Fix secret tokens and DNS translation (#200 )

* Include init containers in token translation Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix kubernetes.defaul service DNS translation Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add skip test var to dapper Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add kubelet version and image pull policy to the shared agent Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> --------- Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
removed antiaffinity (#199 )
2026-03-03 02:00:38 +00:00 · 2025-01-23 01:55:05 +02:00 · 2025-01-22 18:34:30 +01:00 · 2025-01-22 15:18:10 +01:00 · 2025-01-21 21:19:44 +01:00 · 2025-01-21 17:53:42 +01:00
37 changed files with 2726 additions and 222 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -63,7 +63,7 @@ jobs:
    - name: Check release tag
      id: release-tag
      run: |
-        CURRENT_TAG=$(git describe --tag --always)
+        CURRENT_TAG=$(git describe --tag --always --match="v[0-9]*")

        if git show-ref --tags ${CURRENT_TAG} --quiet; then
          echo "tag ${CURRENT_TAG} already exists";
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -9,6 +9,23 @@ permissions:
    contents: read

 jobs:
+  lint:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - uses: actions/setup-go@v5
+      with:
+        go-version-file: go.mod
+
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v6
+      with:
+        args: --timeout=5m
+        version: v1.60
+
  tests:
    runs-on: ubuntu-latest

@@ -23,19 +40,62 @@ jobs:
    - name: Check go modules
      run: |
        go mod tidy
+
+        git --no-pager diff go.mod go.sum
        test -z "$(git status --porcelain)"

    - name: Install tools
      run: |
        go install github.com/onsi/ginkgo/v2/ginkgo
-
-        # With Golang 1.22 we need to use the release-0.18 branch
-        go install sigs.k8s.io/controller-runtime/tools/setup-envtest@release-0.18
+        go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest

        ENVTEST_BIN=$(setup-envtest use -p path)
        sudo mkdir -p /usr/local/kubebuilder/bin
        sudo cp $ENVTEST_BIN/* /usr/local/kubebuilder/bin

    - name: Run tests
+      run: ginkgo -v -r --skip-file=tests
+  
+  tests-e2e:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        fetch-tags: true
+
+    - uses: actions/setup-go@v5
+      with:
+        go-version-file: go.mod
+    
+    - name: Check go modules
      run: |
-        ginkgo run ./...
+        go mod tidy
+
+        git --no-pager diff go.mod go.sum
+        test -z "$(git status --porcelain)"
+
+    - name: Install Ginkgo
+      run: go install github.com/onsi/ginkgo/v2/ginkgo
+    
+    - name: Build
+      run: |
+        ./scripts/build
+
+        # add k3kcli to $PATH
+        echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+
+    - name: Check k3kcli
+      run: k3kcli -v
+
+    - name: Run tests
+      run: ginkgo -v ./tests
+
+    - name: Archive k3s logs
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: k3s-logs
+        path: /tmp/k3s.log
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,9 @@
+linters:
+  enable:
+  # default linters
+  - errcheck
+  - gosimple
+  - govet
+  - ineffassign
+  - staticcheck
+  - unused
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -20,6 +20,9 @@ builds:
      - "amd64"
      - "arm64"
      - "s390x"
+    ldflags:
+      - -w -s # strip debug info and symbol table
+      - -X "github.com/rancher/k3k/pkg/buildinfo.Version={{ .Tag }}"

  - id: k3k-kubelet
    main: ./k3k-kubelet
@@ -32,7 +35,10 @@ builds:
      - "amd64"
      - "arm64"
      - "s390x"
-  
+    ldflags:
+      - -w -s # strip debug info and symbol table
+      - -X "github.com/rancher/k3k/pkg/buildinfo.Version={{ .Tag }}"
+
  - id: k3kcli
    main: ./cli
    binary: k3kcli
@@ -41,6 +47,9 @@ builds:
    goarch:
      - "amd64"
      - "arm64"
+    ldflags:
+      - -w -s # strip debug info and symbol table
+      - -X "github.com/rancher/k3k/pkg/buildinfo.Version={{ .Tag }}"

 archives:
  - format: binary
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@@ -1,4 +1,4 @@
-ARG GOLANG=rancher/hardened-build-base:v1.22.2b1
+ARG GOLANG=rancher/hardened-build-base:v1.23.4b1
 FROM ${GOLANG}

 ARG DAPPER_HOST_ARCH
@@ -17,15 +17,13 @@ ENV CONTROLLER_GEN_VERSION v0.14.0
 RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@${CONTROLLER_GEN_VERSION}

 # Tool to setup the envtest framework to run the controllers integration tests
-# Note: With Golang 1.22 we need to use the release-0.18 branch
-ENV SETUP_ENVTEST_VERSION release-0.18
-RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@${SETUP_ENVTEST_VERSION} && \
+RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest && \
    ENVTEST_BIN=$(setup-envtest use -p path) && \
    mkdir -p /usr/local/kubebuilder/bin && \
    cp $ENVTEST_BIN/* /usr/local/kubebuilder/bin

 ENV GO111MODULE on
-ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS GITHUB_TOKEN
+ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS GITHUB_TOKEN SKIP_TESTS
 ENV DAPPER_SOURCE /go/src/github.com/rancher/k3k/
 ENV DAPPER_OUTPUT ./bin ./dist ./deploy ./charts
 ENV DAPPER_DOCKER_SOCKET true
--- a/charts/k3k/crds/k3k.io_clusters.yaml
+++ b/charts/k3k/crds/k3k.io_clusters.yaml
@@ -36,6 +36,7 @@ spec:
          metadata:
            type: object
          spec:
+            default: {}
            properties:
              addons:
                description: Addons is a list of secrets containing raw YAML which
@@ -55,6 +56,7 @@ spec:
                  type: string
                type: array
              agents:
+                default: 0
                description: Agents is the number of K3s pods to run in agent (worker)
                  mode.
                format: int32
@@ -179,6 +181,7 @@ spec:
                  type: string
                type: array
              servers:
+                default: 1
                description: Servers is the number of K3s pods to run in server (controlplane)
                  mode.
                format: int32
@@ -218,11 +221,6 @@ spec:
                description: Version is a string representing the Kubernetes version
                  to be used by the virtual nodes.
                type: string
-            required:
-            - agents
-            - mode
-            - servers
-            - version
            type: object
          status:
            properties:
@@ -230,6 +228,8 @@ spec:
                type: string
              clusterDNS:
                type: string
+              hostVersion:
+                type: string
              persistence:
                properties:
                  storageClassName:
@@ -250,8 +250,6 @@ spec:
                  type: string
                type: array
            type: object
-        required:
-        - spec
        type: object
    served: true
    storage: true
--- a/charts/k3k/templates/deployment.yaml
+++ b/charts/k3k/templates/deployment.yaml
@@ -24,6 +24,8 @@ spec:
            value: {{ .Values.host.clusterCIDR }}
          - name: SHARED_AGENT_IMAGE
            value: "{{ .Values.sharedAgent.image.repository }}:{{ default .Chart.AppVersion .Values.sharedAgent.image.tag }}"
+          - name: SHARED_AGENT_PULL_POLICY
+            value: {{ .Values.sharedAgent.image.pullPolicy }}
          ports:
          - containerPort: 8080
            name: https
--- a/charts/k3k/values.yaml
+++ b/charts/k3k/values.yaml
@@ -26,3 +26,4 @@ sharedAgent:
  image:
    repository: "rancher/k3k-kubelet"
    tag: ""
+    pullPolicy: ""
--- a/cli/main.go
+++ b/cli/main.go
@@ -1,28 +1,28 @@
 package main

 import (
+	"fmt"
 	"os"

 	"github.com/rancher/k3k/cli/cmds"
 	"github.com/rancher/k3k/cli/cmds/cluster"
 	"github.com/rancher/k3k/cli/cmds/kubeconfig"
+	"github.com/rancher/k3k/pkg/buildinfo"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )

-const (
-	program   = "k3kcli"
-	version   = "dev"
-	gitCommit = "HEAD"
-)
-
 func main() {
 	app := cmds.NewApp()
+	app.Version = buildinfo.Version
+	cli.VersionPrinter = func(cCtx *cli.Context) {
+		fmt.Println("k3kcli Version: " + buildinfo.Version)
+	}
+
 	app.Commands = []cli.Command{
 		cluster.NewCommand(),
 		kubeconfig.NewCommand(),
 	}
-	app.Version = version + " (" + gitCommit + ")"

 	if err := app.Run(os.Args); err != nil {
 		logrus.Fatal(err)
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,6 @@
 module github.com/rancher/k3k

