UNCLASSIFIED - NO CUI

Skip to content

Ensure script test is idempotent

Currently the GitLab script test is failing in a GitLab Runner pipeline in an upgrade job where helm tests are executed twice per GitLab deploy (once for the initial install, one post gitlab-runner upgrade)

The script test is setup to only work once due to the nature of how the RBAC resources are created/deleted to support its use of Kubectl.

The process is:

If you do a clean install of GitLab and then execute helm test gitlab -n bigbang twice it will fail due to the Role not existing.

I think it should be possible to update the RBAC resources created to be annotated with helm test annotations to ensure the resources are created/deleted as part of the helm test lifecycle. See 5f0d25af for an example.

Another, less urgent consideration is we could also offload managing the RBAC for those tests to gluon although I don't think there is an easy way to customize the permissions given to the script runner service account at the moment.