Skip to content

Commit fac36e5

Browse files
tplavcictplavcic
authored
K8SSPSMDB-998 - Fix ldap and upgrade-consistency-sharded-tls tests on OpenShift (#1514)
* K8SPSMDB-998 - Fix upgrade-consistency-sharded-tls on OpenShift * K8SPSMDB-732 - Fix ldap test on OpenShift * Fix shfmt in ldap test
1 parent 146e6e1 commit fac36e5

File tree

8 files changed

+154
-100
lines changed

8 files changed

+154
-100
lines changed

e2e-tests/ldap-tls/run

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,15 @@ test_dir=$(realpath "$(dirname "$0")")
77
set_debug
88

99
deploy_openldap() {
10-
yq "$test_dir/conf/openldap.yaml" \
11-
| yq "select(.metadata.name == \"ldap-ca\").spec.dnsNames[0]=\"openldap.$namespace.svc.cluster.local\"" \
12-
| kubectl_bin apply -f -
10+
if [[ $OPENSHIFT ]]; then
11+
yq 'select(.kind=="Deployment").spec.template.spec.containers[0].securityContext.capabilities.drop[0]="ALL" |
12+
select(.kind=="Deployment").spec.template.spec.containers[0].securityContext.capabilities.add[0]="NET_BIND_SERVICE" |
13+
select(.metadata.name == "ldap-ca").spec.dnsNames[0]="openldap.'$namespace'.svc.cluster.local"' "$test_dir/conf/openldap.yaml" \
14+
| kubectl_bin apply -f -
15+
else
16+
yq 'select(.metadata.name == "ldap-ca").spec.dnsNames[0]="openldap.'$namespace'.svc.cluster.local"' "$test_dir/conf/openldap.yaml" \
17+
| kubectl_bin apply -f -
18+
fi
1319

1420
kubectl rollout status deployment/openldap --timeout=120s
1521
}

e2e-tests/ldap/run

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,13 @@ test_dir=$(realpath "$(dirname "$0")")
77
set_debug
88

99
deploy_openldap() {
10-
kubectl_bin apply -f "$test_dir/conf/openldap.yaml"
10+
if [[ $OPENSHIFT ]]; then
11+
yq 'select(.kind=="Deployment").spec.template.spec.containers[0].securityContext.capabilities.drop[0]="ALL" |
12+
select(.kind=="Deployment").spec.template.spec.containers[0].securityContext.capabilities.add[0]="NET_BIND_SERVICE"' "$test_dir/conf/openldap.yaml" \
13+
| kubectl_bin apply -f -
14+
else
15+
kubectl_bin apply -f "$test_dir/conf/openldap.yaml"
16+
fi
1117

