them so the full Zenko stack can be deployed and tested on a local machine.

DNS timeouts from podman search domains

Podman injects search dns.podman into kind node resolv.conf. CoreDNS can't resolve
this domain, adding an 8-second timeout to every DNS lookup. This killed pods that
rely on fast DNS during init (e.g. ZooKeeper exceeded its liveness probe). Fixed by
adding a config.yaml for kind with networking: { dnsSearch: [] }, which strips
all search clauses.

curl hangs to localhost

get_token() in common.sh hardcoded https://localhost. Two issues: curl resolves
localhost to ::1 (IPv6) first but kind only binds on IPv4, and the scheme was
hardcoded to https but keycloak ingress uses http when ENABLE_KEYCLOAK_HTTPS=false.
Fixed with a scheme variable and 127.0.0.1.

CoreDNS can't resolve host DNS

In podman environments, the host DNS server address differs from Docker's default
(172.17.0.1). Added HOST_DNS override support in patch-coredns.sh so it
reads the nameserver from /etc/resolv.conf when running outside Docker.

Other changes

  • Auto-detect rootless podman and configure kind with a delegated systemd scope
  • Override VOLUME_ROOT for local development (no /mnt in local environments)
  • Remove unused local registry setup from bootstrap-kind.sh
  • Allow using a local zenko-operator checkout instead of always fetching from GitHub
  • Make /etc/hosts entries idempotent (check before appending)
  • Add documentation for required /etc/hosts pre-setup

Issue: ZENKO-5243

delthas added 3 commits March 25, 2026 17:24
@delthas
bootstrap-kind: auto-detect rootless podman and use delegated systemd…
118cf97 
… scope

When running kind with rootless podman from a graphical terminal,
cgroup controllers may not be delegated to the process's cgroup.
Detect this and automatically wrap kind create in a systemd scope
with Delegate=yes.
@delthas
configure-e2e-ctst: check /etc/hosts before appending entries
626db4e 
Avoid adding duplicate entries to /etc/hosts on re-runs by checking
if each zenko.local hostname already exists before appending.
@delthas
bootstrap-kind: remove unused local registry setup
2e550ae 
The kind local registry was only partially implemented (missing
containerd certs.d configuration on nodes) and was never used by
any script. All images are loaded via kind load docker-image.
Removing it also fixes a podman networking incompatibility.
@bert-e
Copy link
Contributor

bert-e commented Mar 25, 2026

Hello delthas,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options
name description privileged authored
/after_pull_request Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval Bypass the pull request author's approval
/bypass_build_status Bypass the build and test status
/bypass_commit_size Bypass the check on the size of the changeset TBA
/bypass_incompatible_branch Bypass the check on the source branch prefix
/bypass_jira_check Bypass the Jira issue check
/bypass_peer_approval Bypass the pull request peers' approval
/bypass_leader_approval Bypass the pull request leaders' approval
/approve Instruct Bert-E that the author has approved the pull request. ✍️
/create_pull_requests Allow the creation of integration pull requests.
/create_integration_branches Allow the creation of integration branches.
/no_octopus Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity Change review acceptance criteria from one reviewer at least to all reviewers
/wait Instruct Bert-E not to run until further notice.
Available commands
name description privileged
/help Print Bert-E's manual in the pull request.
/status Print Bert-E's current status in the pull request TBA
/clear Remove all comments from Bert-E from the history TBA
/retry Re-start a fresh build TBA
/build Re-start a fresh build TBA
/force_reset Delete integration branches & pull requests, and restart merge process from the beginning.
/reset Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

@bert-e
Copy link
Contributor

bert-e commented Mar 25, 2026

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • 2 peers

delthas added 5 commits March 26, 2026 08:57
@delthas
deploy-zkop: use local zenko-operator checkout if available
4da0e17 
When ../zenko-operator exists, symlink it instead of cloning from
GitHub. This avoids creating a nested git repo and allows using a
local working copy for development. Also clean up the operator
image after loading it into kind.
@delthas
setup: override VOLUME_ROOT for local development
b54753b 
Use $PWD/artifacts instead of /artifacts for kind volume mounts
so the setup works outside CI where /artifacts does not exist.
@delthas
patch-coredns: support HOST_DNS override for Podman environments
74169de 
Podman's aardvark-dns (used as the default DNS inside KinD nodes)
fails to forward external DNS queries reliably. CoreDNS forwards
to /etc/resolv.conf which points to aardvark-dns, causing SERVFAIL
for external domains like ghcr.io.

When HOST_DNS is set, patch-coredns.sh uses it as the CoreDNS
forward target instead of /etc/resolv.conf. The devcontainer
setup.sh detects the host nameserver and exports HOST_DNS.
@delthas
common: use scheme variable and 127.0.0.1 for get_token
e3ff3c6 
Use a scheme variable based on ENABLE_KEYCLOAK_HTTPS instead of
hardcoding https. Use 127.0.0.1 instead of localhost to avoid
curl resolving to IPv6 ::1, which kind does not bind on.
@delthas
docs: add /etc/hosts pre-setup for local environments
cda6af6
@delthas delthas force-pushed the improvement/ZENKO-5243/local-env-support branch from 88f103a to 72adb60 Compare March 26, 2026 07:57
@delthas
bootstrap-kind: clear DNS search domains in kind config
ba8d018 
Podman injects "dns.podman" into node resolv.conf, which leaks
into pod DNS config. CoreDNS cannot resolve this domain, causing
8s timeouts per lookup and killing pods that rely on fast DNS
during init (e.g. zookeeper).
@delthas delthas force-pushed the improvement/ZENKO-5243/local-env-support branch from 72adb60 to ba8d018 Compare March 27, 2026 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@delthas @bert-e