fixes

Author: shreyaskm623

tests/e2e/operator/infra/gcp.go

@@ -742,9 +742,9 @@ func createGKERegionalCluster(ctx context.Context, client *container.Service, se
 		"--tags", strings.Join([]string{defaultNodeTag}, ","), // Join tags if there are multiple
 		"--enable-master-authorized-networks",
 		"--master-authorized-networks", strings.Join([]string{"0.0.0.0/0"}, ","),
-		"--num-nodes", fmt.Sprint(defaultNodesPerZone),
+		"--num-nodes", fmt.Sprint(defaultNodesPerZone+1), // 2 nodes/zone avoids autoscaling during TestClusterScaleUp
 		"--min-nodes", fmt.Sprint(defaultNodesPerZone),
-		"--max-nodes", fmt.Sprint(defaultNodesPerZone + 1), // Needed for scaling cluster
+		"--max-nodes", fmt.Sprint(defaultNodesPerZone + 2), // headroom above initial count
 		"--enable-autoscaling", // Enable autoscaling
 		"--autoprovisioning-network-tags", strings.Join([]string{autoprovisioningNodeTag}, ","),
 		"--machine-type", gcpDefaultMachineType,

tests/e2e/operator/region.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -1403,19 +1404,60 @@ func generateLocalTenantURI(cluster string) string {
 	return fmt.Sprintf("postgresql://root:root@localhost:26257?options=-ccluster%%3D%s", cluster)
 }
 
-// generateExternalConnectionURI creates external connection URI using cockroach convert-url
-// This is used for cross-cluster connections (e.g., replication from primary to standby)
-// Format: cockroach convert-url 'postgresql://USERNAME:PASSWORD@HOST' [flags]
+// generateExternalConnectionURI creates an external connection URI for cross-cluster PCR connections.
+// It embeds the CA certificate inline so CRDB can verify TLS when using the stored external connection.
+// Version-gated:
+//   - CRDB >= v26.2: uses 'cockroach convert-url --ca-cert --inline' (new command)
+//   - CRDB <  v26.2: uses 'cockroach encode-uri --certs-dir' (old command)
 func generateExternalConnectionURI(t *testing.T, kubectlOpts *k8s.KubectlOptions, pod string, connString string) string {
+	// Determine the CRDB version running in the pod.
+	versionOutput, err := execInCockroachdbContainer(t, kubectlOpts, pod,
+		"/cockroach/cockroach", "version", "--build-tag")
+	require.NoError(t, err, "failed to get CRDB version from pod")
+	version := strings.TrimSpace(versionOutput)
+	t.Logf("CRDB version in pod: %s", version)
+
+	if crdbVersionAtLeast(version, 26, 2) {
+		// v26.2+: convert-url supports --ca-cert and --inline to embed the cert inline.
+		output, err := execInCockroachdbContainer(t, kubectlOpts, pod,
+			"/cockroach/cockroach", "convert-url",
+			"--url", connString,
+			"--ca-cert=/cockroach/cockroach-certs/ca.crt",
+			"--inline")
+		require.NoError(t, err, "failed to run cockroach convert-url")
+		return strings.TrimSpace(output)
+	}
+
+	// Pre-v26.2: use encode-uri to embed the CA cert inline in the URL.
 	output, err := execInCockroachdbContainer(t, kubectlOpts, pod,
-		"/cockroach/cockroach", "convert-url",
-		"--url", connString, // Format: postgresql://user:pass@host:port
-		"--ca-cert=/cockroach/cockroach-certs/ca.crt",
-		"--inline")
-	require.NoError(t, err)
+		"/cockroach/cockroach", "encode-uri",
+		connString,
+		"--certs-dir=/cockroach/cockroach-certs")
+	require.NoError(t, err, "failed to run cockroach encode-uri")
 	return strings.TrimSpace(output)
 }
 
+// crdbVersionAtLeast reports whether a CRDB version string (e.g. "v26.1.3") is >= major.minor.
+func crdbVersionAtLeast(version string, major, minor int) bool {
+	v := strings.TrimPrefix(version, "v")
+	parts := strings.SplitN(v, ".", 3)
+	if len(parts) < 2 {
+		return false
+	}
+	maj, err := strconv.Atoi(parts[0])
+	if err != nil {
+		return false
+	}
+	min, err := strconv.Atoi(parts[1])
+	if err != nil {
+		return false
+	}
+	if maj != major {
+		return maj > major
+	}
+	return min >= minor
+}
+
 // execInCockroachdbContainer runs any command inside the cockroachdb container of a pod.
 // This is the base helper used by execSQL and execSQLOnVC.
 func execInCockroachdbContainer(t *testing.T, kubectlOpts *k8s.KubectlOptions, pod string, cmd ...string) (string, error) {
@@ -1608,7 +1650,7 @@ func (r *Region) ValidatePCR(t *testing.T, cfg *AdvancedValidationConfig) {
 	if primaryClusterDomain == "" {
 		primaryClusterDomain = CustomDomains[0]
 	}
-	primaryHost := fmt.Sprintf("cockroachdb-public.%s.svc.%s:26257", primaryNamespace, CustomDomains[0])
+	primaryHost := fmt.Sprintf("cockroachdb-public.%s.svc.%s:26257", primaryNamespace, primaryClusterDomain)
 	primaryConnString := fmt.Sprintf("postgresql://%s:%s@%s?options=-ccluster%%3Dsystem", pcrSourceUser, pcrSourcePassword, primaryHost)
 	t.Logf("Primary connection string format: postgresql://pcr_source:***@%s?options=-ccluster%%3Dsystem", primaryHost)