diff --git a/bundle/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/servicemeshoperator3-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml similarity index 77% rename from bundle/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml rename to bundle/manifests/servicemeshoperator3-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml index 627f3a6bce..39e8901acc 100644 --- a/bundle/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/bundle/manifests/servicemeshoperator3-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -5,11 +5,11 @@ metadata: labels: app.kubernetes.io/component: kube-rbac-proxy app.kubernetes.io/created-by: servicemeshoperator3 - app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/instance: servicemeshoperator3-metrics-reader app.kubernetes.io/managed-by: helm app.kubernetes.io/name: clusterrole app.kubernetes.io/part-of: servicemeshoperator3 - name: metrics-reader + name: servicemeshoperator3-metrics-reader rules: - nonResourceURLs: - /metrics diff --git a/chart/templates/rbac/auth_proxy_client_clusterrole.yaml b/chart/templates/rbac/auth_proxy_client_clusterrole.yaml index 9a59fddf8e..a4686520f2 100644 --- a/chart/templates/rbac/auth_proxy_client_clusterrole.yaml +++ b/chart/templates/rbac/auth_proxy_client_clusterrole.yaml @@ -4,11 +4,11 @@ metadata: labels: app.kubernetes.io/created-by: {{ .Values.name }} app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/instance: {{ .Values.name }}-metrics-reader app.kubernetes.io/component: kube-rbac-proxy app.kubernetes.io/managed-by: helm app.kubernetes.io/part-of: {{ .Values.name }} - name: metrics-reader + name: {{ .Values.name }}-metrics-reader rules: - nonResourceURLs: - "/metrics" diff --git a/tests/e2e/cleanup-ocp.sh b/tests/e2e/cleanup-ocp.sh index 0ac9ec9bda..bf62dd2742 100755 --- a/tests/e2e/cleanup-ocp.sh +++ b/tests/e2e/cleanup-ocp.sh @@ -183,10 +183,10 @@ cleanup_cluster_resources() { echo "=== Cleaning up cluster-level resources ===" echo "Removing cluster role bindings..." - ${COMMAND} delete clusterrolebinding metrics-reader-rolebinding --ignore-not-found + ${COMMAND} delete clusterrolebinding sailoperator-metrics-reader-rolebinding --ignore-not-found echo "Removing cluster roles..." - ${COMMAND} delete clusterrole metrics-reader --ignore-not-found + ${COMMAND} delete clusterrole sailoperator-metrics-reader --ignore-not-found } # Main cleanup flow following official documentation order diff --git a/tests/e2e/common-operator-integ-suite.sh b/tests/e2e/common-operator-integ-suite.sh index 21a29003f9..58f71b05a2 100755 --- a/tests/e2e/common-operator-integ-suite.sh +++ b/tests/e2e/common-operator-integ-suite.sh @@ -122,6 +122,7 @@ initialize_variables() { CI=${CI:-"false"} USE_INTERNAL_REGISTRY=${USE_INTERNAL_REGISTRY:-"false"} FIPS_CLUSTER=${FIPS_CLUSTER:-"false"} + COMMIT_HASH=$(git rev-parse --short HEAD) # Debug logging and fallback for GINKGO_FLAGS echo "CI environment: ${CI}" @@ -148,16 +149,16 @@ initialize_variables() { # Scenario 2: CI mode with default HUB -> use external registry with proper CI tag echo "CI mode detected for OCP, using external registry ${HUB}" export USE_INTERNAL_REGISTRY="false" - # Use PR_NUMBER if available, otherwise generate timestamp tag - # Use TARGET_ARCH to differentiate tags for different architectures in CI, avoid race conditions in CI when multiple runs are pushing to the same default tag + # Use PR_NUMBER and commit hash to identify the image, avoid race conditions in CI when multiple runs are pushing to the same default tag + # Use TARGET_ARCH to differentiate tags for different architectures in CI if [ -n "${PR_NUMBER:-}" ]; then - TAG="pr-${PR_NUMBER}-${TARGET_ARCH}" + TAG="pr-${PR_NUMBER}-${COMMIT_HASH}-${TARGET_ARCH}" export TAG echo "Using PR-based tag: ${TAG}" else - TAG="ci-test-$(date +%s)-${TARGET_ARCH}" + TAG="ci-test-${COMMIT_HASH}-${TARGET_ARCH}" export TAG - echo "Using timestamp-based tag: ${TAG}" + echo "Using commit-based tag: ${TAG}" fi elif [ "${CI}" == "true" ]; then # Additional CI mode check - handle CI mode regardless of HUB value @@ -286,11 +287,18 @@ if [ "${SKIP_BUILD}" == "false" ]; then fi fi # If OLM is enabled, deploy the operator using OLM - # We are skipping the deploy via OLM test on OCP because the workaround to avoid the certificate issue is not working. - # Jira ticket related to the limitation: https://issues.redhat.com/browse/OSSM-7993 - if [ "${OLM}" == "true" ] && [ "${SKIP_DEPLOY}" == "false" ] && [ "${MULTICLUSTER}" == "false" ]; then + # If PR_NUMBER is set we will tag the BUNDLE_IMG with the PR number and commit hash to avoid conflicts. + if [ "${OLM}" == "true" ] && [ "${SKIP_DEPLOY}" == "false" ] && [ "${MULTICLUSTER}" == "false" ]; then