Run certgen when upgrading

[zhaohuabing]

Run certgen when upgrading EG helm chart because a new secret(HMAC) has been added after v0.0.6, and more may be added later.

Fix #2930

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.57%. Comparing base (36505f4) to head (6994bf7).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2934      +/-   ##
==========================================
- Coverage   64.59%   64.57%   -0.02%     
==========================================
  Files         122      122              
  Lines       21115    21115              
==========================================
- Hits        13640    13636       -4     
- Misses       6630     6632       +2     
- Partials      845      847       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zirain]

is there anyway to make sure it worked as excepted?

[zhaohuabing]

is there anyway to make sure it worked as excepted?

Just manually tested it on my dev environment：-）

[zirain]

is there anyway to make sure it worked as excepted?

Just manually tested it on my dev environment：-）

I recall there's an upgrade test?

[zhaohuabing]

The test looks like uninstalling the old version and then installing the new version, not exactly helm upgrade.

We should have a proper upgrade test that helm upgrade the old release and run all the conformance tests and e2e tests on the upgrade version, this could be solved later.

gateway/test/e2e/tests/eg_upgrade.go

Lines 66 to 72 in 36505f4

	err := helmUninstall(relName, depNS, t)
	if err != nil {
	t.Fatalf("Failed to upgrade the release: %s", err.Error())
	}
	t.Log("Install the last version tag")
	err = helmInstall(relName, depNS, lastVersionTag, suite.TimeoutConfig.NamespacesMustBeReady, t)

[zirain]

The test looks like uninstalling the old version and then installing the new version, not exactly helm upgrade.

We should have a proper upgrade test that helm upgrade the old release and run all the conformance tests and e2e tests on the upgrade version, this could be solved later.

gateway/test/e2e/tests/eg_upgrade.go

Lines 66 to 72 in 36505f4

	err := helmUninstall(relName, depNS, t)
	if err != nil {
	t.Fatalf("Failed to upgrade the release: %s", err.Error())
	}
	t.Log("Install the last version tag")
	err = helmInstall(relName, depNS, lastVersionTag, suite.TimeoutConfig.NamespacesMustBeReady, t)

can you update the test?

[guydc]

@zhaohuabing , @zirain
The test is:

1. Uninstalling main (in use by the regular conformance/e2e suite)
2. Installing latest rel
3. Upgrading from latest rel => main
   

   gateway/test/e2e/tests/eg_upgrade.go

   Line 81 in 36505f4

   err = helmUpgradeChartFromPath(relName, depNS, "../../../charts/gateway-helm", suite.TimeoutConfig.NamespacesMustBeReady, t)

[guydc]

Are there any possible adverse effects? e.g. will cert-gen override some other existing secrets that may block installation or break the pre-upgraded instance? For example, if some components are not dynamically reloading these secrets?

[zhaohuabing]

Are there any possible adverse effects? e.g. will cert-gen override some other existing secrets that may block installation or break the pre-upgraded instance? For example, if some components are not dynamically reloading these secrets?

Just adds the missing HMAC secret, won't overwrite existing ones. I think the upgrade test has already covered this upgrade (from v 0.0.6 to the latest) , right? @guydc