From 1aa9c0e684ec4c70495fc74e96e72e5faca2f207 Mon Sep 17 00:00:00 2001
From: Thomas Vitale <ThomasVitale@users.noreply.github.com>
Date: Sun, 19 Mar 2023 09:42:23 +0100
Subject: [PATCH 1/2] Improve config, tests and docs

---
 .github/CODEOWNERS.md                         |   1 +
 .github/ISSUE_TEMPLATE/bug-report.md          |  10 +-
 .github/ISSUE_TEMPLATE/feature-request.md     |   2 +-
 .github/ISSUE_TEMPLATE/other-request.md       |   8 ++
 .github/workflows/release.yml                 |   2 +-
 .github/workflows/test.yml                    |  11 +-
 .gitignore                                    |   6 +
 MAINTAINERS.md                                |   3 +
 Makefile                                      |  37 ++++-
 README.md                                     | 124 ++++++++---------
 SECURITY.md                                   |   5 +
 docs/verify-release.md                        |  37 +++++
 package/config/kapp-config.yml                |   1 +
 package/config/overlays/api-service.yml       |   2 +-
 package/config/overlays/deployment.yml        |   4 +-
 package/config/overlays/namespace.yml         |   2 +-
 .../config/overlays/registry-credentials.yml  |  30 +++++
 package/config/overlays/registry-secrets.yml  |  27 ----
 package/config/overlays/update-strategy.yml   |   2 +-
 package/package-resources.yml                 | 126 +-----------------
 package/vendir.yml                            |   2 +-
 test/integration/default/00-assert.yaml       |  34 +++++
 test/integration/default/00-install.yaml      |   8 ++
 test/integration/default/01-uninstall.yaml    |   8 ++
 test/integration/default/config/overlay.yml   |   9 ++
 test/integration/default/config/values.yml    |   9 ++
 test/integration/kuttl-test.yml               |  12 ++
 test/setup/assets/namespace.yml               |   5 +
 .../prepare.yml => setup/assets/rbac.yml}     |  13 +-
 test/setup/kind/v1.24/kind-config.yml         |   8 ++
 test/setup/kind/v1.25/kind-config.yml         |   8 ++
 test/setup/kind/v1.26/kind-config.yml         |   8 ++
 test/test.sh                                  |  28 ----
 33 files changed, 314 insertions(+), 278 deletions(-)
 create mode 100644 .github/CODEOWNERS.md
 create mode 100644 .github/ISSUE_TEMPLATE/other-request.md
 create mode 100644 MAINTAINERS.md
 create mode 100644 SECURITY.md
 create mode 100644 docs/verify-release.md
 create mode 100644 package/config/overlays/registry-credentials.yml
 delete mode 100644 package/config/overlays/registry-secrets.yml
 create mode 100644 test/integration/default/00-assert.yaml
 create mode 100644 test/integration/default/00-install.yaml
 create mode 100644 test/integration/default/01-uninstall.yaml
 create mode 100644 test/integration/default/config/overlay.yml
 create mode 100644 test/integration/default/config/values.yml
 create mode 100644 test/integration/kuttl-test.yml
 create mode 100644 test/setup/assets/namespace.yml
 rename test/{test-setup/prepare.yml => setup/assets/rbac.yml} (76%)
 create mode 100644 test/setup/kind/v1.24/kind-config.yml
 create mode 100644 test/setup/kind/v1.25/kind-config.yml
 create mode 100644 test/setup/kind/v1.26/kind-config.yml
 delete mode 100755 test/test.sh

diff --git a/.github/CODEOWNERS.md b/.github/CODEOWNERS.md
new file mode 100644
index 0000000..cdf81a7
--- /dev/null
+++ b/.github/CODEOWNERS.md
@@ -0,0 +1 @@
+* @ThomasVitale
\ No newline at end of file
diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
index 25c4f24..596f0bf 100644
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -2,7 +2,7 @@
 name: Bug report
 about: Tell us about a problem you are experiencing
 title: ''
-labels: bug
+labels: bug, triage
 assignees: ''
 
 ---
@@ -19,10 +19,8 @@ assignees: ''
 **Anything else you would like to add:**
 [Additional information that will assist in solving the issue.]
 
