address comments

Signed-off-by: Yun-Tang Hsu <[email protected]>

test/e2e/charts/flow-visibility/templates/clickhouseinstallation.yaml

@@ -29,12 +29,14 @@ spec:
       - name: "clickhouse"
         {{- if .Values.secureConnection.enable }}
         secure: "yes"
+        {{- end }}
         settings:
           tcp_port: 9000
+          http_port: 8123
+          {{- if .Values.secureConnection.enable }}
           tcp_port_secure: 9440
           https_port: 8443
-          http_port: 8123
-        {{- end }}
+          {{- end }}
         layout:
           shardsCount: 1
           replicasCount: 1

test/e2e/charts/flow-visibility/templates/secret.yaml

@@ -17,7 +17,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: clickhouse-ca
-  namespace: flow-aggregator
+  namespace: flow-visibility
 data:
   ca.crt: {{ $certPEM | quote }}
 {{- end }}

test/e2e/flowaggregator_test.go

@@ -166,40 +166,40 @@ func TestFlowAggregatorSecureConnection(t *testing.T) {
 	skipIfNotFlowVisibilityTest(t)
 	skipIfHasWindowsNodes(t)
 	testCases := []struct {
-		testOption flowVisibilityTestOptions
-		name       string
+		flowVisibilityTestOptions
+		name string
 	}{
 		{
-			testOption: flowVisibilityTestOptions{
+			flowVisibilityTestOptions: flowVisibilityTestOptions{
 				databaseURL:      "tcp://clickhouse-clickhouse.flow-visibility.svc:9000",
 				secureConnection: false,
 			},
 			name: "tcp",
 		},
 		{
-			testOption: flowVisibilityTestOptions{
+			flowVisibilityTestOptions: flowVisibilityTestOptions{
 				databaseURL:      "http://clickhouse-clickhouse.flow-visibility.svc:8123",
 				secureConnection: false,
 			},
 			name: "http",
 		},
 		{
-			testOption: flowVisibilityTestOptions{
+			flowVisibilityTestOptions: flowVisibilityTestOptions{
 				databaseURL:      "tls://clickhouse-clickhouse.flow-visibility.svc:9440",
 				secureConnection: true,
 			},
 			name: "tls",
 		},
 		{
-			testOption: flowVisibilityTestOptions{
+			flowVisibilityTestOptions: flowVisibilityTestOptions{
 				databaseURL:      "https://clickhouse-clickhouse.flow-visibility.svc:8443",
 				secureConnection: true,
 			},
 			name: "https",
 		},
 	}
 	for _, o := range testCases {
-		data, v4Enabled, v6Enabled, err := setupTestForFlowAggregator(t, o.testOption)
+		data, v4Enabled, v6Enabled, err := setupTestForFlowAggregator(t, o.flowVisibilityTestOptions)
 		if err != nil {
 			t.Fatalf("Error when setting up test: %v", err)
 		}

test/e2e/framework.go

@@ -84,6 +84,7 @@ const (
 	antreaWindowsDaemonSet     string = "antrea-agent-windows"
 	antreaDeployment           string = "antrea-controller"
 	flowAggregatorDeployment   string = "flow-aggregator"
+	flowAggregatorCHSecret     string = "clickhouse-ca"
 	antreaDefaultGW            string = "antrea-gw0"
 	testAntreaIPAMNamespace    string = "antrea-ipam-test"
 	testAntreaIPAMNamespace11  string = "antrea-ipam-test-11"
@@ -796,25 +797,25 @@ func (data *TestData) deployFlowVisibilityClickHouse(o flowVisibilityTestOptions
 		return "", err
 	}
 
-	flowVisYML := flowVisibilityYML
+	visibilityYML := flowVisibilityYML
 	if o.secureConnection {
-		flowVisYML = flowVisibilityTLSYML
+		visibilityYML = flowVisibilityTLSYML
 	}
 
 	rc, _, _, err := data.provider.RunCommandOnNode(controlPlaneNodeName(), fmt.Sprintf("kubectl apply -f %s", chOperatorYML))
 	if err != nil || rc != 0 {
 		return "", fmt.Errorf("error when deploying the ClickHouse Operator YML; %s not available on the control-plane Node", chOperatorYML)
 	}
 	if err := wait.Poll(2*time.Second, 10*time.Second, func() (bool, error) {
-		rc, stdout, stderr, err := data.provider.RunCommandOnNode(controlPlaneNodeName(), fmt.Sprintf("kubectl apply -f %s", flowVisYML))
+		rc, stdout, stderr, err := data.provider.RunCommandOnNode(controlPlaneNodeName(), fmt.Sprintf("kubectl apply -f %s", visibilityYML))
 		if err != nil || rc != 0 {
 			// ClickHouseInstallation CRD from ClickHouse Operator install bundle applied soon before
 			// applying CR. Sometimes apiserver validation fails to recognize resource of
 			// kind: ClickHouseInstallation. Retry in such scenario.
 			if strings.Contains(stderr, "ClickHouseInstallation") || strings.Contains(stdout, "ClickHouseInstallation") {
 				return false, nil
 			}
-			return false, fmt.Errorf("error when deploying the flow visibility YML %s: %s, %s, %v", flowVisYML, stdout, stderr, err)
+			return false, fmt.Errorf("error when deploying the flow visibility YML %s: %s, %s, %v", visibilityYML, stdout, stderr, err)
 		}
 		return true, nil
 	}); err != nil {
@@ -891,6 +892,20 @@ func (data *TestData) deployFlowAggregator(ipfixCollector string, o flowVisibili
 	if err != nil || rc != 0 {
 		return fmt.Errorf("error when deploying the Flow Aggregator; %s not available on the control-plane Node", flowAggYaml)
 	}
+	if o.secureConnection {
+		secret, err := data.clientset.CoreV1().Secrets(flowVisibilityNamespace).Get(context.TODO(), flowAggregatorCHSecret, metav1.GetOptions{})
+		if err != nil {
+			return fmt.Errorf("unable to get Secret with name %s in Namespace %s: %v", flowAggregatorCHSecret, flowVisibilityNamespace, err)
+		}
+		secret.ObjectMeta.Namespace = flowAggregatorNamespace
+		// Set to empty string to avoid error: resourceVersion should not be set on objects to be created
+		secret.ResourceVersion = ""
+		_, err = data.clientset.CoreV1().Secrets(flowAggregatorNamespace).Create(context.TODO(), secret, metav1.CreateOptions{})
+		if err != nil {
+			return fmt.Errorf("unable to create Secret with name %s in Namespace %s: %v", flowAggregatorCHSecret, flowAggregatorNamespace, err)
+		}
+	}
+
 	if err = data.mutateFlowAggregatorConfigMap(ipfixCollector, o); err != nil {
 		return err
 	}