diff --git a/e2e-tests/functions b/e2e-tests/functions index c81f44786..1301c1728 100644 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -216,15 +216,41 @@ retry() { } deploy_minio() { + local name="${1:-"minio-service"}" + local tls_secret="${2:-}" local access_key local secret_key + local endpoint_url="http://minio-service:9000" + local aws_extra_args="" + local service_account_name="minio-sa" + local -a additional_helm_args + access_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d)" secret_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d)" - helm uninstall -n "${NAMESPACE}" minio-service || : + if [[ $(detect_k8s_platform) == "openshift" ]]; then + kubectl create serviceaccount "${service_account_name}" \ + --namespace "${NAMESPACE}" + oc adm policy add-scc-to-user anyuid -z "${service_account_name}" -n "${NAMESPACE}" + additional_helm_args+=( + --set serviceAccount.create=false + --set serviceAccount.name="${service_account_name}" + ) + fi + + if [[ -n $tls_secret ]]; then + additional_helm_args+=( + --set tls.enabled=true + --set tls.certSecret="${tls_secret}" + ) + endpoint_url="https://${name}:9000" + aws_extra_args="--no-verify-ssl" + fi + + helm uninstall -n "${NAMESPACE}" "${name}" || : helm repo remove minio || : helm repo add minio https://charts.min.io/ - retry 10 60 helm install minio-service \ + retry 10 60 helm install "${name}" \ -n "${NAMESPACE}" \ --version "${MINIO_VER}" \ --set replicas=1 \ @@ -236,17 +262,23 @@ deploy_minio() { --set "users[0].secretKey"="$(printf '%q' "$(printf '%q' "$secret_key")")" \ --set "users[0].policy"=consoleAdmin \ --set service.type=ClusterIP \ - --set configPathmc=/tmp/.minio/ \ --set persistence.size=2G \ --set securityContext.enabled=false \ + "${additional_helm_args[@]}" \ minio/minio - MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods --selector=release=minio-service -o 'jsonpath={.items[].metadata.name}') + + MINIO_POD=$( + kubectl -n "${NAMESPACE}" get pods \ + --selector=release=${name} \ + -o 'jsonpath={.items[].metadata.name}' + ) + wait_pod $MINIO_POD # create bucket kubectl -n "${NAMESPACE}" run -i --rm aws-cli --image=perconalab/awscli --restart=Never -- \ bash -c "AWS_ACCESS_KEY_ID='$access_key' AWS_SECRET_ACCESS_KEY='$secret_key' AWS_DEFAULT_REGION=us-east-1 \ - /usr/bin/aws --endpoint-url http://minio-service:9000 s3 mb s3://operator-testing" + /usr/bin/aws --endpoint-url ${endpoint_url} ${aws_extra_args} s3 mb s3://operator-testing" } get_repo_auth() { @@ -1744,4 +1776,4 @@ verify_hugepages_usage() { echo "Hugepages available but NOT being used by PostgreSQL" return 1 fi -} \ No newline at end of file +} diff --git a/e2e-tests/run-release.csv b/e2e-tests/run-release.csv index 72910e2af..a073552ff 100644 --- a/e2e-tests/run-release.csv +++ b/e2e-tests/run-release.csv @@ -40,4 +40,4 @@ upgrade-minor users migration-from-crunchy-backup-restore migration-from-crunchy-pv -migration-from-crunchy-standb +migration-from-crunchy-standby diff --git a/e2e-tests/tests/ldap-tls/00-deploy-operator.yaml b/e2e-tests/tests/ldap-tls/00-deploy-operator.yaml index 9e2d6a12b..7826f3b2b 100644 --- a/e2e-tests/tests/ldap-tls/00-deploy-operator.yaml +++ b/e2e-tests/tests/ldap-tls/00-deploy-operator.yaml @@ -9,11 +9,6 @@ commands: source ../../functions init_temp_dir # do this only in the first TestStep - if [[ $OPENSHIFT ]]; then - echo "Skipping LDAP-TLS test on OpenShift" - exit 1 - fi - deploy_operator deploy_client deploy_cert_manager diff --git a/e2e-tests/tests/ldap-tls/01-openldap-tls.yaml b/e2e-tests/tests/ldap-tls/01-openldap-tls.yaml index d77fa1a4c..1bd9ae25f 100644 --- a/e2e-tests/tests/ldap-tls/01-openldap-tls.yaml +++ b/e2e-tests/tests/ldap-tls/01-openldap-tls.yaml @@ -1,4 +1,18 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep +commands: + - script: |- + set -o errexit + set -o xtrace + + source ../../functions + + kubectl create serviceaccount openldap-tls \ + --namespace "${NAMESPACE}" + + if [[ $(detect_k8s_platform) == "openshift" ]]; then + oc adm policy