-**Additional context:**
-Add any other context about the problem here.
-
 **Environment:**
 
-- Kubernetes version (execute `kubectl version`): 
-- kapp-controller version (execute `kubectl get deployment -n kapp-controller kapp-controller -o yaml` and the annotation is `kbld.k14s.io/images`): 
+* Kubernetes version (execute `kubectl version`):
+* kctrl version (execute `kctrl version`):
+* kapp-controller version (execute `kubectl get deployment -n kapp-controller kapp-controller -o yaml` and the annotation is `kbld.k14s.io/images`):
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
index 87c8ff2..270da4e 100644
--- a/.github/ISSUE_TEMPLATE/feature-request.md
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: enhancement
+labels: enhancement, triage
 assignees: ''
 
 ---
diff --git a/.github/ISSUE_TEMPLATE/other-request.md b/.github/ISSUE_TEMPLATE/other-request.md
new file mode 100644
index 0000000..b5722c0
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/other-request.md
@@ -0,0 +1,8 @@
+---
+name: Other issue or question
+about: Free form issue or question
+title: ''
+labels: triage
+assignees: ''
+
+---
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8cf2922..de6e0b4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,6 +18,6 @@ jobs:
       registry-server: ghcr.io
       registry-username: ${{ github.actor }}
       image: ${{ github.repository }}
-      version: 0.6.2+kadras.1
+      version: 0.6.2+kadras.2
     secrets:
       pull-request-token: ${{ secrets.GH_ORG_PAT }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3e3c1a1..f8cf6f0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,14 +8,15 @@ jobs:
     name: Configuration Tests
     permissions:
       contents: read
-    uses: kadras-io/github-reusable-workflows/.github/workflows/package-test-config.yml@main
-    with:
-      command: make test-config
+    uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-config.yml@main
 
   test-integration:
     name: Integration Tests
+    strategy:
+      matrix:
+        k8s_version: [v1.24, v1.25, v1.26]
     permissions:
       contents: read
-    uses: kadras-io/github-reusable-workflows/.github/workflows/package-test-integration.yml@main
+    uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-integration.yml@main
     with:
-      command: make test-integration
+      k8s_version: ${{ matrix.k8s_version }}
diff --git a/.gitignore b/.gitignore
index a67fc6b..2baf84c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,12 @@
 ### Carvel ###
 carvel-artifacts/
 repo/
+schema-openapi.yml
+
+### KUTTL ###
+test/integration/kubeconfig
+test/integration/kuttl-artifacts
+kubeconfig
 
 # Binaries for programs and plugins
 *.exe
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
new file mode 100644
index 0000000..2249643
--- /dev/null
+++ b/MAINTAINERS.md
@@ -0,0 +1,3 @@
+# Maintainers
+
+* Thomas Vitale | [ThomasVitale](https://github.com/ThomasVitale)
\ No newline at end of file
diff --git a/Makefile b/Makefile
index aa30c55..7804e0b 100644
--- a/Makefile
+++ b/Makefile
@@ -1,12 +1,35 @@
+K8S_VERSION=v1.26
+
+# Build package configuration
+build: package
+	cd package && kctrl package init
+
+# Prepare cluster for development workflow
+prepare: test/setup
+	ytt -f test/setup/assets/namespace.yml | kapp deploy -a ns -f- -y
+	ytt -f test/setup/assets/rbac.yml | kapp deploy -a rbac -f- -y
+	kubectl config set-context --current --namespace=tests
+
+# Inner development loop
+dev: package
+	cd package && kctrl dev -f package-resources.yml --local -y
+
+# Clean development environment
+clean:
+	cd package && kctrl dev -f package-resources.yml --local -y --delete 
+
+# Process the configuration manifests with ytt
+ytt:
+	ytt --file package/config
+
 # Use ytt to generate an OpenAPI specification
 schema:
-	ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > package/config/schema-openapi.yml
+	ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > schema-openapi.yml
 
-# Check the ytt-annotated Kubernetes configuration
+# Check the ytt-annotated Kubernetes configuration and its validation
 test-config:
-	ytt --file package/config
+	ytt -f package/config | kubeconform -ignore-missing-schemas -summary
 
-# Run package tests
-test-integration: test/test.sh
-	chmod +x test/test.sh
-	./test/test.sh
+# Run package integration tests
+test-integration: test/integration
+	kubectl kuttl test --config test/integration/kuttl-test.yml --kind-config test/setup/kind/$(K8S_VERSION)/kind-config.yml
diff --git a/README.md b/README.md
index dfd7005..e88a4e8 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,16 @@
 # Metrics Server
 