-go 1.22.0
-
-toolchain go1.22.7
+go 1.23.4

 replace (
 	github.com/google/cel-go => github.com/google/cel-go v0.17.7
@@ -14,17 +12,20 @@ replace (

 require (
 	github.com/go-logr/zapr v1.3.0
-	github.com/onsi/ginkgo/v2 v2.20.1
+	github.com/onsi/ginkgo/v2 v2.21.0
 	github.com/onsi/gomega v1.36.0
 	github.com/prometheus/client_model v0.6.1
 	github.com/rancher/dynamiclistener v1.27.5
 	github.com/sirupsen/logrus v1.9.3
+	github.com/testcontainers/testcontainers-go v0.35.0
+	github.com/testcontainers/testcontainers-go/modules/k3s v0.35.0
 	github.com/urfave/cli v1.22.12
 	github.com/virtual-kubelet/virtual-kubelet v1.11.0
 	go.etcd.io/etcd/api/v3 v3.5.14
 	go.etcd.io/etcd/client/v3 v3.5.14
 	go.uber.org/zap v1.26.0
 	gopkg.in/yaml.v2 v2.4.0
+	helm.sh/helm/v3 v3.14.4
 	k8s.io/api v0.29.11
 	k8s.io/apimachinery v0.29.11
 	k8s.io/apiserver v0.29.11
@@ -35,60 +36,140 @@ require (
 )

 require (
+	dario.cat/mergo v1.0.1 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/MakeNowJust/heredoc v1.0.0 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.3.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
+	github.com/Masterminds/squirrel v1.5.4 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
-	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
+	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/chai2010/gettext-go v1.0.2 // indirect
+	github.com/containerd/containerd v1.7.24 // indirect
+	github.com/containerd/errdefs v0.3.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/cpuguy83/dockercfg v0.3.2 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/cli v25.0.1+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v27.1.1+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-metrics v0.0.1 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
+	github.com/fatih/color v1.13.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-errors/errors v1.4.2 // indirect
+	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/cel-go v0.20.1 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/google/cel-go v0.22.0 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect
+	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gosuri/uitable v0.0.4 // indirect
+	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
-	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/huandu/xstrings v1.5.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
+	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
+	github.com/lib/pq v1.10.9 // indirect
+	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/moby/spdystream v0.4.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/locker v1.0.1 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/spdystream v0.5.0 // indirect
+	github.com/moby/sys/mountinfo v0.7.2 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/sys/user v0.3.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
+	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/client_golang v1.19.1 // indirect
 	github.com/prometheus/common v0.55.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/rubenv/sql-migrate v1.7.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/shirou/gopsutil/v3 v3.23.12 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stoewer/go-strcase v1.2.0 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.14 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
@@ -100,30 +181,36 @@ require (
 	go.opentelemetry.io/otel/trace v1.28.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/term v0.25.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.24.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
 	google.golang.org/grpc v1.65.0 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.29.2 // indirect
+	k8s.io/apiextensions-apiserver v0.29.11 // indirect
+	k8s.io/cli-runtime v0.29.11 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kms v0.31.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
+	k8s.io/kms v0.30.3 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	k8s.io/kubectl v0.29.11 // indirect
+	oras.land/oras-go v1.2.5 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/kustomize/api v0.18.0 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/k3k-kubelet/config.go
+++ b/k3k-kubelet/config.go
@@ -18,6 +18,7 @@ type config struct {
 	VirtualConfigPath string `yaml:"virtualConfigPath,omitempty"`
 	KubeletPort       string `yaml:"kubeletPort,omitempty"`
 	ServerIP          string `yaml:"serverIP,omitempty"`
+	Version           string `yaml:"version,omitempty"`
 }

 func (c *config) unmarshalYAML(data []byte) error {
@@ -54,6 +55,9 @@ func (c *config) unmarshalYAML(data []byte) error {
 	if c.ServerIP == "" {
 		c.ServerIP = conf.ServerIP
 	}
+	if c.Version == "" {
+		c.Version = conf.Version
+	}
 	return nil
 }

--- a/k3k-kubelet/controller/handler.go
+++ b/k3k-kubelet/controller/handler.go
@@ -66,6 +66,10 @@ func (c *ControllerHandler) AddResource(ctx context.Context, obj client.Object)
 				// note that this doesn't do any type safety - fix this
 				// when generics work
 				c.Translater.TranslateTo(s)
+				// Remove service-account-token types when synced to the host
+				if s.Type == v1.SecretTypeServiceAccountToken {
+					s.Type = v1.SecretTypeOpaque
+				}
 				return s, nil
 			},
 			Logger: c.Logger,
@@ -109,7 +113,7 @@ func (c *ControllerHandler) RemoveResource(ctx context.Context, obj client.Objec
 	ctrl, ok := c.controllers[obj.GetObjectKind().GroupVersionKind()]
 	c.RUnlock()
 	if !ok {
-		return fmt.Errorf("no controller found for gvk" + obj.GetObjectKind().GroupVersionKind().String())
+		return fmt.Errorf("no controller found for gvk %s", obj.GetObjectKind().GroupVersionKind())
 	}
 	return ctrl.RemoveResource(ctx, obj.GetNamespace(), obj.GetName())
 }
--- a/k3k-kubelet/kubelet.go
+++ b/k3k-kubelet/kubelet.go
@@ -187,8 +187,8 @@ func clusterIP(ctx context.Context, serviceName, clusterNamespace string, hostCl
 	return service.Spec.ClusterIP, nil
 }

-func (k *kubelet) registerNode(ctx context.Context, agentIP, srvPort, namespace, name, hostname, serverIP, dnsIP string) error {
-	providerFunc := k.newProviderFunc(namespace, name, hostname, agentIP, serverIP, dnsIP)
+func (k *kubelet) registerNode(ctx context.Context, agentIP, srvPort, namespace, name, hostname, serverIP, dnsIP, version string) error {
+	providerFunc := k.newProviderFunc(namespace, name, hostname, agentIP, serverIP, dnsIP, version)
 	nodeOpts := k.nodeOpts(ctx, srvPort, namespace, name, hostname, agentIP)

 	var err error
@@ -235,14 +235,14 @@ func (k *kubelet) start(ctx context.Context) {
 	k.logger.Info("node exited successfully")
 }

-func (k *kubelet) newProviderFunc(namespace, name, hostname, agentIP, serverIP, dnsIP string) nodeutil.NewProviderFunc {
+func (k *kubelet) newProviderFunc(namespace, name, hostname, agentIP, serverIP, dnsIP, version string) nodeutil.NewProviderFunc {
 	return func(pc nodeutil.ProviderConfig) (nodeutil.Provider, node.NodeProvider, error) {
 		utilProvider, err := provider.New(*k.hostConfig, k.hostMgr, k.virtualMgr, k.logger, namespace, name, serverIP, dnsIP)
 		if err != nil {
 			return nil, nil, errors.New("unable to make nodeutil provider: " + err.Error())
 		}

-		provider.ConfigureNode(k.logger, pc.Node, hostname, k.port, agentIP, utilProvider.CoreClient, utilProvider.VirtualClient, k.virtualCluster)
+		provider.ConfigureNode(k.logger, pc.Node, hostname, k.port, agentIP, utilProvider.CoreClient, utilProvider.VirtualClient, k.virtualCluster, version)

 		return utilProvider, &provider.Node{}, nil
 	}
--- a/k3k-kubelet/main.go
+++ b/k3k-kubelet/main.go
@@ -73,6 +73,12 @@ func main() {
 			Destination: &cfg.ServerIP,
 			EnvVar:      "SERVER_IP",
 		},
+		cli.StringFlag{
+			Name:        "version",
+			Usage:       "Version of kubernetes server",
+			Destination: &cfg.Version,
+			EnvVar:      "VERSION",
+		},
 		cli.StringFlag{
 			Name:        "config",
 			Usage:       "Path to k3k-kubelet config file",
@@ -112,7 +118,7 @@ func run(clx *cli.Context) {
 		logger.Fatalw("failed to create new virtual kubelet instance", zap.Error(err))
 	}

