Ensure script test is idempotent
Currently the GitLab script test is failing in a GitLab Runner pipeline in an upgrade job where helm tests are executed twice per GitLab deploy (once for the initial install, one post gitlab-runner upgrade)
The script test is setup to only work once due to the nature of how the RBAC resources are created/deleted to support its use of Kubectl.
The process is:
- Helm install creates these RBAC resources
- Helm test runs which includes deleting Roles that are necessary for the tests working
If you do a clean install of GitLab and then execute helm test gitlab -n bigbang
twice it will fail due to the Role not existing.
I think it should be possible to update the RBAC resources created to be annotated with helm test annotations to ensure the resources are created/deleted as part of the helm test lifecycle. See 5f0d25af for an example.
Another, less urgent consideration is we could also offload managing the RBAC for those tests to gluon although I don't think there is an easy way to customize the permissions given to the script runner service account at the moment.