Skip to content

K8SPG-1013 fix tests for Openshift #1606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hors merged 5 commits into from
May 20, 2026
Merged

K8SPG-1013 fix tests for Openshift #1606

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f6a697b
Fix LDAP permissions for Openshift
valmiranogueira May 19, 2026
743fe2a
Fix Minio installation on Openshift for migration tests
valmiranogueira May 19, 2026
874e79d
Fix migration test name and Minio installation
valmiranogueira May 19, 2026
7b689f3
Fix lint
valmiranogueira May 19, 2026
a57f96a
Merge branch 'release-3.0.0' into K8SPG-1013-fix-tests
valmiranogueira May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 38 additions & 6 deletions e2e-tests/functions
View file
Open in desktop
Comment thread
valmiranogueira marked this conversation as resolved.
Original file line number Diff line number Diff line change
Expand Up @@ -216,15 +216,41 @@ retry() {
}

deploy_minio() {
local name="${1:-"minio-service"}"
local tls_secret="${2:-}"
local access_key
local secret_key
local endpoint_url="http://minio-service:9000"
local aws_extra_args=""
local service_account_name="minio-sa"
local -a additional_helm_args

access_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d)"
secret_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d)"

helm uninstall -n "${NAMESPACE}" minio-service || :
if [[ $(detect_k8s_platform) == "openshift" ]]; then
kubectl create serviceaccount "${service_account_name}" \
--namespace "${NAMESPACE}"
oc adm policy add-scc-to-user anyuid -z "${service_account_name}" -n "${NAMESPACE}"
additional_helm_args+=(
--set serviceAccount.create=false
--set serviceAccount.name="${service_account_name}"
)
fi

if [[ -n $tls_secret ]]; then
additional_helm_args+=(
--set tls.enabled=true
--set tls.certSecret="${tls_secret}"
)
endpoint_url="https://${name}:9000"
aws_extra_args="--no-verify-ssl"
fi

helm uninstall -n "${NAMESPACE}" "${name}" || :
helm repo remove minio || :
helm repo add minio https://charts.min.io/
retry 10 60 helm install minio-service \
retry 10 60 helm install "${name}" \
-n "${NAMESPACE}" \
--version "${MINIO_VER}" \
--set replicas=1 \
Expand All @@ -236,17 +262,23 @@ deploy_minio() {
--set "users[0].secretKey"="$(printf '%q' "$(printf '%q' "$secret_key")")" \
--set "users[0].policy"=consoleAdmin \
--set service.type=ClusterIP \
--set configPathmc=/tmp/.minio/ \
--set persistence.size=2G \
--set securityContext.enabled=false \
"${additional_helm_args[@]}" \
minio/minio
MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods --selector=release=minio-service -o 'jsonpath={.items[].metadata.name}')

MINIO_POD=$(
kubectl -n "${NAMESPACE}" get pods \
--selector=release=${name} \
-o 'jsonpath={.items[].metadata.name}'
)

wait_pod $MINIO_POD

# create bucket
kubectl -n "${NAMESPACE}" run -i --rm aws-cli --image=perconalab/awscli --restart=Never -- \
bash -c "AWS_ACCESS_KEY_ID='$access_key' AWS_SECRET_ACCESS_KEY='$secret_key' AWS_DEFAULT_REGION=us-east-1 \
/usr/bin/aws --endpoint-url http://minio-service:9000 s3 mb s3://operator-testing"
/usr/bin/aws --endpoint-url ${endpoint_url} ${aws_extra_args} s3 mb s3://operator-testing"
}