add-scc-to-user anyuid -z openldap-tls -n "${NAMESPACE}" + sleep 5 + fi apply: - files/openldap-tls.yaml diff --git a/e2e-tests/tests/ldap-tls/files/openldap-tls-deploy.yaml b/e2e-tests/tests/ldap-tls/files/openldap-tls-deploy.yaml index e7f9544f9..8468ff538 100644 --- a/e2e-tests/tests/ldap-tls/files/openldap-tls-deploy.yaml +++ b/e2e-tests/tests/ldap-tls/files/openldap-tls-deploy.yaml @@ -15,6 +15,7 @@ spec: labels: app.kubernetes.io/name: openldap-tls spec: + serviceAccountName: openldap-tls containers: - name: openldap image: osixia/openldap:latest diff --git a/e2e-tests/tests/ldap/00-deploy-operator.yaml b/e2e-tests/tests/ldap/00-deploy-operator.yaml index dbea2a35c..906c0976c 100644 --- a/e2e-tests/tests/ldap/00-deploy-operator.yaml +++ b/e2e-tests/tests/ldap/00-deploy-operator.yaml @@ -9,10 +9,5 @@ commands: source ../../functions init_temp_dir # do this only in the first TestStep - if [[ $OPENSHIFT ]]; then - echo "Skipping LDAP test on OpenShift" - exit 1 - fi - deploy_operator deploy_client diff --git a/e2e-tests/tests/ldap/01-openldap.yaml b/e2e-tests/tests/ldap/01-openldap.yaml index bb6f0bff5..ce6c52762 100644 --- a/e2e-tests/tests/ldap/01-openldap.yaml +++ b/e2e-tests/tests/ldap/01-openldap.yaml @@ -1,4 +1,18 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep +commands: + - script: |- + set -o errexit + set -o xtrace + + source ../../functions + + kubectl create serviceaccount openldap \ + --namespace "${NAMESPACE}" + + if [[ $(detect_k8s_platform) == "openshift" ]]; then + oc adm policy add-scc-to-user anyuid -z openldap -n "${NAMESPACE}" + sleep 5 + fi apply: - files/openldap.yaml diff --git a/e2e-tests/tests/ldap/files/openldap.yaml b/e2e-tests/tests/ldap/files/openldap.yaml index da1ec46f6..70925e776 100644 --- a/e2e-tests/tests/ldap/files/openldap.yaml +++ b/e2e-tests/tests/ldap/files/openldap.yaml @@ -23,6 +23,7 @@ spec: labels: app.kubernetes.io/name: openldap spec: + serviceAccountName: openldap containers: - name: openldap image: osixia/openldap:latest diff --git a/e2e-tests/tests/migration-from-crunchy-backup-restore/00-deploy-operators.yaml b/e2e-tests/tests/migration-from-crunchy-backup-restore/00-deploy-operators.yaml index ee4da2843..f101b6778 100644 --- a/e2e-tests/tests/migration-from-crunchy-backup-restore/00-deploy-operators.yaml +++ b/e2e-tests/tests/migration-from-crunchy-backup-restore/00-deploy-operators.yaml @@ -36,37 +36,7 @@ commands: --from-file=public.crt="${TEMP_DIR}/minio.crt" \ --from-file=private.key="${TEMP_DIR}/minio.key" - helm repo remove minio 2>/dev/null || true - helm repo add minio https://charts.min.io/ - helm uninstall -n "${NAMESPACE}" minio-service 2>/dev/null || true - retry 10 60 helm install minio-service minio/minio \ - -n "${NAMESPACE}" \ - --version "${MINIO_VER}" \ - --set replicas=1 \ - --set mode=standalone \ - --set resources.requests.memory=256Mi \ - --set rootUser=rootuser \ - --set rootPassword=rootpass123 \ - --set "users[0].accessKey=$(printf '%q' "$(printf '%q' "$access_key")")" \ - --set "users[0].secretKey=$(printf '%q' "$(printf '%q' "$secret_key")")" \ - --set "users[0].policy=consoleAdmin" \ - --set service.type=ClusterIP \ - --set configPathmc=/tmp/.minio/ \ - --set persistence.size=2G \ - --set securityContext.enabled=false \ - --set tls.enabled=true \ - --set tls.certSecret=minio-tls - - MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods \ - --selector=release=minio-service -o 'jsonpath={.items[].metadata.name}') - wait_pod "${MINIO_POD}" - - kubectl -n "${NAMESPACE}" run -i --rm aws-cli \ - --image=perconalab/awscli --restart=Never -- bash -c \ - "AWS_ACCESS_KEY_ID='${access_key}' AWS_SECRET_ACCESS_KEY='${secret_key}' \ - AWS_DEFAULT_REGION=us-east-1 \ - /usr/bin/aws --endpoint-url https://minio-service:9000 --no-verify-ssl \ - s3 mb s3://operator-testing" + deploy_minio minio-service minio-tls cat > "${TEMP_DIR}/pgbackrest-minio.ini" << EOF [global] diff --git a/e2e-tests/tests/migration-from-crunchy-pv/00-deploy-operators.yaml