-<a href="https://slsa.dev/spec/v0.1/levels"><img src="https://slsa.dev/images/gh-badge-level3.svg" alt="The SLSA Level 3 badge"></a>
+![Test Workflow](https://github.com/kadras-io/package-for-kpack/actions/workflows/test.yml/badge.svg)
+![Release Workflow](https://github.com/kadras-io/package-for-kpack/actions/workflows/release.yml/badge.svg)
+[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v0.1/levels)
+[![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Follow us on Twitter](https://img.shields.io/static/v1?label=Twitter&message=Follow&color=1DA1F2)](https://twitter.com/kadrasIO)
 
-This project provides a [Carvel package](https://carvel.dev/kapp-controller/docs/latest/packaging) for [Metrics Server](https://github.com/kubernetes-sigs/metrics-server), a scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
+A Carvel package for [Metrics Server](https://github.com/kubernetes-sigs/metrics-server), a scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
 
-## Prerequisites
+## 🚀&nbsp; Getting Started
+
+### Prerequisites
 
 * Kubernetes 1.24+
 * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.
@@ -12,60 +18,61 @@ This project provides a [Carvel package](https://carvel.dev/kapp-controller/docs
 
   ```shell
   kapp deploy -a kapp-controller -y \
-    -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml
+    -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml
   ```
 
-## Installation
+### Installation
 
-First, add the [Kadras package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster.
+Add the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster:
 
   ```shell
   kubectl create namespace kadras-packages
-  kctrl package repository add -r kadras-repo \
+  kctrl package repository add -r kadras-packages \
     --url ghcr.io/kadras-io/kadras-packages \
     -n kadras-packages
   ```
 
-Then, install the Metrics Server package.
+<details><summary>Installation without package repository</summary>
+The recommended way of installing the Metrics Server package is via the Kadras <a href="https://github.com/kadras-io/kadras-packages">package repository</a>. If you prefer not using the repository, you can add the package definition directly using <a href="https://carvel.dev/kapp/docs/latest/install"><code>kapp</code></a> or <code>kubectl</code>.
 
   ```shell
-  kctrl package install -i metrics-server \
-    -p metrics-server.packages.kadras.io \
-    -v 0.6.2+kadras.1 \
-    -n kadras-packages
+  kubectl create namespace kadras-packages
+  kapp deploy -a metrics-server-package -n kadras-packages -y \
+    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/metadata.yml \
+    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/package.yml
   ```
+</details>
 
-### Verification
-
-You can verify the list of installed Carvel packages and their status.
+Install the Metrics Server package:
 
   ```shell
-  kctrl package installed list -n kadras-packages
+  kctrl package install -i metrics-server \
+    -p metrics-server.packages.kadras.io \
+    -v ${VERSION} \
+    -n kadras-packages
   ```
 
-### Version
+> **Note**
+> You can find the `${VERSION}` value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.
+> 
+>   ```shell
+>   kctrl package available list -p metrics-server.packages.kadras.io -n kadras-packages
+>   ```
 
-You can get the list of Metrics Server versions available in the Kadras package repository.
+Verify the installed packages and their status:
 
   ```shell
-  kctrl package available list -p metrics-server.packages.kadras.io -n kadras-packages
+  kctrl package installed list -n kadras-packages
   ```
 
-## Configuration
+## 📙&nbsp; Documentation
 
-The Metrics Server package has the following configurable properties.
+Documentation, tutorials and examples for this package are available in the [docs](docs) folder.
+For documentation specific to Metrics Server, check out [github.com/kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server).
 
-| Value | Required/Optional | Description |
-|-------|-------------------|-------------|
-| `metricsServer.createNamespace` | Optional | Whether to create namespace specified for metrics-server. Default value is `true`. |
-| `metricsServer.namespace` | Optional | The namespace value used by older templates, will be overwriten if top level namespace is present, kept for backward compatibility. Default value is `null`. |
-| `metricsServer.config.securePort` | Optional | TThe HTTPS secure port used by metrics-server. Default: `4443`. |
-| `metricsServer.config.updateStrategy` | Optional | TThe update strategy of the metrics-server deployment. Default: `RollingUpdate` |
-| `metricsServer.config.probe.failureThreshold` | Optional | Probe failureThreshold of metrics-server deployment. Default: `3`. |
-| `metricsServer.config.probe.periodSeconds` | Optional | Probe period of metrics-server deployment. Default: `10` . |
-| `metricsServer.config.apiServiceInsecureTLS`| Optional | Whether to enable insecure TLS for metrics-server api service. Default: `True`. |
+## 🎯&nbsp; Configuration
 
-You can define your configuration in a `values.yml` file.
+The Metrics Server package can be customized via a `values.yml` file.
 
