Minikube integration test

[desmax74]

Assisted-by: Claude: Opus 4.6

Summary by Sourcery

Add Minikube-based end-to-end integration testing for the operator and supporting fixtures.

New Features:

• Introduce a Makefile target to deploy the operator to a local Minikube cluster for manual e2e testing.
• Add a GitHub Actions workflow that runs automated Minikube-based e2e tests against the operator on pushes and pull requests.
• Provide Kubernetes fixtures for a Keycloak instance and a TrustedProfileAnalyzer custom resource used in e2e tests.

Tests:

• Add a full Minikube e2e scenario that provisions PostgreSQL and Keycloak, deploys the operator, applies a sample CR, and verifies creation and health of child resources, including diagnostics collection on failure.

[sourcery-ai]

Reviewer's Guide

Adds an end-to-end Minikube integration workflow that builds and deploys the operator into a local Minikube cluster, provisions required infra (PostgreSQL, Keycloak), applies a dedicated test CR, and verifies the operator’s reconciliation behavior both locally via a Makefile target and in CI via a GitHub Actions workflow.

Sequence diagram for GitHub Actions Minikube E2E workflow

sequenceDiagram
    participant GHA as GitHub_Actions_workflow
    participant MK as Minikube_cluster
    participant K8S as Kubernetes_API
    participant HELM as Helm
    participant OP as Operator_controller_manager

    GHA->>GHA: actions/checkout
    GHA->>GHA: setup-go

    GHA->>MK: setup-minikube (driver docker)
    MK-->>GHA: cluster_running

    GHA->>MK: eval minikube docker-env
    GHA->>MK: make docker-build IMG=localhost/rhtpa-operator:e2e

    GHA->>K8S: create namespace e2e-test

    GHA->>HELM: helm repo add bitnami/postgresql
    GHA->>HELM: helm install postgresql (no persistence)
    HELM->>K8S: create PostgreSQL resources

    GHA->>K8S: apply Keycloak manifest
    GHA->>K8S: wait deployment/keycloak available

    GHA->>K8S: make install (apply CRDs)

    GHA->>K8S: make deploy IMG=localhost/rhtpa-operator:e2e
    GHA->>K8S: patch operator imagePullPolicy=Never
    GHA->>K8S: wait operator deployment available
    K8S->>OP: start operator pod

    GHA->>K8S: apply TrustedProfileAnalyzer CR
    K8S->>OP: watch CR events
    OP->>K8S: create migrate-db job
    OP->>K8S: create server deployment
    OP->>K8S: create server service
    OP->>K8S: create server ConfigMap
    OP->>K8S: create PVC storage

    GHA->>K8S: poll for deployment/server existence
    K8S-->>GHA: server deployment found

    GHA->>K8S: wait job/migrate-db complete
    GHA->>K8S: wait deployment/server available

    GHA->>K8S: verify CR status and child resources
    GHA->>K8S: check operator pod restartCount

    alt failure
        GHA->>K8S: collect logs and diagnostics
    end

Loading

Flow diagram for local Makefile target e2e-minikube

flowchart TD
  A["make e2e-minikube"] --> B{"minikube status OK?"}

  B -->|no| C["Print 'Minikube is not running' and exit 1"]
  B -->|yes| D["eval $(minikube docker-env)"]

  D --> E["make docker-build IMG=localhost/rhtpa-operator:e2e BUILDER=docker"]
  E --> F["make install (apply CRDs)"]
  F --> G["make deploy IMG=localhost/rhtpa-operator:e2e"]

  G --> H["kubectl patch rhtpa-operator-controller-manager imagePullPolicy=Never"]
  H --> I["kubectl rollout status rhtpa-operator-controller-manager"]
  I --> J["Echo 'Operator deployed. Deploy infrastructure and apply test CR to complete e2e setup.'"]