1218
kubectl rollout status deployment/openldap --timeout=120s
1319
}

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1140-oc.yml

Lines changed: 32 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,13 @@ metadata:
44
annotations: {}
55
generation: 1
66
labels:
7-
app.kubernetes.io/component: mongod
7+
app.kubernetes.io/component: cfg
88
app.kubernetes.io/instance: some-name
99
app.kubernetes.io/managed-by: percona-server-mongodb-operator
1010
app.kubernetes.io/name: percona-server-mongodb
1111
app.kubernetes.io/part-of: percona-server-mongodb
12-
app.kubernetes.io/replset: rs0
13-
name: some-name-rs0
12+
app.kubernetes.io/replset: cfg
13+
name: some-name-cfg
1414
ownerReferences:
1515
- controller: true
1616
kind: PerconaServerMongoDB
@@ -21,40 +21,52 @@ spec:
2121
revisionHistoryLimit: 10
2222
selector:
2323
matchLabels:
24-
app.kubernetes.io/component: mongod
24+
app.kubernetes.io/component: cfg
2525
app.kubernetes.io/instance: some-name
2626
app.kubernetes.io/managed-by: percona-server-mongodb-operator
2727
app.kubernetes.io/name: percona-server-mongodb
2828
app.kubernetes.io/part-of: percona-server-mongodb
29-
app.kubernetes.io/replset: rs0
30-
serviceName: some-name-rs0
29+
app.kubernetes.io/replset: cfg
30+
serviceName: some-name-cfg
3131
template:
3232
metadata:
3333
annotations: {}
3434
labels:
35-
app.kubernetes.io/component: mongod
35+
app.kubernetes.io/component: cfg
3636
app.kubernetes.io/instance: some-name
3737
app.kubernetes.io/managed-by: percona-server-mongodb-operator
3838
app.kubernetes.io/name: percona-server-mongodb
3939
app.kubernetes.io/part-of: percona-server-mongodb
40-
app.kubernetes.io/replset: rs0
40+
app.kubernetes.io/replset: cfg
4141
spec:
42+
affinity:
43+
podAntiAffinity:
44+
requiredDuringSchedulingIgnoredDuringExecution:
45+
- labelSelector:
46+
matchLabels:
47+
app.kubernetes.io/component: cfg
48+
app.kubernetes.io/instance: some-name
49+
app.kubernetes.io/managed-by: percona-server-mongodb-operator
50+
app.kubernetes.io/name: percona-server-mongodb
51+
app.kubernetes.io/part-of: percona-server-mongodb
52+
app.kubernetes.io/replset: cfg
53+
topologyKey: kubernetes.io/hostname
4254
containers:
4355
- args:
4456
- --bind_ip_all
4557
- --auth
4658
- --dbpath=/data/db
4759
- --port=27017
48-
- --replSet=rs0
60+
- --replSet=cfg
4961
- --storageEngine=wiredTiger
5062
- --relaxPermChecks
5163
- --sslAllowInvalidCertificates
5264
- --clusterAuthMode=x509
65+
- --configsvr
5366
- --enableEncryption
5467
- --encryptionKeyFile=/etc/mongodb-encryption/encryption-key
5568
- --wiredTigerCacheSizeGB=0.25
5669
- --wiredTigerIndexPrefixCompression=true
57-
- --config=/etc/mongodb-config/mongod.conf
5870
command:
5971
- /opt/percona/ps-entry.sh
6072
env:
@@ -63,7 +75,7 @@ spec:
6375
- name: MONGODB_PORT
6476
value: "27017"
6577
- name: MONGODB_REPLSET
66-
value: rs0
78+
value: cfg
6779
envFrom:
6880
- secretRef:
6981
name: internal-some-name-users
@@ -94,7 +106,7 @@ spec:
94106
name: mongodb
95107
protocol: TCP
96108
readinessProbe:
97-
failureThreshold: 8
109+
failureThreshold: 3
98110
initialDelaySeconds: 10
99111
periodSeconds: 3
100112
successThreshold: 1
@@ -103,11 +115,11 @@ spec:
103115
timeoutSeconds: 2
104116
resources:
105117
limits:
106-
cpu: 500m
118+
cpu: 300m
107119
memory: 500M
108120
requests:
109-
cpu: 100m
110-
memory: 100M
121+
cpu: 300m
122+
memory: 500M
111123
securityContext:
112124
runAsNonRoot: true
113125
terminationMessagePath: /dev/termination-log
@@ -124,8 +136,6 @@ spec:
124136
- mountPath: /etc/mongodb-ssl-internal
125137
name: ssl-internal
126138
readOnly: true
127-
- mountPath: /etc/mongodb-config
128-
name: config
129139
- mountPath: /opt/percona
130140
name: bin
131141
- mountPath: /etc/mongodb-encryption
@@ -142,11 +152,11 @@ spec:
142152
name: mongo-init
143153
resources:
144154
limits:
145-
cpu: 500m
155+
cpu: 300m
146156
memory: 500M
147157
requests:
148-
cpu: 100m
149-
memory: 100M
158+
cpu: 300m
159+
memory: 500M
150160
terminationMessagePath: /dev/termination-log
151161
terminationMessagePolicy: File
152162
volumeMounts:
@@ -168,11 +178,6 @@ spec:
168178
secretName: some-name-mongodb-keyfile
169179
- emptyDir: {}
170180
name: bin
171-
- configMap:
172-
defaultMode: 420
173-
name: some-name-rs0-mongod
174-
optional: true
175-
name: config
176181
- name: some-name-mongodb-encryption-key
177182
secret:
178183
defaultMode: 288
@@ -193,9 +198,7 @@ spec:
193198
defaultMode: 420
194199
secretName: internal-some-name-users
195200
updateStrategy:
196-
rollingUpdate:
197-
partition: 0
198-
type: RollingUpdate
201+
type: OnDelete
199202
volumeClaimTemplates:
200203
- metadata:
201204
name: mongod-data
@@ -204,6 +207,6 @@ spec:
204207
- ReadWriteOnce
205208
resources:
206209
requests:
207-
storage: 1Gi
210+
storage: 3Gi
208211
status:
209212
phase: Pending