-	if err := k.registerNode(ctx, k.agentIP, cfg.KubeletPort, cfg.ClusterNamespace, cfg.ClusterName, cfg.AgentHostname, cfg.ServerIP, k.dnsIP); err != nil {
+	if err := k.registerNode(ctx, k.agentIP, cfg.KubeletPort, cfg.ClusterNamespace, cfg.ClusterName, cfg.AgentHostname, cfg.ServerIP, k.dnsIP, cfg.Version); err != nil {
 		logger.Fatalw("failed to register new node", zap.Error(err))
 	}

--- a/k3k-kubelet/provider/configure.go
+++ b/k3k-kubelet/provider/configure.go
@@ -15,7 +15,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )

-func ConfigureNode(logger *k3klog.Logger, node *v1.Node, hostname string, servicePort int, ip string, coreClient typedv1.CoreV1Interface, virtualClient client.Client, virtualCluster v1alpha1.Cluster) {
+func ConfigureNode(logger *k3klog.Logger, node *v1.Node, hostname string, servicePort int, ip string, coreClient typedv1.CoreV1Interface, virtualClient client.Client, virtualCluster v1alpha1.Cluster, version string) {
 	node.Status.Conditions = nodeConditions()
 	node.Status.DaemonEndpoints.KubeletEndpoint.Port = int32(servicePort)
 	node.Status.Addresses = []v1.NodeAddress{
@@ -32,6 +32,10 @@ func ConfigureNode(logger *k3klog.Logger, node *v1.Node, hostname string, servic
 	node.Labels["node.kubernetes.io/exclude-from-external-load-balancers"] = "true"
 	node.Labels["kubernetes.io/os"] = "linux"

+	// configure versions
+	node.Status.NodeInfo.KubeletVersion = version
+	node.Status.NodeInfo.KubeProxyVersion = version
+
 	updateNodeCapacityInterval := 10 * time.Second
 	ticker := time.NewTicker(updateNodeCapacityInterval)

--- a/k3k-kubelet/provider/provider.go
+++ b/k3k-kubelet/provider/provider.go
@@ -369,7 +369,7 @@ func (p *Provider) createPod(ctx context.Context, pod *corev1.Pod) error {
 		return fmt.Errorf("unable to transform tokens for pod %s/%s: %w", pod.Namespace, pod.Name, err)
 	}
 	// inject networking information to the pod including the virtual cluster controlplane endpoint
-	p.configureNetworking(pod.Name, pod.Namespace, tPod)
+	p.configureNetworking(pod.Name, pod.Namespace, tPod, p.serverIP)

 	p.logger.Infow("Creating pod", "Host Namespace", tPod.Namespace, "Host Name", tPod.Name,
 		"Virtual Namespace", pod.Namespace, "Virtual Name", "env", pod.Name, pod.Spec.Containers[0].Env)
@@ -475,6 +475,7 @@ func (p *Provider) syncConfigmap(ctx context.Context, podNamespace string, confi

 // syncSecret will add the secret object to the queue of the syncer controller to be synced to the host cluster
 func (p *Provider) syncSecret(ctx context.Context, podNamespace string, secretName string, optional bool) error {
+	p.logger.Infow("Syncing secret", "Name", secretName, "Namespace", podNamespace, "optional", optional)
 	var secret corev1.Secret
 	nsName := types.NamespacedName{
 		Namespace: podNamespace,
@@ -707,7 +708,13 @@ func (p *Provider) GetPods(ctx context.Context) ([]*corev1.Pod, error) {
 // configureNetworking will inject network information to each pod to connect them to the
 // virtual cluster api server, as well as confiugre DNS information to connect them to the
 // synced coredns on the host cluster.
-func (p *Provider) configureNetworking(podName, podNamespace string, pod *corev1.Pod) {
+func (p *Provider) configureNetworking(podName, podNamespace string, pod *corev1.Pod, serverIP string) {
+	// inject serverIP to hostalias for the pod
+	KubernetesHostAlias := corev1.HostAlias{
+		IP:        serverIP,
+		Hostnames: []string{"kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local"},
+	}
+	pod.Spec.HostAliases = append(pod.Spec.HostAliases, KubernetesHostAlias)
 	// inject networking information to the pod's environment variables
 	for i := range pod.Spec.Containers {
 		pod.Spec.Containers[i].Env = append(pod.Spec.Containers[i].Env,
@@ -733,6 +740,31 @@ func (p *Provider) configureNetworking(podName, podNamespace string, pod *corev1
 			},
 		)
 	}
+	// handle init contianers as well
+	for i := range pod.Spec.InitContainers {
+		pod.Spec.InitContainers[i].Env = append(pod.Spec.InitContainers[i].Env,
+			corev1.EnvVar{
+				Name:  "KUBERNETES_PORT_443_TCP",
+				Value: "tcp://" + p.serverIP + ":6443",
+			},
+			corev1.EnvVar{
+				Name:  "KUBERNETES_PORT",
+				Value: "tcp://" + p.serverIP + ":6443",
+			},
+			corev1.EnvVar{
+				Name:  "KUBERNETES_PORT_443_TCP_ADDR",
+				Value: p.serverIP,
+			},
+			corev1.EnvVar{
+				Name:  "KUBERNETES_SERVICE_HOST",
+				Value: p.serverIP,
+			},
+			corev1.EnvVar{
+				Name:  "KUBERNETES_SERVICE_PORT",
+				Value: "6443",
+			},
+		)
+	}
 	// injecting cluster DNS IP to the pods except for coredns pod
 	if !strings.HasPrefix(podName, "coredns") {
 		pod.Spec.DNSPolicy = corev1.DNSNone
--- a/k3k-kubelet/provider/token.go
+++ b/k3k-kubelet/provider/token.go
@@ -23,6 +23,12 @@ const (
 func (p *Provider) transformTokens(ctx context.Context, pod, tPod *corev1.Pod) error {
 	p.logger.Infow("transforming token", "Pod", pod.Name, "Namespace", pod.Namespace, "serviceAccountName", pod.Spec.ServiceAccountName)

+	// skip this process if the kube-api-access is already removed from the pod
+	// this is needed in case users already adds their own custom tokens like in rancher imported clusters
+	if !isKubeAccessVolumeFound(pod) {
+		return nil
+	}
+
 	virtualSecretName := k3kcontroller.SafeConcatNameWithPrefix(pod.Spec.ServiceAccountName, "token")
 	virtualSecret := virtualSecret(virtualSecretName, pod.Namespace, pod.Spec.ServiceAccountName)
 	if err := p.VirtualClient.Create(ctx, virtualSecret); err != nil {
@@ -84,12 +90,30 @@ func (p *Provider) translateToken(pod *corev1.Pod, hostSecretName string) {
 	addKubeAccessVolume(pod, hostSecretName)
 }

+func isKubeAccessVolumeFound(pod *corev1.Pod) bool {
+	for _, volume := range pod.Spec.Volumes {
+		if strings.HasPrefix(volume.Name, kubeAPIAccessPrefix) {
+			return true
+		}
+	}
+	return false
+}
+
 func removeKubeAccessVolume(pod *corev1.Pod) {
 	for i, volume := range pod.Spec.Volumes {
 		if strings.HasPrefix(volume.Name, kubeAPIAccessPrefix) {
 			pod.Spec.Volumes = append(pod.Spec.Volumes[:i], pod.Spec.Volumes[i+1:]...)
 		}
 	}
+	// init containers
+	for i, container := range pod.Spec.InitContainers {
+		for j, mountPath := range container.VolumeMounts {
+			if strings.HasPrefix(mountPath.Name, kubeAPIAccessPrefix) {
+				pod.Spec.InitContainers[i].VolumeMounts = append(pod.Spec.InitContainers[i].VolumeMounts[:j], pod.Spec.InitContainers[i].VolumeMounts[j+1:]...)
+			}
+		}
+	}
+
 	for i, container := range pod.Spec.Containers {
 		for j, mountPath := range container.VolumeMounts {
 			if strings.HasPrefix(mountPath.Name, kubeAPIAccessPrefix) {
@@ -109,6 +133,14 @@ func addKubeAccessVolume(pod *corev1.Pod, hostSecretName string) {
 			},
 		},
 	})
+
+	for i := range pod.Spec.InitContainers {
+		pod.Spec.InitContainers[i].VolumeMounts = append(pod.Spec.InitContainers[i].VolumeMounts, corev1.VolumeMount{
+			Name:      tokenVolumeName,
+			MountPath: serviceAccountTokenMountPath,
+		})
+	}
+
 	for i := range pod.Spec.Containers {
 		pod.Spec.Containers[i].VolumeMounts = append(pod.Spec.Containers[i].VolumeMounts, corev1.VolumeMount{
 			Name:      tokenVolumeName,
--- a/main.go
+++ b/main.go
@@ -3,17 +3,20 @@ package main

