CLOUDP-377831: Rewrite prepare local e2e run script

[Julien-Ben]

Summary

The local e2e preparation script (prepare_local_e2e_run.sh) was taking ~45-51s on multi-cluster setups, mostly due to sequential kubectl subprocess spawning. This PR brings it down to ~15-19s.

Every local e2e run starts with this script, so saving 30s in each iteration adds up fast during development.

What changed

Go rewrite of multi-cluster prep: The biggest win. Replaced the bash functions prepare_multi_cluster_e2e_run and configure_multi_cluster_environment with a Go binary (scripts/dev/prepare-multi-cluster/main.go) that uses client-go directly instead of shelling out to kubectl. Operations across clusters run in parallel via goroutines. This alone took the multi-cluster prep step from ~11s to ~1.4s.

The bash version used a helm chart to template RBAC resources (a ServiceAccount and a ClusterRoleBinding). The Go version creates these directly via the typed API with idempotent get-or-create-or-update logic. The helm chart is unchanged and still used by CI; only the local dev path bypasses it.

Bash parallelization: make install and delete_om_projects.sh are backgrounded early in the script and waited on before the deploy step.

Redundant work elimination: create_image_registries_secret was called twice per run (once in configure_container_auth.sh, again in configure_operator.sh). Gated the second call behind RUNNING_IN_EVG so it only runs in CI. Similarly, my-project/my-credentials creation is skipped in local multi-cluster runs since the Go binary handles it.

Smaller wins: kubectl delete + create converted to kubectl apply everywhere. Makefile sentinel file skips CRD regeneration when api/*.go hasn't changed. go build -o bin/X instead of go run (build cache makes repeated runs instant).

CI impact

All changes are gated to only affect local runs. CI paths (e2e.sh, single_e2e.sh) are unchanged in behavior — RUNNING_IN_EVG guards ensure CI still creates pull secrets and config resources through the existing shell path. The Go binary is only invoked from prepare_local_e2e_run.sh.

Follow-ups

Two more changes can be considered to further reduce the total time (by ~3-5s):

• Run the kubectl plugin multi cluster setup concurrently (via e.g a --parallel flag).
• Further parallelize reset.go (not only across clusters, but also within each cluster).

Proof of Work

Manually ran different e2e tests in different variants to assert correctness. This script doesn't run in CI.

Performance

Ran locally against a 4-cluster KIND setup (1 central + 3 members), where the changes matter most. Timed 3 runs of each version, both from a cold start (no compilation cache, CRDs need regenerating) and warm (caches populated).

                     Cold start     Warm start
                     ----------     ----------
Before (sequential)  51.06s         44.77s
After  (all changes) 19.43s         15.36s

Checklist

• Have you linked a jira ticket and/or is the ticket in the title?
• Have you checked whether your jira ticket required DOCSP changes?
• Have you added changelog file?

[github-actions]

⚠️ (this preview might not be accurate if the PR is not rebased on current master branch)

MCK 1.7.1 Release Notes

Other Changes

• Container images: Merged the init-database and init-appdb init container images into a single init-database image. The init-appdb image will no longer be published and does not affect existing deployments.

[lsierant]

what the hack! 😅
let's use GroupVersionKind and Unstructured data with the yaml payload, essentially mimic kubectl apply but with the API server. We don't need to fallback to kubectl

[Julien-Ben]

Oh, I did it initially to to avoid initializing a second (untyped) client, out of laziness.

But here is the fix: 318e91e

[nammn]

do you think this comment is useful in a later time, assuming this is getting merges?

[nammn]

i am not sure whether those comments make sense here rather than in the pr as inline comments. All of those changes are tight to prior implementation

[nammn]

can't we rather update create_image_registries_secret to skip if the secret already exists? That removes the running in evg check

[nammn]

nit: I think we could split the function into 2 subfunctions for readability:

• checkExists()
• buildFromSource()

basically your comments but as subfunctions.

[nammn]

where do we write to here? Do we even save anything in doing this concurrently?