   ```yaml
   metricsServer:
@@ -73,55 +80,42 @@ You can define your configuration in a `values.yml` file.
       securePort: 4443
   ```
 
-Then, reference it from the `kctrl` command when installing or upgrading the package.
+Reference the `values.yml` file from the `kctrl` command when installing or upgrading the package.
 
   ```shell
   kctrl package install -i metrics-server \
     -p metrics-server.packages.kadras.io \
-    -v 0.6.2+kadras.1 \
+    -v ${VERSION} \
     -n kadras-packages \
     --values-file values.yml
   ```
 
-## Upgrading
-
-You can upgrade an existing package to a newer version using `kctrl`.
+### Values
 
-  ```shell
-  kctrl package installed update -i metrics-server \
-    -v <new-version> \
-    -n kadras-packages
-  ```
-
-You can also update an existing package with a newer `values.yml` file.
-
-  ```shell
-  kctrl package installed update -i metrics-server \
-    -n kadras-packages \
-    --values-file values.yml
-  ```
-
-## Other
+The Metrics Server package has the following configurable properties.
 
-The recommended way of installing the Metrics Server package is via the [Kadras package repository](https://github.com/kadras-io/kadras-packages). If you prefer not using the repository, you can install the package by creating the necessary Carvel `PackageMetadata` and `Package` resources directly using [`kapp`](https://carvel.dev/kapp/docs/latest/install) or `kubectl`.
+<details><summary>Configurable properties</summary>
 
-  ```shell
-  kubectl create namespace kadras-packages
-  kapp deploy -a metrics-server-package -n kadras-packages -y \
-    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/metadata.yml \
-    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/package.yml
-  ```
+| Value | Required/Optional | Description |
+|-------|-------------------|-------------|
+| `metricsServer.createNamespace` | Optional | Whether to create namespace specified for metrics-server. Default value is `true`. |
+| `metricsServer.namespace` | Optional | The namespace value used by older templates, will be overwriten if top level namespace is present, kept for backward compatibility. Default value is `null`. |
+| `metricsServer.config.securePort` | Optional | TThe HTTPS secure port used by metrics-server. Default: `4443`. |
+| `metricsServer.config.updateStrategy` | Optional | TThe update strategy of the metrics-server deployment. Default: `RollingUpdate` |
+| `metricsServer.config.probe.failureThreshold` | Optional | Probe failureThreshold of metrics-server deployment. Default: `3`. |
+| `metricsServer.config.probe.periodSeconds` | Optional | Probe period of metrics-server deployment. Default: `10` . |
+| `metricsServer.config.apiServiceInsecureTLS`| Optional | Whether to enable insecure TLS for metrics-server api service. Default: `True`. |
 
-## Support and Documentation
+</details>
 
-For support and documentation specific to Metrics Server, check out [https://github.com/kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server).
+## 🛡️&nbsp; Security
 
-## References
+The security process for reporting vulnerabilities is described in [SECURITY.md](SECURITY.md).
 
-This package is based on the original Metrics Server package used in [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) before its retirement.
+## 🖊️&nbsp; License
 
-## Supply Chain Security
+This project is licensed under the **Apache License 2.0**. See [LICENSE](LICENSE) for more information.
 
-This project is compliant with level 3 of the [SLSA Framework](https://slsa.dev).
+## 🙏&nbsp; Acknowledgments
 