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1150-oc.yml

Lines changed: 32 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,13 @@ metadata:
44
annotations: {}
55
generation: 7
66
labels:
7-
app.kubernetes.io/component: mongod
7+
app.kubernetes.io/component: cfg
88
app.kubernetes.io/instance: some-name
99
app.kubernetes.io/managed-by: percona-server-mongodb-operator
1010
app.kubernetes.io/name: percona-server-mongodb
1111
app.kubernetes.io/part-of: percona-server-mongodb
12-
app.kubernetes.io/replset: rs0
13-
name: some-name-rs0
12+
app.kubernetes.io/replset: cfg
13+
name: some-name-cfg
1414
ownerReferences:
1515
- controller: true
1616
kind: PerconaServerMongoDB
@@ -21,40 +21,52 @@ spec:
2121
revisionHistoryLimit: 10
2222
selector:
2323
matchLabels:
24-
app.kubernetes.io/component: mongod
24+
app.kubernetes.io/component: cfg
2525
app.kubernetes.io/instance: some-name
2626
app.kubernetes.io/managed-by: percona-server-mongodb-operator
2727
app.kubernetes.io/name: percona-server-mongodb
2828
app.kubernetes.io/part-of: percona-server-mongodb
29-
app.kubernetes.io/replset: rs0
30-
serviceName: some-name-rs0
29+
app.kubernetes.io/replset: cfg
30+
serviceName: some-name-cfg
3131
template:
3232
metadata:
3333
annotations: {}
3434
labels:
35-
app.kubernetes.io/component: mongod
35+
app.kubernetes.io/component: cfg
3636
app.kubernetes.io/instance: some-name
3737
app.kubernetes.io/managed-by: percona-server-mongodb-operator
3838
app.kubernetes.io/name: percona-server-mongodb
3939
app.kubernetes.io/part-of: percona-server-mongodb
40-
app.kubernetes.io/replset: rs0
40+
app.kubernetes.io/replset: cfg
4141
spec:
42+
affinity:
43+
podAntiAffinity:
44+
requiredDuringSchedulingIgnoredDuringExecution:
45+
- labelSelector:
46+
matchLabels:
47+
app.kubernetes.io/component: cfg
48+
app.kubernetes.io/instance: some-name
49+
app.kubernetes.io/managed-by: percona-server-mongodb-operator
50+
app.kubernetes.io/name: percona-server-mongodb
51+
app.kubernetes.io/part-of: percona-server-mongodb
52+
app.kubernetes.io/replset: cfg
53+
topologyKey: kubernetes.io/hostname
4254
containers:
4355
- args:
4456
- --bind_ip_all
4557
- --auth
4658
- --dbpath=/data/db
4759
- --port=27017
48-
- --replSet=rs0
60+
- --replSet=cfg
4961
- --storageEngine=wiredTiger
5062
- --relaxPermChecks
5163
- --sslAllowInvalidCertificates
5264
- --clusterAuthMode=x509
65+
- --configsvr
5366
- --enableEncryption
5467
- --encryptionKeyFile=/etc/mongodb-encryption/encryption-key
5568
- --wiredTigerCacheSizeGB=0.25
5669
- --wiredTigerIndexPrefixCompression=true
57-
- --config=/etc/mongodb-config/mongod.conf
5870
command:
5971
- /opt/percona/ps-entry.sh
6072
env:
@@ -63,7 +75,7 @@ spec:
6375
- name: MONGODB_PORT
6476
value: "27017"
6577
- name: MONGODB_REPLSET
66-
value: rs0
78+
value: cfg
6779
envFrom:
6880
- secretRef:
6981
name: internal-some-name-users
@@ -101,18 +113,18 @@ spec:
101113
- readiness
102114
- --component
103115
- mongod
104-
failureThreshold: 8
116+
failureThreshold: 3
105117
initialDelaySeconds: 10
106118
periodSeconds: 3
107119
successThreshold: 1
108120
timeoutSeconds: 2
109121
resources:
110122
limits:
111-
cpu: 500m
123+
cpu: 300m
112124
memory: 500M
113125
requests:
114-
cpu: 100m
115-
memory: 100M
126+
cpu: 300m
127+
memory: 500M
116128
securityContext:
117129
runAsNonRoot: true
118130
terminationMessagePath: /dev/termination-log
@@ -129,8 +141,6 @@ spec:
129141
- mountPath: /etc/mongodb-ssl-internal
130142
name: ssl-internal
131143
readOnly: true
132-
- mountPath: /etc/mongodb-config
133-
name: config
134144
- mountPath: /opt/percona
135145
name: bin
136146
- mountPath: /etc/mongodb-encryption
@@ -147,11 +157,11 @@ spec:
147157
name: mongo-init
148158
resources:
149159
limits:
150-
cpu: 500m
160+
cpu: 300m
151161
memory: 500M
152162
requests:
153-
cpu: 100m
154-
memory: 100M
163+
cpu: 300m
164+
memory: 500M
155165
terminationMessagePath: /dev/termination-log
156166
terminationMessagePolicy: File
157167
volumeMounts:
@@ -173,11 +183,6 @@ spec:
173183
secretName: some-name-mongodb-keyfile
174184
- emptyDir: {}
175185
name: bin
176-
- configMap:
177-
defaultMode: 420
178-
name: some-name-rs0-mongod
179-
optional: true
180-
name: config
181186
- name: some-name-mongodb-encryption-key
182187
secret:
183188
defaultMode: 288
@@ -198,9 +203,7 @@ spec:
198203
defaultMode: 420
199204
secretName: internal-some-name-users
200205
updateStrategy:
201-
rollingUpdate:
202-
partition: 0
203-
type: RollingUpdate
206+
type: OnDelete
204207
volumeClaimTemplates:
205208
- metadata:
206209
name: mongod-data
@@ -209,6 +212,6 @@ spec:
209212
- ReadWriteOnce
210213
resources:
211214
requests:
212-
storage: 1Gi
215+
storage: 3Gi
213216
status:
214217
phase: Pending

0 commit comments

Comments
 (0)