 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"

 	"github.com/go-logr/zapr"
 	"github.com/rancher/k3k/cli/cmds"
 	"github.com/rancher/k3k/pkg/apis/k3k.io/v1alpha1"
+	"github.com/rancher/k3k/pkg/buildinfo"
 	"github.com/rancher/k3k/pkg/controller/cluster"
 	"github.com/rancher/k3k/pkg/controller/clusterset"
 	"github.com/rancher/k3k/pkg/log"
 	"github.com/urfave/cli"
 	"go.uber.org/zap"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/tools/clientcmd"
@@ -22,20 +25,15 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 )

-const (
-	program   = "k3k"
-	version   = "dev"
-	gitCommit = "HEAD"
-)
-
 var (
-	scheme           = runtime.NewScheme()
-	clusterCIDR      string
-	sharedAgentImage string
-	kubeconfig       string
-	debug            bool
-	logger           *log.Logger
-	flags            = []cli.Flag{
+	scheme                     = runtime.NewScheme()
+	clusterCIDR                string
+	sharedAgentImage           string
+	sharedAgentImagePullPolicy string
+	kubeconfig                 string
+	debug                      bool
+	logger                     *log.Logger
+	flags                      = []cli.Flag{
 		cli.StringFlag{
 			Name:        "kubeconfig",
 			EnvVar:      "KUBECONFIG",
@@ -55,6 +53,12 @@ var (
 			Value:       "rancher/k3k:k3k-kubelet-dev",
 			Destination: &sharedAgentImage,
 		},
+		cli.StringFlag{
+			Name:        "shared-agent-pull-policy",
+			EnvVar:      "SHARED_AGENT_PULL_POLICY",
+			Usage:       "K3K Virtual Kubelet image pull policy must be one of Always, IfNotPresent or Never",
+			Destination: &sharedAgentImagePullPolicy,
+		},
 		cli.BoolFlag{
 			Name:        "debug",
 			EnvVar:      "DEBUG",
@@ -73,20 +77,24 @@ func main() {
 	app := cmds.NewApp()
 	app.Flags = flags
 	app.Action = run
-	app.Version = version + " (" + gitCommit + ")"
+	app.Version = buildinfo.Version
 	app.Before = func(clx *cli.Context) error {
+		if err := validate(); err != nil {
+			return err
+		}
 		logger = log.New(debug)
 		return nil
 	}
 	if err := app.Run(os.Args); err != nil {
 		logger.Fatalw("failed to run k3k controller", zap.Error(err))
 	}
-
 }

 func run(clx *cli.Context) error {
 	ctx := context.Background()

+	logger.Info("Starting k3k - Version: " + buildinfo.Version)
+
 	restConfig, err := clientcmd.BuildConfigFromFlags("", kubeconfig)
 	if err != nil {
 		return fmt.Errorf("failed to create config from kubeconfig file: %v", err)
@@ -102,7 +110,7 @@ func run(clx *cli.Context) error {

 	ctrlruntimelog.SetLogger(zapr.NewLogger(logger.Desugar().WithOptions(zap.AddCallerSkip(1))))
 	logger.Info("adding cluster controller")
-	if err := cluster.Add(ctx, mgr, sharedAgentImage, logger); err != nil {
+	if err := cluster.Add(ctx, mgr, sharedAgentImage, sharedAgentImagePullPolicy, logger); err != nil {
 		return fmt.Errorf("failed to add the new cluster controller: %v", err)
 	}

@@ -129,3 +137,14 @@ func run(clx *cli.Context) error {

 	return nil
 }
+
+func validate() error {
+	if sharedAgentImagePullPolicy != "" {
+		if sharedAgentImagePullPolicy != string(v1.PullAlways) &&
+			sharedAgentImagePullPolicy != string(v1.PullIfNotPresent) &&
+			sharedAgentImagePullPolicy != string(v1.PullNever) {
+			return errors.New("invalid value for shared agent image policy")
+		}
+	}
+	return nil
+}
--- a/ops/test
+++ b/ops/test
@@ -3,5 +3,7 @@ set -e

 cd $(dirname $0)/..

-echo Running tests
-go test -cover -tags=test ./...
+if [ -z ${SKIP_TESTS} ]; then
+  echo Running tests
+  go test -cover -tags=test ./...
+fi
--- a/pkg/apis/k3k.io/v1alpha1/types.go
+++ b/pkg/apis/k3k.io/v1alpha1/types.go
@@ -14,24 +14,35 @@ type Cluster struct {
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	metav1.TypeMeta   `json:",inline"`

+	// +kubebuilder:default={}
+	// +optional
 	Spec   ClusterSpec   `json:"spec"`
 	Status ClusterStatus `json:"status,omitempty"`
 }

 type ClusterSpec struct {
 	// Version is a string representing the Kubernetes version to be used by the virtual nodes.
+	//
+	// +optional
 	Version string `json:"version"`

 	// Servers is the number of K3s pods to run in server (controlplane) mode.
+	//
+	// +kubebuilder:default=1
 	// +kubebuilder:validation:XValidation:message="cluster must have at least one server",rule="self >= 1"
+	// +optional
 	Servers *int32 `json:"servers"`

 	// Agents is the number of K3s pods to run in agent (worker) mode.
+	//
+	// +kubebuilder:default=0
 	// +kubebuilder:validation:XValidation:message="invalid value for agents",rule="self >= 0"
+	// +optional
 	Agents *int32 `json:"agents"`

 	// NodeSelector is the node selector that will be applied to all server/agent pods.
 	// In "shared" mode the node selector will be applied also to the workloads.
+	//
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

@@ -73,10 +84,12 @@ type ClusterSpec struct {
 	Addons []Addon `json:"addons,omitempty"`

 	// Mode is the cluster provisioning mode which can be either "shared" or "virtual". Defaults to "shared"
+	//
 	// +kubebuilder:default="shared"
 	// +kubebuilder:validation:Enum=shared;virtual
 	// +kubebuilder:validation:XValidation:message="mode is immutable",rule="self == oldSelf"
-	Mode ClusterMode `json:"mode"`
+	// +optional
+	Mode ClusterMode `json:"mode,omitempty"`

 	// Persistence contains options controlling how the etcd data of the virtual cluster is persisted. By default, no data
 	// persistence is guaranteed, so restart of a virtual cluster pod may result in data loss without this field.
@@ -151,6 +164,7 @@ type NodePortConfig struct {
 }

 type ClusterStatus struct {
+	HostVersion string             `json:"hostVersion,omitempty"`
 	ClusterCIDR string             `json:"clusterCIDR,omitempty"`
 	ServiceCIDR string             `json:"serviceCIDR,omitempty"`
 	ClusterDNS  string             `json:"clusterDNS,omitempty"`
--- a/pkg/buildinfo/buildinfo.go
+++ b/pkg/buildinfo/buildinfo.go
@@ -0,0 +1,3 @@
+package buildinfo
+
+var Version = "dev"
--- a/pkg/controller/cluster/agent/agent.go
+++ b/pkg/controller/cluster/agent/agent.go
@@ -16,11 +16,11 @@ type Agent interface {
 	Resources() ([]ctrlruntimeclient.Object, error)
 }

-func New(cluster *v1alpha1.Cluster, serviceIP, sharedAgentImage, token string) Agent {
+func New(cluster *v1alpha1.Cluster, serviceIP, sharedAgentImage, sharedAgentImagePullPolicy, token string) Agent {
 	if cluster.Spec.Mode == VirtualNodeMode {
 		return NewVirtualAgent(cluster, serviceIP, token)
 	}
-	return NewSharedAgent(cluster, serviceIP, sharedAgentImage, token)
+	return NewSharedAgent(cluster, serviceIP, sharedAgentImage, sharedAgentImagePullPolicy, token)
 }

 func configSecretName(clusterName string) string {
--- a/pkg/controller/cluster/agent/shared.go
+++ b/pkg/controller/cluster/agent/shared.go
@@ -26,18 +26,20 @@ const (
 )

 type SharedAgent struct {
-	cluster          *v1alpha1.Cluster
-	serviceIP        string
-	sharedAgentImage string
-	token            string
+	cluster         *v1alpha1.Cluster
+	serviceIP       string
+	image           string
+	imagePullPolicy string
+	token           string
 }