-<img src="https://slsa.dev/images/SLSA-Badge-full-level3.svg" alt="The SLSA Level 3 badge" width=200>
+This package is inspired by the original kpack package used in the [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) project before its retirement.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..3ef9d1a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you know of a vulnerability in this project, please reach out to security@kadras.io and we will get back to you as soon as possible.
diff --git a/docs/verify-release.md b/docs/verify-release.md
new file mode 100644
index 0000000..fb325ee
--- /dev/null
+++ b/docs/verify-release.md
@@ -0,0 +1,37 @@
+# Verifying the Tekton Pipelines Package Release
+
+This package is published as an OCI artifact, signed with Sigstore [Cosign](https://docs.sigstore.dev/cosign/overview), and associated with a [SLSA Provenance](https://slsa.dev/provenance) attestation.
+
+Using `cosign`, you can display the supply chain security related artifacts for the `ghcr.io/kadras-io/package-for-metrics-server` images. Use the specific digest you'd like to verify.
+
+```shell
+cosign tree ghcr.io/kadras-io/package-for-metrics-server
+```
+
+The result:
+
+```shell
+📦 Supply Chain Security Related artifacts for an image: ghcr.io/kadras-io/package-for-metrics-server
+└── 💾 Attestations for an image tag: ghcr.io/kadras-io/package-for-metrics-server:sha256-57a109b45ad86ffd9f47f3626800fed777f94ba4fbb5eb1ca1a9a4286f66c9ed.att
+   └── 🍒 sha256:55cbf5575b996f11aa5d5ead0eb862b9818fff38b96d8bfe1618df393c377d89
+└── 🔐 Signatures for an image tag: ghcr.io/kadras-io/package-for-metrics-server:sha256-57a109b45ad86ffd9f47f3626800fed777f94ba4fbb5eb1ca1a9a4286f66c9ed.sig
+   └── 🍒 sha256:7a74656a666a70f6e79274cec2aad64fdfc7af13e255fe85f50dadbebb688529
+```
+
+You can verify the signature and its claims:
+
+```shell
+cosign verify \
+   --certificate-identity-regexp https://github.com/kadras-io \
+   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+   ghcr.io/kadras-io/package-for-metrics-server | jq
+```
+
+You can also verify the SLSA Provenance attestation associated with the image.
+
+```shell
+cosign verify-attestation --type slsaprovenance \
+   --certificate-identity-regexp https://github.com/slsa-framework \
+   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+   ghcr.io/kadras-io/package-for-metrics-server | jq .payload -r | base64 --decode | jq
+```
diff --git a/package/config/kapp-config.yml b/package/config/kapp-config.yml
index df6b0cc..cfadb61 100644
--- a/package/config/kapp-config.yml
+++ b/package/config/kapp-config.yml
@@ -6,6 +6,7 @@ minimumRequiredVersion: 0.50.0
 #! Rebase rules explicitly define how kapp should merge resources during an update.
 #! See more about the resource merge method: https://carvel.dev/kapp/docs/latest/merge-method.
 rebaseRules:
+
   - path: [spec, caBundle]
     type: remove
     resourceMatchers:
diff --git a/package/config/overlays/api-service.yml b/package/config/overlays/api-service.yml
index 503137b..45da651 100644
--- a/package/config/overlays/api-service.yml
+++ b/package/config/overlays/api-service.yml
@@ -1,7 +1,7 @@
 #@ load("@ytt:data", "data")
 #@ load("@ytt:overlay", "overlay")
 
-#@overlay/match by=overlay.subset({"kind": "APIService"})
+#@overlay/match by=overlay.subset({"kind":"APIService"})
 ---
 spec:
   insecureSkipTLSVerify: #@ data.values.metricsServer.config.apiServiceInsecureTLS
diff --git a/package/config/overlays/deployment.yml b/package/config/overlays/deployment.yml
index b516846..e627e5c 100644
--- a/package/config/overlays/deployment.yml
+++ b/package/config/overlays/deployment.yml
@@ -1,7 +1,7 @@
 #@ load("@ytt:data", "data")
-#@ load("@ytt:yaml", "yaml")
 #@ load("@ytt:overlay", "overlay")
 #@ load("@ytt:template", "template")
+#@ load("@ytt:yaml", "yaml")
 
 #@ def is_toleration_specified(toleration):
 #@   return toleration in yaml.decode(yaml.encode(data.values.metricsServer.config.tolerations))
@@ -14,7 +14,7 @@
 #@   default_tolerations += [{"effect":"NoSchedule", "key":"node-role.kubernetes.io/control-plane"}]
 #@ end
 
-#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "metrics-server"}})
+#@overlay/match by=overlay.subset({"kind":"Deployment", "metadata":{"name":"metrics-server"}})
 ---
 spec:
   #@overlay/match-child-defaults missing_ok=True
diff --git a/package/config/overlays/namespace.yml b/package/config/overlays/namespace.yml
index 9593ea3..a7a0748 100644
--- a/package/config/overlays/namespace.yml
+++ b/package/config/overlays/namespace.yml
@@ -1,5 +1,5 @@
-#@ load("@ytt:overlay", "overlay")
 #@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
 #@ load("@ytt:yaml", "yaml")
 