IMAGE_TAG_BASE="${HUB}/${IMAGE_BASE}" - BUNDLE_IMG="${IMAGE_TAG_BASE}-bundle:v${VERSION}" + if [ "${CI}" == "true" ]; then + if [ -n "${PR_NUMBER:-}" ]; then + BUNDLE_IMG="${IMAGE_TAG_BASE}-bundle:pr-${PR_NUMBER}-${COMMIT_HASH}-${TARGET_ARCH}" + else + BUNDLE_IMG="${IMAGE_TAG_BASE}-bundle:ci-test-${COMMIT_HASH}-${TARGET_ARCH}" + fi + else + BUNDLE_IMG="${IMAGE_TAG_BASE}-bundle:ci-test-${COMMIT_HASH}-${TARGET_ARCH}" + fi IMAGE="${HUB}/${IMAGE_BASE}:${TAG}" \ IMAGE_TAG_BASE="${IMAGE_TAG_BASE}" \ diff --git a/tests/e2e/operator/operator_install_test.go b/tests/e2e/operator/operator_install_test.go index a77ab62b7e..07805a4648 100644 --- a/tests/e2e/operator/operator_install_test.go +++ b/tests/e2e/operator/operator_install_test.go @@ -94,7 +94,7 @@ var _ = Describe("Operator", Label("smoke", "operator"), Ordered, func() { }) It("serves metrics securely", func(ctx SpecContext) { - metricsReaderRoleName := "metrics-reader" + metricsReaderRoleName := "sailoperator-metrics-reader" metricsServiceName := deploymentName + "-metrics-service" By("creating a ClusterRoleBinding for the service account to allow access to metrics") @@ -102,7 +102,7 @@ var _ = Describe("Operator", Label("smoke", "operator"), Ordered, func() { apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: metrics-reader-rolebinding + name: sailoperator-metrics-reader-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/tests/e2e/samples/helloworld/kustomization.yaml b/tests/e2e/samples/helloworld/kustomization.yaml index f177baf48e..e8cf1b8e0a 100644 --- a/tests/e2e/samples/helloworld/kustomization.yaml +++ b/tests/e2e/samples/helloworld/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/istio/istio/master/samples/helloworld/helloworld.yaml + - https://raw.githubusercontent.com/istio/istio/release-1.28/samples/helloworld/helloworld.yaml images: - name: docker.io/istio/examples-helloworld-v1 newName: quay.io/sail-dev/examples-helloworld-v1 diff --git a/tests/e2e/samples/httpbin/kustomization.yaml b/tests/e2e/samples/httpbin/kustomization.yaml index 1b91a820cb..8c239c0fba 100644 --- a/tests/e2e/samples/httpbin/kustomization.yaml +++ b/tests/e2e/samples/httpbin/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/istio/istio/master/samples/httpbin/httpbin.yaml + - https://raw.githubusercontent.com/istio/istio/release-1.28/samples/httpbin/httpbin.yaml images: - name: docker.io/mccutchen/go-httpbin newName: quay.io/sail-dev/go-httpbin \ No newline at end of file diff --git a/tests/e2e/samples/sleep/kustomization.yaml b/tests/e2e/samples/sleep/kustomization.yaml index 5aac3660a1..0cee83d08d 100644 --- a/tests/e2e/samples/sleep/kustomization.yaml +++ b/tests/e2e/samples/sleep/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/istio/istio/master/samples/sleep/sleep.yaml + - https://raw.githubusercontent.com/istio/istio/release-1.28/samples/sleep/sleep.yaml images: - name: curlimages/curl newName: quay.io/curl/curl diff --git a/tests/e2e/samples/tcp-echo-dual-stack/kustomization.yaml b/tests/e2e/samples/tcp-echo-dual-stack/kustomization.yaml index b040dec31c..9db3a21621 100644 --- a/tests/e2e/samples/tcp-echo-dual-stack/kustomization.yaml +++ b/tests/e2e/samples/tcp-echo-dual-stack/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/istio/istio/master/samples/tcp-echo/tcp-echo-dual-stack.yaml + - https://raw.githubusercontent.com/istio/istio/release-1.28/samples/tcp-echo/tcp-echo-dual-stack.yaml images: - name: docker.io/istio/tcp-echo-server newName: quay.io/sail-dev/tcp-echo-server \ No newline at end of file diff --git a/tests/e2e/samples/tcp-echo-ipv4/kustomization.yaml b/tests/e2e/samples/tcp-echo-ipv4/kustomization.yaml index a13d533d09..169c3908de 100644 --- a/tests/e2e/samples/tcp-echo-ipv4/kustomization.yaml +++ b/tests/e2e/samples/tcp-echo-ipv4/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/istio/istio/master/samples/tcp-echo/tcp-echo-ipv4.yaml + - https://raw.githubusercontent.com/istio/istio/release-1.28/samples/tcp-echo/tcp-echo-ipv4.yaml images: - name: docker.io/istio/tcp-echo-server newName: quay.io/sail-dev/tcp-echo-server \ No newline at end of file diff --git a/tests/e2e/samples/tcp-echo-ipv6/kustomization.yaml b/tests/e2e/samples/tcp-echo-ipv6/kustomization.yaml index bfe655ab29..b60e015404 100644 --- a/tests/e2e/samples/tcp-echo-ipv6/kustomization.yaml +++ b/tests/e2e/samples/tcp-echo-ipv6/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/istio/istio/master/samples/tcp-echo/tcp-echo-ipv6.yaml + - https://raw.githubusercontent.com/istio/istio/release-1.28/samples/tcp-echo/tcp-echo-ipv6.yaml images: - name: docker.io/istio/tcp-echo-server newName: quay.io/sail-dev/tcp-echo-server \ No newline at end of file