-func NewSharedAgent(cluster *v1alpha1.Cluster, serviceIP, sharedAgentImage, token string) Agent {
+func NewSharedAgent(cluster *v1alpha1.Cluster, serviceIP, image, imagePullPolicy, token string) Agent {
 	return &SharedAgent{
-		cluster:          cluster,
-		serviceIP:        serviceIP,
-		sharedAgentImage: sharedAgentImage,
-		token:            token,
+		cluster:         cluster,
+		serviceIP:       serviceIP,
+		image:           image,
+		imagePullPolicy: imagePullPolicy,
+		token:           token,
 	}
 }

@@ -60,13 +62,18 @@ func (s *SharedAgent) Config() ctrlruntimeclient.Object {
 }

 func sharedAgentData(cluster *v1alpha1.Cluster, token, nodeName, ip string) string {
+	version := cluster.Spec.Version
+	if cluster.Spec.Version == "" {
+		version = cluster.Status.HostVersion
+	}
 	return fmt.Sprintf(`clusterName: %s
 clusterNamespace: %s
 nodeName: %s
 agentHostname: %s
 serverIP: %s
-token: %s`,
-		cluster.Name, cluster.Namespace, nodeName, nodeName, ip, token)
+token: %s
+version: %s`,
+		cluster.Name, cluster.Namespace, nodeName, nodeName, ip, token, version)
 }

 func (s *SharedAgent) Resources() ([]ctrlruntimeclient.Object, error) {
@@ -86,12 +93,10 @@ func (s *SharedAgent) Resources() ([]ctrlruntimeclient.Object, error) {
 }

 func (s *SharedAgent) deployment() *apps.Deployment {
-	selector := &metav1.LabelSelector{
-		MatchLabels: map[string]string{
-			"cluster": s.cluster.Name,
-			"type":    "agent",
-			"mode":    "shared",
-		},
+	labels := map[string]string{
+		"cluster": s.cluster.Name,
+		"type":    "agent",
+		"mode":    "shared",
 	}

 	return &apps.Deployment{
@@ -102,34 +107,26 @@ func (s *SharedAgent) deployment() *apps.Deployment {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      s.Name(),
 			Namespace: s.cluster.Namespace,
-			Labels:    selector.MatchLabels,
+			Labels:    labels,
 		},
 		Spec: apps.DeploymentSpec{
-			Selector: selector,
+			Selector: &metav1.LabelSelector{
+				MatchLabels: labels,
+			},
 			Template: v1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
-					Labels: selector.MatchLabels,
+					Labels: labels,
 				},
-				Spec: s.podSpec(selector),
+				Spec: s.podSpec(),
 			},
 		},
 	}
 }

-func (s *SharedAgent) podSpec(affinitySelector *metav1.LabelSelector) v1.PodSpec {
+func (s *SharedAgent) podSpec() v1.PodSpec {
 	var limit v1.ResourceList

 	return v1.PodSpec{
-		Affinity: &v1.Affinity{
-			PodAntiAffinity: &v1.PodAntiAffinity{
-				RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{
-					{
-						LabelSelector: affinitySelector,
-						TopologyKey:   "kubernetes.io/hostname",
-					},
-				},
-			},
-		},
 		ServiceAccountName: s.Name(),
 		Volumes: []v1.Volume{
 			{
@@ -172,8 +169,8 @@ func (s *SharedAgent) podSpec(affinitySelector *metav1.LabelSelector) v1.PodSpec
 		Containers: []v1.Container{
 			{
 				Name:            s.Name(),
-				Image:           s.sharedAgentImage,
-				ImagePullPolicy: v1.PullAlways,
+				Image:           s.image,
+				ImagePullPolicy: v1.PullPolicy(s.imagePullPolicy),
 				Resources: v1.ResourceRequirements{
 					Limits: limit,
 				},
--- a/pkg/controller/cluster/agent/virtual.go
+++ b/pkg/controller/cluster/agent/virtual.go
@@ -97,16 +97,6 @@ func (v *VirtualAgent) podSpec(image, name string, args []string, affinitySelect
 	var limit v1.ResourceList
 	args = append([]string{"agent", "--config", "/opt/rancher/k3s/config.yaml"}, args...)
 	podSpec := v1.PodSpec{
-		Affinity: &v1.Affinity{
-			PodAntiAffinity: &v1.PodAntiAffinity{
-				RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{
-					{
-						LabelSelector: affinitySelector,
-						TopologyKey:   "kubernetes.io/hostname",
-					},
-				},
-			},
-		},
 		Volumes: []v1.Volume{
 			{
 				Name: "config",
@@ -161,9 +151,8 @@ func (v *VirtualAgent) podSpec(image, name string, args []string, affinitySelect
 		},
 		Containers: []v1.Container{
 			{
-				Name:            name,
-				Image:           image,
-				ImagePullPolicy: v1.PullAlways,
+				Name:  name,
+				Image: image,
 				SecurityContext: &v1.SecurityContext{
 					Privileged: ptr.To(true),
 				},
--- a/pkg/controller/cluster/cluster.go
+++ b/pkg/controller/cluster/cluster.go
@@ -20,6 +20,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/discovery"
 	ctrl "sigs.k8s.io/controller-runtime"
 	ctrlruntimeclient "sigs.k8s.io/controller-runtime/pkg/client"
 	ctrlruntimecontroller "sigs.k8s.io/controller-runtime/pkg/controller"
@@ -44,21 +45,32 @@ const (
 )

 type ClusterReconciler struct {
-	Client           ctrlruntimeclient.Client
-	Scheme           *runtime.Scheme
-	SharedAgentImage string
-	logger           *log.Logger
+	DiscoveryClient            *discovery.DiscoveryClient
+	Client                     ctrlruntimeclient.Client
+	Scheme                     *runtime.Scheme
+	SharedAgentImage           string
+	SharedAgentImagePullPolicy string
+	logger                     *log.Logger
 }

 // Add adds a new controller to the manager
-func Add(ctx context.Context, mgr manager.Manager, sharedAgentImage string, logger *log.Logger) error {
+func Add(ctx context.Context, mgr manager.Manager, sharedAgentImage, sharedAgentImagePullPolicy string, logger *log.Logger) error {
+
+	discoveryClient, err := discovery.NewDiscoveryClientForConfig(mgr.GetConfig())
+	if err != nil {
+		return err
+	}
+
 	// initialize a new Reconciler
 	reconciler := ClusterReconciler{
-		Client:           mgr.GetClient(),
-		Scheme:           mgr.GetScheme(),
-		SharedAgentImage: sharedAgentImage,
-		logger:           logger.Named(clusterController),
+		DiscoveryClient:            discoveryClient,
+		Client:                     mgr.GetClient(),
+		Scheme:                     mgr.GetScheme(),
+		SharedAgentImage:           sharedAgentImage,
+		SharedAgentImagePullPolicy: sharedAgentImagePullPolicy,
+		logger:                     logger.Named(clusterController),
 	}
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&v1alpha1.Cluster{}).
 		WithOptions(ctrlruntimecontroller.Options{
@@ -76,6 +88,22 @@ func (c *ClusterReconciler) Reconcile(ctx context.Context, req reconcile.Request
 	if err := c.Client.Get(ctx, req.NamespacedName, &cluster); err != nil {
 		return reconcile.Result{}, ctrlruntimeclient.IgnoreNotFound(err)
 	}
+
+	// if the Version is not specified we will try to use the same Kubernetes version of the host.
+	// This version is stored in the Status object, and it will not be updated if already set.
+	if cluster.Spec.Version == "" && cluster.Status.HostVersion == "" {
+		hostVersion, err := c.DiscoveryClient.ServerVersion()
+		if err != nil {
+			return reconcile.Result{}, err
+		}
+
+		// update Status HostVersion
+		cluster.Status.HostVersion = fmt.Sprintf("v%s.%s.0-k3s1", hostVersion.Major, hostVersion.Minor)
+		if err := c.Client.Status().Update(ctx, &cluster); err != nil {
+			return reconcile.Result{}, err
+		}
+	}
+
 	if cluster.DeletionTimestamp.IsZero() {
 		if !controllerutil.ContainsFinalizer(&cluster, clusterFinalizerName) {
 			controllerutil.AddFinalizer(&cluster, clusterFinalizerName)
@@ -338,7 +366,7 @@ func (c *ClusterReconciler) unbindNodeProxyClusterRole(ctx context.Context, clus
 }