b/e2e-tests/tests/migration-from-crunchy-pv/00-deploy-operators.yaml index 10f064e88..1289a6882 100644 --- a/e2e-tests/tests/migration-from-crunchy-pv/00-deploy-operators.yaml +++ b/e2e-tests/tests/migration-from-crunchy-pv/00-deploy-operators.yaml @@ -18,7 +18,8 @@ commands: --set singleNamespace=true \ --wait - # Deploy minio WITH TLS — pgBackRest requires HTTPS; repo1-s3-verify-tls=n skips validation. + # Deploy MinIO using the shared helper so this test follows the same + # setup path as the rest of the suite. kubectl -n "${NAMESPACE}" apply -f "${TESTS_CONFIG_DIR}/minio-secret.yml" access_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret \ @@ -35,37 +36,7 @@ commands: --from-file=public.crt="${TEMP_DIR}/minio.crt" \ --from-file=private.key="${TEMP_DIR}/minio.key" - helm repo remove minio 2>/dev/null || true - helm repo add minio https://charts.min.io/ - helm uninstall -n "${NAMESPACE}" minio-service 2>/dev/null || true - retry 10 60 helm install minio-service minio/minio \ - -n "${NAMESPACE}" \ - --version "${MINIO_VER}" \ - --set replicas=1 \ - --set mode=standalone \ - --set resources.requests.memory=256Mi \ - --set rootUser=rootuser \ - --set rootPassword=rootpass123 \ - --set "users[0].accessKey=$(printf '%q' "$(printf '%q' "$access_key")")" \ - --set "users[0].secretKey=$(printf '%q' "$(printf '%q' "$secret_key")")" \ - --set "users[0].policy=consoleAdmin" \ - --set service.type=ClusterIP \ - --set configPathmc=/tmp/.minio/ \ - --set persistence.size=2G \ - --set securityContext.enabled=false \ - --set tls.enabled=true \ - --set tls.certSecret=minio-tls - - MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods \ - --selector=release=minio-service -o 'jsonpath={.items[].metadata.name}') - wait_pod "${MINIO_POD}" - - kubectl -n "${NAMESPACE}" run -i --rm aws-cli \ - --image=perconalab/awscli --restart=Never -- bash -c \ - "AWS_ACCESS_KEY_ID='${access_key}' AWS_SECRET_ACCESS_KEY='${secret_key}' \ - AWS_DEFAULT_REGION=us-east-1 \ - /usr/bin/aws --endpoint-url https://minio-service:9000 --no-verify-ssl \ - s3 mb s3://operator-testing" + deploy_minio minio-service minio-tls cat > "${TEMP_DIR}/pgbackrest-minio.ini" << EOF [global] diff --git a/e2e-tests/tests/migration-from-crunchy-standby/00-deploy-operators.yaml b/e2e-tests/tests/migration-from-crunchy-standby/00-deploy-operators.yaml index 39a0d3c2b..ab06269c2 100644 --- a/e2e-tests/tests/migration-from-crunchy-standby/00-deploy-operators.yaml +++ b/e2e-tests/tests/migration-from-crunchy-standby/00-deploy-operators.yaml @@ -39,37 +39,7 @@ commands: --from-file=public.crt="${TEMP_DIR}/minio.crt" \ --from-file=private.key="${TEMP_DIR}/minio.key" - helm repo remove minio 2>/dev/null || true - helm repo add minio https://charts.min.io/ - helm uninstall -n "${NAMESPACE}" minio-service 2>/dev/null || true - retry 10 60 helm install minio-service minio/minio \ - -n "${NAMESPACE}" \ - --version "${MINIO_VER}" \ - --set replicas=1 \ - --set mode=standalone \ - --set resources.requests.memory=256Mi \ - --set rootUser=rootuser \ - --set rootPassword=rootpass123 \ - --set "users[0].accessKey=$(printf '%q' "$(printf '%q' "$access_key")")" \ - --set "users[0].secretKey=$(printf '%q' "$(printf '%q' "$secret_key")")" \ - --set "users[0].policy=consoleAdmin" \ - --set service.type=ClusterIP \ - --set configPathmc=/tmp/.minio/ \ - --set persistence.size=2G \ - --set securityContext.enabled=false \ - --set tls.enabled=true \ - --set tls.certSecret=minio-tls - - MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods \ - --selector=release=minio-service -o 'jsonpath={.items[].metadata.name}') - wait_pod "${MINIO_POD}" - - kubectl -n "${NAMESPACE}" run -i --rm aws-cli \ - --image=perconalab/awscli --restart=Never -- bash -c \ - "AWS_ACCESS_KEY_ID='${access_key}' AWS_SECRET_ACCESS_KEY='${secret_key}' \ - AWS_DEFAULT_REGION=us-east-1 \ - /usr/bin/aws --endpoint-url https://minio-service:9000 --no-verify-ssl \ - s3 mb s3://operator-testing" + deploy_minio minio-service minio-tls cat > "${TEMP_DIR}/pgbackrest-minio.ini" << EOF [global]