 #@ metricsServerNamespace = ""
diff --git a/package/config/overlays/registry-credentials.yml b/package/config/overlays/registry-credentials.yml
new file mode 100644
index 0000000..be24b36
--- /dev/null
+++ b/package/config/overlays/registry-credentials.yml
@@ -0,0 +1,30 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#! This Secret will be populated by secretgen-controller with the credentials to authenticate
+#! with the container registry from where to pull the images to deploy (if authentication is required).
+#! Such credentials should grant read-only access to the private container registry.
+#! Use cases: private registries or air-gapped scenarios.
+
+#@ image_pull_secret_name = "canonical-registry-credentials"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: #@ image_pull_secret_name
+  namespace: #@ data.values.namespace
+  annotations:
+    secretgen.carvel.dev/image-pull-secret: ""
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30K
+
+#@overlay/match by=overlay.subset({"kind":"Deployment"}), expects="1+"
+---
+spec:
+  template:
+    spec:
+      #@overlay/match missing_ok=True
+      imagePullSecrets:
+        - name: #@ image_pull_secret_name
diff --git a/package/config/overlays/registry-secrets.yml b/package/config/overlays/registry-secrets.yml
deleted file mode 100644
index 6c06fe5..0000000
--- a/package/config/overlays/registry-secrets.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ load("@ytt:overlay", "overlay")
-
-#@ secret_name = "private-registry-secret"
-
-#! This Secret will be populated by secretgen-controller with the credentials
-#! to authenticate with the container registry (if authentication is required).
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: #@ secret_name
-  namespace: #@ data.values.namespace
-  annotations:
-    secretgen.carvel.dev/image-pull-secret: ""
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: e30K
-
-#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"namespace":data.values.namespace}}),expects="1+"
----
-spec:
-  template:
-    spec:
-      #@overlay/match missing_ok=True
-      imagePullSecrets:
-        - name: #@ secret_name
diff --git a/package/config/overlays/update-strategy.yml b/package/config/overlays/update-strategy.yml
index f8ddfad..9a4e045 100644
--- a/package/config/overlays/update-strategy.yml
+++ b/package/config/overlays/update-strategy.yml
@@ -1,5 +1,5 @@
-#@ load("@ytt:overlay", "overlay")
 #@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
 
 #! We are adding this overlay in the package to accomandate the need from vSphere supervisor cluster:
 #! `deployment.spec.strategy.type` is configured to `RollingUpdate`
diff --git a/package/package-resources.yml b/package/package-resources.yml
index 7ace888..2c92dbf 100755
--- a/package/package-resources.yml
+++ b/package/package-resources.yml
@@ -7,7 +7,7 @@ spec:
   licenses:
   - Apache 2.0
   refName: metrics-server.packages.kadras.io
-  releaseNotes: https://github.com/kubernetes-sigs/metrics-server/releases
+  releaseNotes: https://github.com/kadras-io/package-for-metrics-server/releases
   releasedAt: null
   template:
     spec:
@@ -21,127 +21,7 @@ spec:
           - config
       - kbld: {}
   valuesSchema:
-    openAPIv3:
-      additionalProperties: false
-      description: OpenAPIv3 Schema for metrics-server
-      properties:
-        daemonset:
-          additionalProperties: false
-          properties:
-            updateStrategy:
-              default: null
-              description: Update strategy of daemonsets
-              nullable: true
-              type: string
-          type: object
-        deployment:
-          additionalProperties: false
-          properties:
-            rollingUpdate:
-              additionalProperties: false
-              properties:
-                maxSurge:
-                  default: null
-                  description: The maxSurge of rollingUpdate. Applied only if RollingUpdate
-                    is used as updateStrategy
-                  nullable: true
-                  type: integer
-                maxUnavailable:
-                  default: null
-                  description: The maxUnavailable of rollingUpdate. Applied only if
-                    RollingUpdate is used as updateStrategy
-                  nullable: true
-                  type: integer
-              type: object
-            updateStrategy:
-              default: null
-              description: Update strategy of deployments
-              nullable: true
-              type: string
-          type: object
-        metricsServer:
-          additionalProperties: false
-          properties:
-            config:
-              additionalProperties: false
-              properties:
-                apiServiceInsecureTLS:
-                  default: true
-                  description: Whether to enable insecure TLS for metrics-server api
-                    service
-                  type: boolean
-                args:
-                  default: []
-                  description: Arguments passed into metrics-server container
-                  items:
-                    default: ""
-                    type: string
-                  type: array
-                probe:
-                  additionalProperties: false
-                  properties:
-                    failureThreshold:
-                      default: 3
-                      description: Probe failureThreshold of metrics-server deployment
-                      type: integer
-                    periodSeconds:
-                      default: 10
-                      description: Probe period of metrics-server deployment
-                      type: integer
-                  type: object
-                securePort:
-                  default: 4443
-                  description: The HTTPS secure port used by metrics-server
-                  type: integer
-                tolerations:
-                  default: []
-                  description: Metrics-server deployment tolerations
-                  nullable: true
-                updateStrategy:
-                  default: RollingUpdate
-                  description: The update strategy of the metrics-server deployment
-                  type: string
-              type: object
-            createNamespace:
-              default: true
-              description: Whether to create namespace specified for metrics-server
-              type: boolean
-            image:
-              additionalProperties: false
-              properties:
-                name:
-                  default: ""
-                  description: The path of image
-                  type: string
-                pullPolicy:
-                  default: IfNotPresent
-                  description: The pull policy of image
-                  type: string
-                repository:
-                  default: ""
-                  description: The repository of metrics-server image
-                  type: string
-                tag:
-                  default: ""
-                  description: The image tag
-                  type: string
-              type: object
-            namespace:
-              default: null
-              description: The namespace value used by older templates, will be overwriten
-                if top level namespace is present, kept for backward compatibility
-              nullable: true
-              type: string
-          type: object
-        namespace:
-          default: kube-system
-          description: The namespace in which metrics-server is deployed
-          type: string
-        nodeSelector:
-          default: null
-          description: NodeSelector configuration applied to all the deployments
-          nullable: true
-      type: object
+    openAPIv3: {}
   version: 0.0.0
 