 func (c *ClusterReconciler) agent(ctx context.Context, cluster *v1alpha1.Cluster, serviceIP, token string) error {
-	agent := agent.New(cluster, serviceIP, c.SharedAgentImage, token)
+	agent := agent.New(cluster, serviceIP, c.SharedAgentImage, c.SharedAgentImagePullPolicy, token)
 	agentsConfig := agent.Config()
 	agentResources, err := agent.Resources()
 	if err != nil {
--- a/pkg/controller/cluster/cluster_suite_test.go
+++ b/pkg/controller/cluster/cluster_suite_test.go
@@ -0,0 +1,91 @@
+package cluster_test
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+
+	"github.com/rancher/k3k/pkg/apis/k3k.io/v1alpha1"
+	"github.com/rancher/k3k/pkg/controller/cluster"
+	"github.com/rancher/k3k/pkg/log"
+
+	"go.uber.org/zap"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestController(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Cluster Controller Suite")
+}
+
+var (
+	testEnv   *envtest.Environment
+	k8s       *kubernetes.Clientset
+	k8sClient client.Client
+	ctx       context.Context
+	cancel    context.CancelFunc
+)
+
+var _ = BeforeSuite(func() {
+
+	By("bootstrapping test environment")
+	testEnv = &envtest.Environment{
+		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "..", "charts", "k3k", "crds")},
+		ErrorIfCRDPathMissing: true,
+	}
+	cfg, err := testEnv.Start()
+	Expect(err).NotTo(HaveOccurred())
+
+	k8s, err = kubernetes.NewForConfig(cfg)
+	Expect(err).NotTo(HaveOccurred())
+
+	scheme := buildScheme()
+	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
+	Expect(err).NotTo(HaveOccurred())
+
+	mgr, err := ctrl.NewManager(cfg, ctrl.Options{Scheme: scheme})
+	Expect(err).NotTo(HaveOccurred())
+
+	ctx, cancel = context.WithCancel(context.Background())
+	err = cluster.Add(ctx, mgr, "", "", &log.Logger{SugaredLogger: zap.NewNop().Sugar()})
+	Expect(err).NotTo(HaveOccurred())
+
+	go func() {
+		defer GinkgoRecover()
+		err = mgr.Start(ctx)
+		Expect(err).NotTo(HaveOccurred(), "failed to run manager")
+	}()
+})
+
+var _ = AfterSuite(func() {
+	cancel()
+
+	By("tearing down the test environment")
+	err := testEnv.Stop()
+	Expect(err).NotTo(HaveOccurred())
+})
+
+func buildScheme() *runtime.Scheme {
+	scheme := runtime.NewScheme()
+
+	err := corev1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+	err = appsv1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+	err = networkingv1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+	err = v1alpha1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	return scheme
+}
--- a/pkg/controller/cluster/cluster_test.go
+++ b/pkg/controller/cluster/cluster_test.go
@@ -0,0 +1,68 @@
+package cluster_test
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/rancher/k3k/pkg/apis/k3k.io/v1alpha1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Cluster Controller", func() {
+
+	Context("creating a Cluster", func() {
+
+		var (
+			namespace string
+		)
+
+		BeforeEach(func() {
+			createdNS := &corev1.Namespace{ObjectMeta: v1.ObjectMeta{GenerateName: "ns-"}}
+			err := k8sClient.Create(context.Background(), createdNS)
+			Expect(err).To(Not(HaveOccurred()))
+			namespace = createdNS.Name
+		})
+
+		When("created with a default spec", func() {
+
+			It("should have been created with some defaults", func() {
+				cluster := &v1alpha1.Cluster{
+					ObjectMeta: v1.ObjectMeta{
+						GenerateName: "clusterset-",
+						Namespace:    namespace,
+					},
+				}
+
+				err := k8sClient.Create(ctx, cluster)
+				Expect(err).To(Not(HaveOccurred()))
+
+				Expect(cluster.Spec.Mode).To(Equal(v1alpha1.SharedClusterMode))
+				Expect(cluster.Spec.Agents).To(Equal(ptr.To[int32](0)))
+				Expect(cluster.Spec.Servers).To(Equal(ptr.To[int32](1)))
+				Expect(cluster.Spec.Version).To(BeEmpty())
+
+				serverVersion, err := k8s.DiscoveryClient.ServerVersion()
+				Expect(err).To(Not(HaveOccurred()))
+				expectedHostVersion := fmt.Sprintf("v%s.%s.0-k3s1", serverVersion.Major, serverVersion.Minor)
+
+				Eventually(func() string {
+					err := k8sClient.Get(ctx, client.ObjectKeyFromObject(cluster), cluster)
+					Expect(err).To(Not(HaveOccurred()))
+					return cluster.Status.HostVersion
+
+				}).
+					WithTimeout(time.Second * 30).
+					WithPolling(time.Second).
+					Should(Equal(expectedHostVersion))
+			})
+		})
+	})
+})
--- a/pkg/controller/cluster/server/ingress.go
+++ b/pkg/controller/cluster/server/ingress.go
@@ -16,8 +16,9 @@ const (
 	nginxBackendProtocolAnnotation = "nginx.ingress.kubernetes.io/backend-protocol"
 	nginxSSLRedirectAnnotation     = "nginx.ingress.kubernetes.io/ssl-redirect"

-	serverPort = 6443
-	etcdPort   = 2379
+	servicePort = 443
+	serverPort  = 6443
+	etcdPort    = 2379
 )

 func (s *Server) Ingress(ctx context.Context, client client.Client) (*networkingv1.Ingress, error) {
--- a/pkg/controller/cluster/server/server.go
+++ b/pkg/controller/cluster/server/server.go
@@ -45,7 +45,7 @@ func New(cluster *v1alpha1.Cluster, client client.Client, token, mode string) *S
 	}
 }

-func (s *Server) podSpec(image, name string, persistent bool, affinitySelector *metav1.LabelSelector) v1.PodSpec {
+func (s *Server) podSpec(image, name string, persistent bool) v1.PodSpec {
 	var limit v1.ResourceList
 	if s.cluster.Spec.Limit != nil && s.cluster.Spec.Limit.ServerLimit != nil {
 		limit = s.cluster.Spec.Limit.ServerLimit
@@ -53,16 +53,6 @@ func (s *Server) podSpec(image, name string, persistent bool, affinitySelector *
 	podSpec := v1.PodSpec{
 		NodeSelector:      s.cluster.Spec.NodeSelector,
 		PriorityClassName: s.cluster.Spec.PriorityClass,
-		Affinity: &v1.Affinity{
-			PodAntiAffinity: &v1.PodAntiAffinity{
-				RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{
-					{
-						LabelSelector: affinitySelector,
-						TopologyKey:   "kubernetes.io/hostname",
-					},
-				},
-			},
-		},
 		Volumes: []v1.Volume{
 			{
 				Name: "initconfig",
@@ -347,7 +337,7 @@ func (s *Server) StatefulServer(ctx context.Context) (*apps.StatefulSet, error)
 		},
 	}

-	podSpec := s.podSpec(image, name, persistent, &selector)
+	podSpec := s.podSpec(image, name, persistent)
 	podSpec.Volumes = append(podSpec.Volumes, volumes...)
 	podSpec.Containers[0].VolumeMounts = append(podSpec.Containers[0].VolumeMounts, volumeMounts...)

