From 3c347aeea97f690dbe22ec30f49f047379be808c Mon Sep 17 00:00:00 2001 From: fabriziopandini Date: Thu, 6 Aug 2020 14:37:12 +0200 Subject: [PATCH] upgrade cert-manager in Tiltfile --- Tiltfile | 68 +++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 55 insertions(+), 13 deletions(-) diff --git a/Tiltfile b/Tiltfile index 78fa9329b50f..c75ec59c5a49 100644 --- a/Tiltfile +++ b/Tiltfile @@ -135,6 +135,33 @@ COPY --from=tilt-helper /restart.sh . COPY manager . """ +cert_manager_test_resources = """ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager-test +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: test-selfsigned + namespace: cert-manager-test +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: selfsigned-cert + namespace: cert-manager-test +spec: + dnsNames: + - example.com + secretName: selfsigned-cert-tls + issuerRef: + name: test-selfsigned +""" + # Configures a provider by doing the following: # # 1. Enables a local_resource go build of the provider's manager binary @@ -204,19 +231,34 @@ def enable_provider(name): # setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over # the network each time. def deploy_cert_manager(): - registry = "quay.io/jetstack" - version = "v0.11.0" - images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"] - - if settings.get("preload_images_for_kind"): - for image in images: - local("docker pull {}/{}:{}".format(registry, image, version)) - local("kind load docker-image --name {} {}/{}:{}".format(settings.get("kind_cluster_name"), registry, image, version)) - - local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version)) - - # wait for the service to become available - local("kubectl wait --for=condition=Available --timeout=300s apiservice v1beta1.webhook.cert-manager.io") + registry = settings.get("cert_manager_registry", "quay.io/jetstack") + version = settings.get("cert_manager_version", "v0.16.0") + + # check if cert-mamager is already installed, otherwise pre-load images & apply the manifest + # NB. this is required until https://github.com/jetstack/cert-manager/issues/3121 is addressed otherwise + # when applying the manifest twice to same cluster kubectl get stuck + existsCheck = str(local("kubectl get namespaces")) + if existsCheck.find("cert-manager") == -1: + # pre-load cert-manager images in kind + images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"] + if settings.get("preload_images_for_kind"): + for image in images: + local("docker pull {}/{}:{}".format(registry, image, version)) + local("kind load docker-image --name {} {}/{}:{}".format(settings.get("kind_cluster_name"), registry, image, version)) + + # apply the cert-manager manifest + local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version)) + + # verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation) + # 1. wait for the cert-manager to be running + local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager") + local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector") + local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook") + + # 2. create a test certificate + local("cat << EOF | kubectl apply -f - " + cert_manager_test_resources + "EOF") + local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ") + local("cat << EOF | kubectl delete -f - " + cert_manager_test_resources + "EOF") # Users may define their own Tilt customizations in tilt.d. This directory is excluded from git and these files will # not be checked in to version control.