Loading

File-Level Changes

Change	Details	Files
Add a local Makefile target to deploy the operator into an existing Minikube cluster for manual e2e testing.	Introduce an e2e-minikube phony target that validates Minikube is running before proceeding Build the operator image inside Minikube’s Docker daemon with a fixed localhost/rhtpa-operator:e2e tag using the docker builder Install CRDs and deploy the operator using the e2e image tag Patch the operator deployment to set imagePullPolicy to Never to ensure Minikube uses the locally built image Wait for the operator deployment rollout to complete and print next-step guidance for completing e2e setup	Makefile
Create a GitHub Actions workflow that runs a full Minikube-based e2e flow on PRs and main/release pushes.	Define an E2E Minikube workflow triggered on pull_request and push events to main and release branches Provision a Minikube cluster with a specific Kubernetes version and Docker driver on ubuntu-latest runners Install Helm, build the operator image inside Minikube’s Docker daemon, and create a dedicated e2e-test namespace Deploy a Bitnami PostgreSQL instance with in-cluster, non-persistent storage and predefined credentials Deploy a test Keycloak instance and wait for it to become available Install operator CRDs, deploy the operator using the local e2e image tag, patch imagePullPolicy to Never, and wait for rollout Create a TrustedProfileAnalyzer test CR and wait for the operator to create the server deployment and complete the migrate-db job Wait for the server deployment to become available and verify key child resources (deployment, service, ConfigMap, PVC) and operator pod health On failure, collect extensive diagnostics including operator logs, resource descriptions, events, and logs from server, migration job, PostgreSQL, and Keycloak	.github/workflows/e2e-minikube.yml
Add e2e fixtures for the TrustedProfileAnalyzer CR and supporting Keycloak deployment/service used by the Minikube tests.	Introduce an e2e-specific TrustedProfileAnalyzer resource configured for the e2e-test namespace, including DB credentials, storage, OIDC, ingress, and module toggles tailored for the test scenario Provide a lightweight Keycloak Deployment and ClusterIP Service in the e2e-test namespace with basic admin credentials and readiness probe on the master realm	test/e2e/fixtures/e2e-minikube-cr.yaml test/e2e/fixtures/keycloak-dev.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The imagePullPolicy patch for the controller manager is duplicated in both the Makefile target and the GitHub Action; consider centralizing this (e.g., via a kustomize overlay or a shared script) to avoid drift.
• Several values are hard-coded in the workflow and fixtures (e.g., namespaces e2e-test, passwords, Keycloak and PostgreSQL configuration); consider parameterizing these via env vars or workflow inputs so they’re easier to adjust across environments.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The imagePullPolicy patch for the controller manager is duplicated in both the Makefile target and the GitHub Action; consider centralizing this (e.g., via a kustomize overlay or a shared script) to avoid drift.
- Several values are hard-coded in the workflow and fixtures (e.g., namespaces `e2e-test`, passwords, Keycloak and PostgreSQL configuration); consider parameterizing these via env vars or workflow inputs so they’re easier to adjust across environments.

## Individual Comments

### Comment 1
<location path=".github/workflows/e2e-minikube.yml" line_range="69-78" />
<code_context>
+      - name: Install CRDs
+        run: make install
+
+      - name: Deploy operator
+        run: |
+          make deploy IMG=localhost/rhtpa-operator:e2e
+          kubectl -n rhtpa-operator-system patch deployment rhtpa-operator-controller-manager \
+            --type='json' \
+            -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "Never"}]'
+          kubectl -n rhtpa-operator-system rollout status deployment/rhtpa-operator-controller-manager --timeout=120s
+
+      - name: Create TrustedProfileAnalyzer CR
</code_context>
<issue_to_address>
**suggestion:** Avoid duplicating operator build/deploy and imagePullPolicy logic between Makefile and workflow.

This workflow duplicates the `e2e-minikube` Makefile target (image build, deploy, and `imagePullPolicy` patch). To avoid drift, call that Makefile target from the workflow so deployment changes are centralized.

```suggestion
      - name: Build and deploy operator (Makefile e2e-minikube target)
        run: make e2e-minikube
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion: Avoid duplicating operator build/deploy and imagePullPolicy logic between Makefile and workflow.

This workflow duplicates the e2e-minikube Makefile target (image build, deploy, and imagePullPolicy patch). To avoid drift, call that Makefile target from the workflow so deployment changes are centralized.

Suggested change

	- name: Install CRDs
	run: make install
	- name: Deploy operator
	run: |
	make deploy IMG=localhost/rhtpa-operator:e2e
	kubectl -n rhtpa-operator-system patch deployment rhtpa-operator-controller-manager \
	--type='json' \
	-p='[{"op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "Never"}]'
	kubectl -n rhtpa-operator-system rollout status deployment/rhtpa-operator-controller-manager --timeout=120s
	- name: Build and deploy operator (Makefile e2e-minikube target)
	run: make e2e-minikube