 ---
@@ -163,6 +43,8 @@ spec:
   providerName: Kadras
   shortDescription: Scalable and efficient source of container resource metrics for
     Kubernetes built-in autoscaling pipelines.
+  supportDescription: Go to https://kadras.io for documentation and https://github.com/kadras-io/package-for-metrics-server
+    for community support.
 
 ---
 apiVersion: packaging.carvel.dev/v1alpha1
diff --git a/package/vendir.yml b/package/vendir.yml
index 4600def..460802e 100644
--- a/package/vendir.yml
+++ b/package/vendir.yml
@@ -10,4 +10,4 @@ directories:
     path: .
   path: config/upstream
 kind: Config
-minimumRequiredVersion: ""
+minimumRequiredVersion: 0.32.0
diff --git a/test/integration/default/00-assert.yaml b/test/integration/default/00-assert.yaml
new file mode 100644
index 0000000..f701275
--- /dev/null
+++ b/test/integration/default/00-assert.yaml
@@ -0,0 +1,34 @@
+# Controller
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+spec:
+  replicas: 1
+status:
+  readyReplicas: 1 
+
+# Image Pull Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: canonical-registry-credentials
+  namespace: kube-system
+  annotations:
+    secretgen.carvel.dev/image-pull-secret: ""
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30K
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: kube-system
+spec:
+  template:
+    spec:
+      imagePullSecrets:
+        - name: canonical-registry-credentials
diff --git a/test/integration/default/00-install.yaml b/test/integration/default/00-install.yaml
new file mode 100644
index 0000000..8bef8e2
--- /dev/null
+++ b/test/integration/default/00-install.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: |
+      cd ../../../package && \
+      kubectl config set-context --current --namespace=tests && \
+      ytt -f ../test/integration/default/config -f package-resources.yml | kctrl dev -f- --local -y
diff --git a/test/integration/default/01-uninstall.yaml b/test/integration/default/01-uninstall.yaml
new file mode 100644
index 0000000..5a2e489
--- /dev/null
+++ b/test/integration/default/01-uninstall.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: |
+      cd ../../../package && \
+      kubectl config set-context --current --namespace=tests && \
+      ytt -f ../test/integration/default/config -f package-resources.yml | kctrl dev -f- --local --delete -y
diff --git a/test/integration/default/config/overlay.yml b/test/integration/default/config/overlay.yml
new file mode 100644
index 0000000..e86a5bb
--- /dev/null
+++ b/test/integration/default/config/overlay.yml
@@ -0,0 +1,9 @@
+#@ load("@ytt:overlay", "overlay")
+
+#@overlay/match by=overlay.subset({"metadata":{"name":"metrics-server"}, "kind":"PackageInstall"})
+---
+spec:
+  #@overlay/match missing_ok=True
+  values:
+    - secretRef:
+        name: metrics-server-values
diff --git a/test/integration/default/config/values.yml b/test/integration/default/config/values.yml
new file mode 100644
index 0000000..dd9e367
--- /dev/null
+++ b/test/integration/default/config/values.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: metrics-server-values
+  namespace: tests
+stringData:
+  values.yaml: |
+    # Default configuration
diff --git a/test/integration/kuttl-test.yml b/test/integration/kuttl-test.yml
new file mode 100644
index 0000000..d73b697
--- /dev/null
+++ b/test/integration/kuttl-test.yml
@@ -0,0 +1,12 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestSuite
+testDirs:
+- ./test/integration
+manifestDirs:
+- ./test/setup/assets
+parallel: 1
+startKIND: true
+kindContext: integration
+kindNodeCache: true
+timeout: 30
+artifactsDir: /tmp/kuttl-artifacts
diff --git a/test/setup/assets/namespace.yml b/test/setup/assets/namespace.yml
new file mode 100644
index 0000000..e903508
--- /dev/null
+++ b/test/setup/assets/namespace.yml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tests
diff --git a/test/test-setup/prepare.yml b/test/setup/assets/rbac.yml
similarity index 76%
rename from test/test-setup/prepare.yml
rename to test/setup/assets/rbac.yml
index 0671981..fa90104 100644
--- a/test/test-setup/prepare.yml
+++ b/test/setup/assets/rbac.yml
@@ -1,22 +1,16 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: carvel-test
-
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: kadras-install-sa
-  namespace: carvel-test
+  namespace: tests
 