--- a/pkg/controller/cluster/server/service.go
+++ b/pkg/controller/cluster/server/service.go
@@ -5,6 +5,7 @@ import (
 	"github.com/rancher/k3k/pkg/controller"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 )

 func (s *Server) Service(cluster *v1alpha1.Cluster) *v1.Service {
@@ -38,6 +39,12 @@ func (s *Server) Service(cluster *v1alpha1.Cluster) *v1.Service {
 					Protocol: v1.ProtocolTCP,
 					Port:     serverPort,
 				},
+				{
+					Name:       "k3s-service-port",
+					Protocol:   v1.ProtocolTCP,
+					Port:       servicePort,
+					TargetPort: intstr.FromInt(serverPort),
+				},
 				{
 					Name:     "k3s-etcd-port",
 					Protocol: v1.ProtocolTCP,
@@ -71,6 +78,12 @@ func (s *Server) StatefulServerService() *v1.Service {
 					Protocol: v1.ProtocolTCP,
 					Port:     serverPort,
 				},
+				{
+					Name:       "k3s-service-port",
+					Protocol:   v1.ProtocolTCP,
+					Port:       servicePort,
+					TargetPort: intstr.FromInt(serverPort),
+				},
 				{
 					Name:     "k3s-etcd-port",
 					Protocol: v1.ProtocolTCP,
--- a/pkg/controller/clusterset/clusterset_test.go
+++ b/pkg/controller/clusterset/clusterset_test.go
@@ -488,8 +488,8 @@ var _ = Describe("ClusterSet Controller", func() {
 					},
 					Spec: v1alpha1.ClusterSpec{
 						Mode:    v1alpha1.SharedClusterMode,
-						Servers: ptr.To(int32(1)),
-						Agents:  ptr.To(int32(0)),
+						Servers: ptr.To[int32](1),
+						Agents:  ptr.To[int32](0),
 					},
 				}

@@ -529,8 +529,8 @@ var _ = Describe("ClusterSet Controller", func() {
 					},
 					Spec: v1alpha1.ClusterSpec{
 						Mode:    v1alpha1.SharedClusterMode,
-						Servers: ptr.To(int32(1)),
-						Agents:  ptr.To(int32(0)),
+						Servers: ptr.To[int32](1),
+						Agents:  ptr.To[int32](0),
 					},
 				}

@@ -570,8 +570,8 @@ var _ = Describe("ClusterSet Controller", func() {
 					},
 					Spec: v1alpha1.ClusterSpec{
 						Mode:         v1alpha1.SharedClusterMode,
-						Servers:      ptr.To(int32(1)),
-						Agents:       ptr.To(int32(0)),
+						Servers:      ptr.To[int32](1),
+						Agents:       ptr.To[int32](0),
 						NodeSelector: map[string]string{"label-1": "value-1"},
 					},
 				}
@@ -645,8 +645,8 @@ var _ = Describe("ClusterSet Controller", func() {
 					},
 					Spec: v1alpha1.ClusterSpec{
 						Mode:    v1alpha1.SharedClusterMode,
-						Servers: ptr.To(int32(1)),
-						Agents:  ptr.To(int32(0)),
+						Servers: ptr.To[int32](1),
+						Agents:  ptr.To[int32](0),
 					},
 				}

--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -27,9 +27,21 @@ var Backoff = wait.Backoff{
 	Jitter:   0.1,
 }