get_repo_auth() {
Expand Down Expand Up @@ -1744,4 +1776,4 @@ verify_hugepages_usage() {
echo "Hugepages available but NOT being used by PostgreSQL"
return 1
fi
}
}
2 changes: 1 addition & 1 deletion e2e-tests/run-release.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ upgrade-minor
users
migration-from-crunchy-backup-restore
migration-from-crunchy-pv
migration-from-crunchy-standb
migration-from-crunchy-standby
5 changes: 0 additions & 5 deletions e2e-tests/tests/ldap-tls/00-deploy-operator.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,6 @@ commands:
source ../../functions
init_temp_dir # do this only in the first TestStep
if [[ $OPENSHIFT ]]; then
echo "Skipping LDAP-TLS test on OpenShift"
exit 1
fi
deploy_operator
deploy_client
deploy_cert_manager
14 changes: 14 additions & 0 deletions e2e-tests/tests/ldap-tls/01-openldap-tls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,18 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |-
set -o errexit
set -o xtrace
source ../../functions
kubectl create serviceaccount openldap-tls \
--namespace "${NAMESPACE}"
if [[ $(detect_k8s_platform) == "openshift" ]]; then
oc adm policy add-scc-to-user anyuid -z openldap-tls -n "${NAMESPACE}"
sleep 5
fi
apply:
- files/openldap-tls.yaml
1 change: 1 addition & 0 deletions e2e-tests/tests/ldap-tls/files/openldap-tls-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ spec:
labels:
app.kubernetes.io/name: openldap-tls
spec:
serviceAccountName: openldap-tls
containers:
- name: openldap
image: osixia/openldap:latest
Expand Down
5 changes: 0 additions & 5 deletions e2e-tests/tests/ldap/00-deploy-operator.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,5 @@ commands:
source ../../functions
init_temp_dir # do this only in the first TestStep
if [[ $OPENSHIFT ]]; then
echo "Skipping LDAP test on OpenShift"
exit 1
fi
deploy_operator
deploy_client
14 changes: 14 additions & 0 deletions e2e-tests/tests/ldap/01-openldap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,18 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: |-
set -o errexit
set -o xtrace
source ../../functions
kubectl create serviceaccount openldap \
--namespace "${NAMESPACE}"
if [[ $(detect_k8s_platform) == "openshift" ]]; then
oc adm policy add-scc-to-user anyuid -z openldap -n "${NAMESPACE}"
sleep 5
fi
apply:
- files/openldap.yaml
1 change: 1 addition & 0 deletions e2e-tests/tests/ldap/files/openldap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ spec:
labels:
app.kubernetes.io/name: openldap
spec:
serviceAccountName: openldap
containers:
- name: openldap
image: osixia/openldap:latest
Expand Down
32 changes: 1 addition & 31 deletions e2e-tests/tests/migration-from-crunchy-backup-restore/00-deploy-operators.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,37 +36,7 @@ commands:
--from-file=public.crt="${TEMP_DIR}/minio.crt" \
--from-file=private.key="${TEMP_DIR}/minio.key"

helm repo remove minio 2>/dev/null || true
helm repo add minio https://charts.min.io/
helm uninstall -n "${NAMESPACE}" minio-service 2>/dev/null || true
retry 10 60 helm install minio-service minio/minio \
-n "${NAMESPACE}" \
--version "${MINIO_VER}" \
--set replicas=1 \
--set mode=standalone \
--set resources.requests.memory=256Mi \
--set rootUser=rootuser \
--set rootPassword=rootpass123 \
--set "users[0].accessKey=$(printf '%q' "$(printf '%q' "$access_key")")" \
--set "users[0].secretKey=$(printf '%q' "$(printf '%q' "$secret_key")")" \
--set "users[0].policy=consoleAdmin" \
--set service.type=ClusterIP \
--set configPathmc=/tmp/.minio/ \
--set persistence.size=2G \
--set securityContext.enabled=false \
--set tls.enabled=true \
--set tls.certSecret=minio-tls

MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods \
--selector=release=minio-service -o 'jsonpath={.items[].metadata.name}')
wait_pod "${MINIO_POD}"

kubectl -n "${NAMESPACE}" run -i --rm aws-cli \
--image=perconalab/awscli --restart=Never -- bash -c \
"AWS_ACCESS_KEY_ID='${access_key}' AWS_SECRET_ACCESS_KEY='${secret_key}' \
AWS_DEFAULT_REGION=us-east-1 \
/usr/bin/aws --endpoint-url https://minio-service:9000 --no-verify-ssl \
s3 mb s3://operator-testing"
deploy_minio minio-service minio-tls

cat > "${TEMP_DIR}/pgbackrest-minio.ini" << EOF
[global]
Expand Down
35 changes: 3 additions & 32 deletions e2e-tests/tests/migration-from-crunchy-pv/00-deploy-operators.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ commands:
--set singleNamespace=true \
--wait