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: kadras-install-role
-  namespace: carvel-test
+  namespace: tests
 rules:
   - apiGroups:
       - '*'
@@ -30,11 +24,10 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: kadras-install-role-binding
-  namespace: carvel-test
 subjects:
 - kind: ServiceAccount
   name: kadras-install-sa
-  namespace: carvel-test
+  namespace: tests
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
diff --git a/test/setup/kind/v1.24/kind-config.yml b/test/setup/kind/v1.24/kind-config.yml
new file mode 100644
index 0000000..c8b4d22
--- /dev/null
+++ b/test/setup/kind/v1.24/kind-config.yml
@@ -0,0 +1,8 @@
+---
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: kindest/node:v1.24.7
+- role: worker
+  image: kindest/node:v1.24.7
diff --git a/test/setup/kind/v1.25/kind-config.yml b/test/setup/kind/v1.25/kind-config.yml
new file mode 100644
index 0000000..030c05e
--- /dev/null
+++ b/test/setup/kind/v1.25/kind-config.yml
@@ -0,0 +1,8 @@
+---
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: kindest/node:v1.25.3
+- role: worker
+  image: kindest/node:v1.25.3
diff --git a/test/setup/kind/v1.26/kind-config.yml b/test/setup/kind/v1.26/kind-config.yml
new file mode 100644
index 0000000..0774507
--- /dev/null
+++ b/test/setup/kind/v1.26/kind-config.yml
@@ -0,0 +1,8 @@
+---
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: kindest/node:v1.26.2
+- role: worker
+  image: kindest/node:v1.26.2
diff --git a/test/test.sh b/test/test.sh
deleted file mode 100755
index 05c0a4d..0000000
--- a/test/test.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-
-echo -e "\n🚢 Setting up Kubernetes cluster...\n"
-
-kapp deploy -a test-setup -f test/test-setup -y
-kubectl config set-context --current --namespace=carvel-test
-
-# Wait for the generation of a token for the new Service Account
-while [ $(kubectl get configmap --no-headers | wc -l) -eq 0 ] ; do
-  sleep 3
-done
-
-echo -e "📦 Deploying Carvel package...\n"
-
-cd package
-kctrl dev -f package-resources.yml --local  -y
-cd ..
-
-echo -e "🎮 Verifying package..."
-
-status=$(kapp inspect -a metrics-server.app --status --json | jq '.Lines[1]' -)
-if [[ '"Succeeded"' == ${status} ]]; then
-    echo -e "✅ The package has been installed successfully.\n"
-    exit 0
-else
-    echo -e "🚫 Something wrong happened during the installation of the package.\n"
-    exit 1
-fi

From e3e10adc94d83501298d67042deaacc0db039b5b Mon Sep 17 00:00:00 2001
From: Thomas Vitale <ThomasVitale@users.noreply.github.com>
Date: Sun, 19 Mar 2023 09:46:08 +0100
Subject: [PATCH 2/2] Update test setup

---
 test/integration/kuttl-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/integration/kuttl-test.yml b/test/integration/kuttl-test.yml
index d73b697..3bd3aa5 100644
--- a/test/integration/kuttl-test.yml
+++ b/test/integration/kuttl-test.yml
@@ -8,5 +8,5 @@ parallel: 1
 startKIND: true
 kindContext: integration
 kindNodeCache: true
-timeout: 30
+timeout: 120
 artifactsDir: /tmp/kuttl-artifacts