+// K3SImage returns the rancher/k3s image tagged with the specified Version.
+// If Version is empty it will use with the same k8s version of the host cluster,
+// stored in the Status object. It will return the untagged version as last fallback.
 func K3SImage(cluster *v1alpha1.Cluster) string {
-	return k3SImageName + ":" + cluster.Spec.Version
+	if cluster.Spec.Version != "" {
+		return k3SImageName + ":" + cluster.Spec.Version
+	}
+
+	if cluster.Status.HostVersion != "" {
+		return k3SImageName + ":" + cluster.Status.HostVersion
+	}
+
+	return k3SImageName
 }
+
 func nodeAddress(node *v1.Node) string {
 	var externalIP string
 	var internalIP string
--- a/scripts/build
+++ b/scripts/build
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e pipefail
+
+TAG=$(git describe --tag --always --match="v[0-9]*")
+
+if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
+    TAG="${TAG}-dirty"
+fi
+
+LDFLAGS="-X \"github.com/rancher/k3k/pkg/buildinfo.Version=${TAG}\""
+
+echo "Building k3k..."
+echo "Current TAG: ${TAG}"
+
+export CGO_ENABLED=0
+GOOS=linux GOARCH=amd64 go build -ldflags="${LDFLAGS}" -o bin/k3k
+GOOS=linux GOARCH=amd64 go build -ldflags="${LDFLAGS}" -o bin/k3k-kubelet ./k3k-kubelet
+
+# build the cli for the local OS and ARCH
+go build -ldflags="${LDFLAGS}" -o bin/k3kcli ./cli
+
+docker build -f package/Dockerfile -t rancher/k3k:dev -t rancher/k3k:${TAG} .
+docker build -f package/Dockerfile.kubelet -t rancher/k3k-kubelet:dev -t rancher/k3k-kubelet:${TAG} .
--- a/tests/cluster_test.go
+++ b/tests/cluster_test.go
@@ -0,0 +1,88 @@
+package k3k_test
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/rancher/k3k/pkg/apis/k3k.io/v1alpha1"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
+)
+
+var _ = When("a cluster is installed", func() {
+
+	var namespace string
+
+	BeforeEach(func() {
+		createdNS := &corev1.Namespace{ObjectMeta: v1.ObjectMeta{GenerateName: "ns-"}}
+		createdNS, err := k8s.CoreV1().Namespaces().Create(context.Background(), createdNS, v1.CreateOptions{})
+		Expect(err).To(Not(HaveOccurred()))
+		namespace = createdNS.Name
+	})
+
+	It("will be created in shared mode", func() {
+		cluster := v1alpha1.Cluster{
+			ObjectMeta: v1.ObjectMeta{
+				Name:      "mycluster",
+				Namespace: namespace,
+			},
+			Spec: v1alpha1.ClusterSpec{
+				Mode:    v1alpha1.SharedClusterMode,
+				Servers: ptr.To[int32](1),
+				Agents:  ptr.To[int32](0),
+				Version: "v1.26.1-k3s1",
+			},
+		}
+
+		err := k8sClient.Create(context.Background(), &cluster)
+		Expect(err).To(Not(HaveOccurred()))
+
+		By("checking server and kubelet readiness state")
+
+		// check that the server Pod and the Kubelet are in Ready state
+		Eventually(func() bool {
+			podList, err := k8s.CoreV1().Pods(namespace).List(context.Background(), v1.ListOptions{})
+			Expect(err).To(Not(HaveOccurred()))
+
+			serverRunning := false
+			kubeletRunning := false
+
+			for _, pod := range podList.Items {
+				imageName := pod.Spec.Containers[0].Image
+				imageName = strings.Split(imageName, ":")[0] // remove tag
+
+				switch imageName {
+				case "rancher/k3s":
+					serverRunning = pod.Status.Phase == corev1.PodRunning
+				case "rancher/k3k-kubelet":
+					kubeletRunning = pod.Status.Phase == corev1.PodRunning
+				}
+
+				if serverRunning && kubeletRunning {
+					return true
+				}
+			}
+
+			return false
+		}).
+			WithTimeout(time.Minute).
+			WithPolling(time.Second * 5).
+			Should(BeTrue())
+
+		By("checking the existence of the bootstrap secret")
+		secretName := fmt.Sprintf("k3k-%s-bootstrap", cluster.Name)
+
+		Eventually(func() error {
+			_, err := k8s.CoreV1().Secrets(namespace).Get(context.Background(), secretName, v1.GetOptions{})
+			return err
+		}).
+			WithTimeout(time.Minute * 2).
+			WithPolling(time.Second * 5).
+			Should(BeNil())
+	})
+})
--- a/tests/k8s_restclientgetter_test.go
+++ b/tests/k8s_restclientgetter_test.go
@@ -0,0 +1,55 @@
+package k3k_test
+
+import (
+	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/client-go/discovery"
+	memory "k8s.io/client-go/discovery/cached"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/restmapper"
+	"k8s.io/client-go/tools/clientcmd"
+)
+
+type RESTClientGetter struct {
+	clientconfig    clientcmd.ClientConfig
+	restConfig      *rest.Config
+	discoveryClient discovery.CachedDiscoveryInterface
+}
+
+func NewRESTClientGetter(kubeconfig []byte) (*RESTClientGetter, error) {
+	clientconfig, err := clientcmd.NewClientConfigFromBytes([]byte(kubeconfig))
+	if err != nil {
+		return nil, err
+	}
+
+	restConfig, err := clientconfig.ClientConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	dc, err := discovery.NewDiscoveryClientForConfig(restConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return &RESTClientGetter{
+		clientconfig:    clientconfig,
+		restConfig:      restConfig,
+		discoveryClient: memory.NewMemCacheClient(dc),
+	}, nil
+}
+
+func (r *RESTClientGetter) ToRESTConfig() (*rest.Config, error) {
+	return r.restConfig, nil
+}
+
+func (r *RESTClientGetter) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) {
+	return r.discoveryClient, nil
+}
+
+func (r *RESTClientGetter) ToRESTMapper() (meta.RESTMapper, error) {
+	return restmapper.NewDeferredDiscoveryRESTMapper(r.discoveryClient), nil
+}
+
+func (r *RESTClientGetter) ToRawKubeConfigLoader() clientcmd.ClientConfig {
+	return r.clientconfig
+}
--- a/tests/tests_suite_test.go
+++ b/tests/tests_suite_test.go
@@ -0,0 +1,179 @@
+package k3k_test
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"maps"
+	"os"
+	"path"
+	"testing"
+	"time"
+
+	"github.com/go-logr/zapr"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/rancher/k3k/pkg/apis/k3k.io/v1alpha1"
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/modules/k3s"
+	"go.uber.org/zap"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/chart/loader"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+func TestTests(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Tests Suite")
+}
+
+var (
+	k3sContainer *k3s.K3sContainer
+	k8s          *kubernetes.Clientset
+	k8sClient    client.Client
+)
+
+var _ = BeforeSuite(func() {
+	var err error
+	ctx := context.Background()
+
+	k3sContainer, err = k3s.Run(ctx, "rancher/k3s:v1.27.1-k3s1")
+	Expect(err).To(Not(HaveOccurred()))
+
+	kubeconfig, err := k3sContainer.GetKubeConfig(context.Background())
+	Expect(err).To(Not(HaveOccurred()))
+
+	initKubernetesClient(kubeconfig)
+	installK3kChart(kubeconfig)
+})
+
+func initKubernetesClient(kubeconfig []byte) {
+	restcfg, err := clientcmd.RESTConfigFromKubeConfig(kubeconfig)
+	Expect(err).To(Not(HaveOccurred()))
+
+	k8s, err = kubernetes.NewForConfig(restcfg)
+	Expect(err).To(Not(HaveOccurred()))
+
+	scheme := buildScheme()
+	k8sClient, err = client.New(restcfg, client.Options{Scheme: scheme})
+	Expect(err).NotTo(HaveOccurred())
+
+	logger, err := zap.NewDevelopment()
+	Expect(err).NotTo(HaveOccurred())
+	log.SetLogger(zapr.NewLogger(logger))
+}
+
+func installK3kChart(kubeconfig []byte) {
+	pwd, err := os.Getwd()
+	Expect(err).To(Not(HaveOccurred()))
+
+	k3kChart, err := loader.Load(path.Join(pwd, "../charts/k3k"))
+	Expect(err).To(Not(HaveOccurred()))
+
+	actionConfig := new(action.Configuration)
+
+	restClientGetter, err := NewRESTClientGetter(kubeconfig)
+	Expect(err).To(Not(HaveOccurred()))
+
+	releaseName := "k3k"
+	releaseNamespace := "k3k-system"
+
+	err = actionConfig.Init(restClientGetter, releaseNamespace, os.Getenv("HELM_DRIVER"), func(format string, v ...interface{}) {
+		fmt.Fprintf(GinkgoWriter, "helm debug: "+format+"\n", v...)
+	})
+	Expect(err).To(Not(HaveOccurred()))
+
+	iCli := action.NewInstall(actionConfig)
+	iCli.ReleaseName = releaseName
+	iCli.Namespace = releaseNamespace
+	iCli.CreateNamespace = true
+	iCli.Timeout = time.Minute
+	iCli.Wait = true
+
+	imageMap, _ := k3kChart.Values["image"].(map[string]any)
+	maps.Copy(imageMap, map[string]any{
+		"repository": "rancher/k3k",
+		"tag":        "dev",
+		"pullPolicy": "IfNotPresent",
+	})
+
+	sharedAgentMap, _ := k3kChart.Values["sharedAgent"].(map[string]any)
+	sharedAgentImageMap, _ := sharedAgentMap["image"].(map[string]any)
+	maps.Copy(sharedAgentImageMap, map[string]any{
+		"repository": "rancher/k3k-kubelet",
+		"tag":        "dev",
+	})
+
+	err = k3sContainer.LoadImages(context.Background(), "rancher/k3k:dev", "rancher/k3k-kubelet:dev")
+	Expect(err).To(Not(HaveOccurred()))
+
+	release, err := iCli.Run(k3kChart, k3kChart.Values)
+	Expect(err).To(Not(HaveOccurred()))
+
+	fmt.Fprintf(GinkgoWriter, "Release %s installed in %s namespace\n", release.Name, release.Namespace)
+}
+
+var _ = AfterSuite(func() {
+	// dump k3s logs
+	readCloser, err := k3sContainer.Logs(context.Background())
+	Expect(err).To(Not(HaveOccurred()))
+
+	logs, err := io.ReadAll(readCloser)
+	Expect(err).To(Not(HaveOccurred()))
+
+	logfile := path.Join(os.TempDir(), "k3s.log")
+	err = os.WriteFile(logfile, logs, 0644)
+	Expect(err).To(Not(HaveOccurred()))
+
+	fmt.Fprintln(GinkgoWriter, "k3s logs written to: "+logfile)
+
+	testcontainers.CleanupContainer(GinkgoTB(), k3sContainer)
+})
+
+var _ = When("k3k is installed", func() {
+	It("has to be in a Ready state", func() {
+
+		// check that at least a Pod is in Ready state
+		Eventually(func() bool {
+			opts := v1.ListOptions{LabelSelector: "app.kubernetes.io/name=k3k"}
+			podList, err := k8s.CoreV1().Pods("k3k-system").List(context.Background(), opts)
+
+			Expect(err).To(Not(HaveOccurred()))
+			Expect(podList.Items).To(Not(BeEmpty()))
+
+			isReady := false
+
+		outer:
+			for _, pod := range podList.Items {
+				for _, condition := range pod.Status.Conditions {
+					if condition.Status != corev1.ConditionTrue {
+						continue
+					}
+
+					if condition.Type == corev1.PodReady {
+						isReady = true
+						break outer
+					}
+				}
+			}
+
+			return isReady
+		}).
+			WithTimeout(time.Second * 10).
+			WithPolling(time.Second).
+			Should(BeTrue())
+	})
+})
+
+func buildScheme() *runtime.Scheme {
+	scheme := runtime.NewScheme()
+	err := v1alpha1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+	return scheme
+}
Author	SHA1	Message	Date
Hussein Galal	931c7c5fcb	Fix secret tokens and DNS translation (#200 ) * Include init containers in token translation Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix kubernetes.defaul service DNS translation Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add skip test var to dapper Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add kubelet version and image pull policy to the shared agent Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> --------- Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	2025-01-23 01:55:05 +02:00
Enrico Candino	fd6ed8184f	removed antiaffinity (#199 )	2025-01-22 18:34:30 +01:00
Enrico Candino	c285004944	fix release tag (#201 )	2025-01-22 15:18:10 +01:00
Enrico Candino	b0aa22b2f4	Simplify Cluster spec (#193 ) * removed some required parameters, adding defaults * add hostVersion in Status field * fix tests	2025-01-21 21:19:44 +01:00
Enrico Candino	3f49593f96	Add Cluster creation test (#192 ) * added k3kcli to path * test create cluster * updated ptr * added cluster creation test	2025-01-21 17:53:42 +01:00
Enrico Candino	0b3a5f250e	Added `golangci-lint` action (#197 ) * added golangci-lint action * linters * cleanup linters * fix error, increase timeout * removed unnecessary call to Stringer	2025-01-21 11:30:57 +01:00
Enrico Candino	e7671134d2	fixed missing version (#196 )	2025-01-21 10:52:27 +01:00
Enrico Candino	f9b3d62413	bump go1.23 (#198 )	2025-01-21 10:50:23 +01:00
Enrico Candino	d4368da9a0	E2E tests scaffolding (#189 ) * testcontainers add build script dropped namespace from chart upload logs removed old tests * show go.mod diffs	2025-01-16 20:40:53 +01:00