Since helm test is deploying the service-checker container and running it against the deployed mathoid container I should be able to do the same process using k8s manually. This may help to explain the problem with helm test failing in the CI namespace without additional permissions.
|Resolved||None||T199742 TEC3:O1.1:Q1 Goal - Move verify stage from Minikube to CI k8s namespace in production context|
|Resolved||akosiaris||T199489 Helm test failing for CI namespace|
|Invalid||thcipriani||T200348 Get helm test to dump more information|
FWIW and strictly speaking, helm is NOT deploying the service-checker pod. That would be tiller, the in cluster server part of helm. And tiller has more rights than the deploy user on purpose (and we want to keep it that way). The rights themselves can be viewed at https://gerrit.wikimedia.org/r/plugins/gitiles/operations/deployment-charts/+/refs/heads/master/rbac/.