[v2] Use official nonroot images for e2e tests

.github/workflows/v2-run-acceptance-tests.yaml

@@ -62,9 +62,6 @@ jobs:
     runs-on: ubuntu-latest
     name: E2E tests
     steps:
-      # Building the rootless image currently eats up all of our free disk.
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
       - name: Setup cluster
         uses: helm/kind-action@v1
         with:

operator/Makefile

@@ -151,13 +151,9 @@ run: manifests generate fmt vet ## Run a controller from your host.
 # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 .PHONY: docker-build
-docker-build: docker-rootless ## Build docker image with the manager.
+docker-build: ## Build docker image with the manager.
 	$(CONTAINER_TOOL) build -t ${IMG}:${VERSION} --build-context agent=../agent --build-arg VERSION=${VERSION} .
 
-.PHONY: docker-rootless
-docker-rootless:
-	$(MAKE) -C hack/nonroot
-
 .PHONY: docker-push
 docker-push: ## Push docker image with the manager.
 	$(CONTAINER_TOOL) push ${IMG}:${VERSION}

operator/e2e/e2e_test.go

@@ -52,8 +52,6 @@ func TestE2E(t *testing.T) {
 
 	err := loadImageToKindClusterWithName(projectimage)
 	require.NoError(t, err, "failed to load image into kind")
-	err = loadImageToKindClusterWithName("pulumi/pulumi:3.130.0-nonroot")
-	require.NoError(t, err, "failed to load image into kind")
 
 	cmd = exec.Command("make", "install")
 	require.NoError(t, run(cmd), "failed to install CRDs")

operator/e2e/testdata/git-auth-nonroot/manifests.yaml

@@ -54,7 +54,7 @@ spec:
         value: "test"
   workspaceTemplate:
     spec:
-      image: pulumi/pulumi:3.130.0-nonroot
+      image: pulumi/pulumi:3.134.1-nonroot
       podTemplate:
         spec:
           containers:

operator/e2e/testdata/random-yaml-nonroot/manifests.yaml

@@ -59,7 +59,7 @@ spec:
         value: "test"
   workspaceTemplate:
     spec:
-      image: pulumi/pulumi:3.130.0-nonroot
+      image: pulumi/pulumi:3.134.1-nonroot
       podTemplate:
         spec:
           containers:

operator/examples/random-yaml/stack.yaml

@@ -23,4 +23,5 @@ spec:
       secret:
         name: pulumi-api-secret
         key: accessToken
-  image: pulumi/pulumi:3.130.0-nonroot
+  image: pulumi/pulumi:3.134.1-nonroot
+

operator/examples/random-yaml/workspace.yaml

@@ -11,10 +11,10 @@ kind: Workspace
 metadata:
   name: random-yaml-1e2fc47
 spec:
-  image: pulumi/pulumi:3.130.0-nonroot
-  securityProfile: restricted  
+  image: pulumi/pulumi:3.134.1-nonroot
+  securityProfile: restricted
   serviceAccountName: default
-  
+
   # git:
   #   url: https://github.com/pulumi/examples.git
   #   revision: 1e2fc471709448f3c9f7a250f28f1eafcde7017b
@@ -24,11 +24,11 @@ spec:
     digest: sha256:6560311e95689086aa195a82c0310080adc31bea2457936ce528a014d811407a
     dir: random-yaml
   env:
-  - name: PULUMI_ACCESS_TOKEN
-    valueFrom:
-      secretKeyRef:
-        name: pulumi-api-secret
-        key: accessToken
+    - name: PULUMI_ACCESS_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: pulumi-api-secret
+          key: accessToken
   resources:
     requests:
       cpu: 1
@@ -53,27 +53,27 @@ spec:
           operator: "Exists"
           effect: "NoSchedule"
       initContainers:
-      - name: extra
-        image: busybox
-        command: ["sh", "-c", "echo 'Hello, extra init container!'"]
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - ALL
-        volumeMounts:
-          - name: share
-            mountPath: /share
+        - name: extra
+          image: busybox
+          command: ["sh", "-c", "echo 'Hello, extra init container!'"]
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - ALL
+          volumeMounts:
+            - name: share
+              mountPath: /share
       containers:
-      - name: pulumi
-        volumeMounts:
-          - name: secret-volume
-            mountPath: /etc/secret-volume
-            readOnly: true
-          - name: oidc-token
-            mountPath: /var/run/secrets/pulumi
+        - name: pulumi
+          volumeMounts:
+            - name: secret-volume
+              mountPath: /etc/secret-volume
+              readOnly: true
+            - name: oidc-token
+              mountPath: /var/run/secrets/pulumi
       volumes:
         - name: secret-volume
           secret:
@@ -88,19 +88,18 @@ spec:
   stacks:
     - name: dev
       config:
-      - key: "pulumi:oidcToken"
-        valueFrom:
-          path: /var/run/secrets/pulumi/token
-        secret: true
-      - key: kubernetes:namespace
-        value: "default"
-      - key: data.active
-        path: true
-        value: "true"
-      - key: data.nums[0]
-        path: true
-        value: "1"
-      - key: data.nums[1]
-        path: true
-        value: "2"
-
+        - key: "pulumi:oidcToken"
+          valueFrom:
+            path: /var/run/secrets/pulumi/token
+          secret: true
+        - key: kubernetes:namespace
+          value: "default"
+        - key: data.active
+          path: true
+          value: "true"
+        - key: data.nums[0]
+          path: true
+          value: "1"
+        - key: data.nums[1]
+          path: true
+          value: "2"