K8SPSMDB - Fix tests (#1349)

Author: tplavcic

e2e-tests/conf/cmctl.yml

@@ -15,14 +15,13 @@ spec:
       serviceAccountName: cmctl
       containers:
         - name: cmctl
-          image: debian
+          image: curlimages/curl
           imagePullPolicy: Always
           command:
-          - /bin/bash
+          - /bin/sh
           - -c
           - |
-            apt-get update && apt-get install -y curl \
-            && curl -fsSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/latest/download/cmctl-linux-amd64.tar.gz \
-            && tar xzf cmctl.tar.gz \
+            curl -fsSL -o /tmp/cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/latest/download/cmctl-linux-amd64.tar.gz \
+            && tar -C /tmp -xzf /tmp/cmctl.tar.gz \
             && sleep 100500
       restartPolicy: Always

e2e-tests/default-cr/run

@@ -86,11 +86,17 @@ function main() {
 		platform=openshift
 		oc create sa pmm-server
 		oc adm policy add-scc-to-user privileged -z pmm-server
-		oc create rolebinding pmm-psmdb-operator-namespace-only --role percona-server-mongodb-operator --serviceaccount=$namespace:pmm-server
-		oc patch role/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]'
+		if [ -n "$OPERATOR_NS" ]; then
+			timeout 30 oc delete clusterrolebinding $(kubectl get clusterrolebinding | grep 'pmm-psmdb-operator-' | awk '{print $1}') || :
+			oc create clusterrolebinding pmm-psmdb-operator-cluster-wide --clusterrole=percona-server-mongodb-operator --serviceaccount=$namespace:pmm-server
+			oc patch clusterrole/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]' ${OPERATOR_NS:+-n $OPERATOR_NS}
+		else
+			oc create rolebinding pmm-psmdb-operator-namespace-only --role percona-server-mongodb-operator --serviceaccount=$namespace:pmm-server
+			oc patch role/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]'
+		fi
 		retry 10 60 helm install monitoring --set imageTag=$IMAGE_PMM_SERVER_TAG --set imageRepo=$IMAGE_PMM_SERVER_REPO --set platform=$platform --set sa=pmm-server --set supresshttp2=false https://percona-charts.storage.googleapis.com/pmm-server-${PMM_SERVER_VER}.tgz
 	else
-		helm install monitoring --set imageTag=$IMAGE_PMM_SERVER_TAG --set imageRepo=$IMAGE_PMM_SERVER_REPO --set platform=$platform https://percona-charts.storage.googleapis.com/pmm-server-${PMM_SERVER_VER}.tgz
+		retry 10 60 helm install monitoring --set imageTag=$IMAGE_PMM_SERVER_TAG --set imageRepo=$IMAGE_PMM_SERVER_REPO --set platform=$platform https://percona-charts.storage.googleapis.com/pmm-server-${PMM_SERVER_VER}.tgz
 	fi
 	sleep 20
 	kubectl_bin patch psmdb ${cluster} --type=merge --patch '{

e2e-tests/security-context/run

@@ -15,7 +15,11 @@ desc 'create additional service account'
 kubectl_bin apply -f "$test_dir/conf/service-account.yml"
 if [[ -n ${OPENSHIFT} ]]; then
 	oc adm policy add-scc-to-user privileged -z percona-server-mongodb-operator-workload
-	oc patch role/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]'
+	if [ -n "$OPERATOR_NS" ]; then
+		oc patch clusterrole/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]'
+	else
+		oc patch role/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]'
+	fi
 fi
 
 cluster='sec-context'

e2e-tests/tls-issue-cert-manager/run

@@ -17,7 +17,7 @@ renew-certificate() {
 	local revision
 	revision=$(kubectl_bin get certificate "$certificate" -o 'jsonpath={.status.revision}')
 
-	kubectl_bin exec "$pod_name" -- ./cmctl renew "$certificate"
+	kubectl_bin exec "$pod_name" -- /tmp/cmctl renew "$certificate"
 
 	# wait for new revision
 	for i in {1..10}; do