# Deploy minio WITH TLS — pgBackRest requires HTTPS; repo1-s3-verify-tls=n skips validation.
# Deploy MinIO using the shared helper so this test follows the same
# setup path as the rest of the suite.
kubectl -n "${NAMESPACE}" apply -f "${TESTS_CONFIG_DIR}/minio-secret.yml"

access_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret \
Expand All @@ -35,37 +36,7 @@ commands:
--from-file=public.crt="${TEMP_DIR}/minio.crt" \
--from-file=private.key="${TEMP_DIR}/minio.key"

helm repo remove minio 2>/dev/null || true
helm repo add minio https://charts.min.io/
helm uninstall -n "${NAMESPACE}" minio-service 2>/dev/null || true
retry 10 60 helm install minio-service minio/minio \
-n "${NAMESPACE}" \
--version "${MINIO_VER}" \
--set replicas=1 \
--set mode=standalone \
--set resources.requests.memory=256Mi \
--set rootUser=rootuser \
--set rootPassword=rootpass123 \
--set "users[0].accessKey=$(printf '%q' "$(printf '%q' "$access_key")")" \
--set "users[0].secretKey=$(printf '%q' "$(printf '%q' "$secret_key")")" \
--set "users[0].policy=consoleAdmin" \
--set service.type=ClusterIP \
--set configPathmc=/tmp/.minio/ \
--set persistence.size=2G \
--set securityContext.enabled=false \
--set tls.enabled=true \
--set tls.certSecret=minio-tls

MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods \
--selector=release=minio-service -o 'jsonpath={.items[].metadata.name}')
wait_pod "${MINIO_POD}"

kubectl -n "${NAMESPACE}" run -i --rm aws-cli \
--image=perconalab/awscli --restart=Never -- bash -c \
"AWS_ACCESS_KEY_ID='${access_key}' AWS_SECRET_ACCESS_KEY='${secret_key}' \
AWS_DEFAULT_REGION=us-east-1 \
/usr/bin/aws --endpoint-url https://minio-service:9000 --no-verify-ssl \
s3 mb s3://operator-testing"
deploy_minio minio-service minio-tls

cat > "${TEMP_DIR}/pgbackrest-minio.ini" << EOF
[global]
Expand Down
32 changes: 1 addition & 31 deletions e2e-tests/tests/migration-from-crunchy-standby/00-deploy-operators.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,37 +39,7 @@ commands:
--from-file=public.crt="${TEMP_DIR}/minio.crt" \
--from-file=private.key="${TEMP_DIR}/minio.key"

helm repo remove minio 2>/dev/null || true
helm repo add minio https://charts.min.io/
helm uninstall -n "${NAMESPACE}" minio-service 2>/dev/null || true
retry 10 60 helm install minio-service minio/minio \
-n "${NAMESPACE}" \
--version "${MINIO_VER}" \
--set replicas=1 \
--set mode=standalone \
--set resources.requests.memory=256Mi \
--set rootUser=rootuser \
--set rootPassword=rootpass123 \
--set "users[0].accessKey=$(printf '%q' "$(printf '%q' "$access_key")")" \
--set "users[0].secretKey=$(printf '%q' "$(printf '%q' "$secret_key")")" \
--set "users[0].policy=consoleAdmin" \
--set service.type=ClusterIP \
--set configPathmc=/tmp/.minio/ \
--set persistence.size=2G \
--set securityContext.enabled=false \
--set tls.enabled=true \
--set tls.certSecret=minio-tls

MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods \
--selector=release=minio-service -o 'jsonpath={.items[].metadata.name}')
wait_pod "${MINIO_POD}"

kubectl -n "${NAMESPACE}" run -i --rm aws-cli \
--image=perconalab/awscli --restart=Never -- bash -c \
"AWS_ACCESS_KEY_ID='${access_key}' AWS_SECRET_ACCESS_KEY='${secret_key}' \
AWS_DEFAULT_REGION=us-east-1 \
/usr/bin/aws --endpoint-url https://minio-service:9000 --no-verify-ssl \
s3 mb s3://operator-testing"
deploy_minio minio-service minio-tls

cat > "${TEMP_DIR}/pgbackrest-minio.ini" << EOF
[global]
Expand Down
Loading