Fix/openshift cli and summon tls error

[codihuston]

Hello, this PR resolves the following:

Issues with Openshift (Next)

• ImagePullBackOff error when pulling secretless-broker. This was resolved by explicitly specifying the full docker domain name. See 7_app_deploy.sh
• Specify OCP CLI version 4.8.2 for the Openshift (Next) environment. This resolves some exceptions thrown when describing pods, and using the deprecated secrets api to generate and use image pull secrets
• The new secrets API is conditionally used based on the OCP CLI version, in efforts to preserve any older functionality from older versions of the CLI
• The MySQL image for OCP dropped support for an earlier version of TLS. Simply updating the MySQL image resolved this issue with no code changes. Thanks Kumbi!

References regarding MySQL TLS support:

• https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html/release_notes_for_spring_boot_2.1/known-issues-spring-boot
• https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-using-ssl.html

All tests are green now =) (previously OpenShift (Next) and the MySQL tests were failing across all of OpenShift).

[codihuston]

I have disabled the OCP_ NEXT param in the jenkins file. That will be handled by this repo: https://github.com/conjurinc/openshift-next-suite-test

See the results of my full run of the test suite: https://jenkins.conjur.net/blue/organizations/jenkins/conjurdemos--kubernetes-conjur-demo/detail/fix%2Fopenshift-cli-and-summon-tls-error/1/pipeline/

[codihuston]

@rpothier Sorry for the superfluous review request, Kumbi is on it--I didn't see if my original request had gone through.

Hey @doodlesbykumbi, I went ahead and cleaned up the commits a bit. Please let me know if that is adequate. Tests are running now. Thanks!

[codihuston]

I went ahead and re-confirmed that tests against openshift (next) were still green. Disabling those tests now via TEST_OCP_NEXT since it seems that no projects are actively testing against this cluster by default.

See: https://jenkins.conjur.net/blue/organizations/jenkins/conjurdemos--kubernetes-conjur-demo/detail/fix%2Fopenshift-cli-and-summon-tls-error/9/pipeline

The test currently running now will not test against this cluster.

[codihuston]

Added a comment on the mysql template, see d03483d. Ready for re-review =).

[codihuston]

Comments revisited and resolved. One of the test stages is failing due to a rate-limit from docker for this image: centos/mysql-80-centos7. I can restart this later this afternoon to see if this kicks off. Until then please review once more. =)

[codihuston]

@doodlesbykumbi Hi Kumbi. As we discussed, I've added some logic to build out a custom mysql image based on centos/mysql-80-centos7. In the pipeline, it is built and stored in the openshift image registry only when running against openshift clusters.

I have also reduced everything into one commit.

Looks like all of the tests have green lights. While these tests include the openshift (next) cluster, jenkins should not include that cluster in future instances. See Jenkinsfile.

[codihuston]

Mysql v5.7 is tagged and pushed to our openshift registry in attempt to circumvent docker hub rate-limits as well. See this pipeline. Note that I just re-ran the pipeline while enabling the TEST_OCP_NEXT flag.

Please verify my approach to injecting images into the k8s/openshift templates here: injection of the templated values, particularly for k8s.

Thanks!

[doodlesbykumbi]

Thanks @codihuston. Approved and merged.