Update Cert manager tilt module

docs/dev-setup.md

@@ -285,7 +285,7 @@ below.  Please note, the precedence of variables is as follows:
         },
         "metadata": {,
             "CONTROL_PLANE_MACHINE_COUNT": "1",
-            "KUBERNETES_VERSION": "v1.18.8",
+            "KUBERNETES_VERSION": "v1.22.0",
             "WORKER_MACHINE_COUNT": "2",
         }
     }

examples/generate.sh

@@ -24,11 +24,11 @@ KUSTOMIZE="${SOURCE_DIR}/../hack/tools/bin/kustomize"
 
 # Cluster.
 export CLUSTER_NAME="${CLUSTER_NAME:-test1}"
-export KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.21.2}"
+export KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.22.0}"
 export CLUSTER_APIENDPOINT_HOST="${CLUSTER_APIENDPOINT_HOST:-192.168.111.249}"
 export CLUSTER_APIENDPOINT_PORT="${CLUSTER_APIENDPOINT_PORT:-6443}"
-export IMAGE_URL="${IMAGE_URL:-http://172.22.0.1/images/UBUNTU_20.04_NODE_IMAGE_K8S_v1.21.2-raw.img}"
-export IMAGE_CHECKSUM="${IMAGE_CHECKSUM:-http://172.22.0.1/images/UBUNTU_20.04_NODE_IMAGE_K8S_v1.21.2-raw.img.md5sum}"
+export IMAGE_URL="${IMAGE_URL:-http://172.22.0.1/images/UBUNTU_20.04_NODE_IMAGE_K8S_v1.22.0-raw.img}"
+export IMAGE_CHECKSUM="${IMAGE_CHECKSUM:-http://172.22.0.1/images/UBUNTU_20.04_NODE_IMAGE_K8S_v1.22.0-raw.img.md5sum}"
 export IMAGE_CHECKSUM_TYPE="${IMAGE_CHECKSUM_TYPE:-md5}"
 export IMAGE_FORMAT="${IMAGE_FORMAT:-raw}"
 

hack/boilerplate/boilerplate.py

@@ -148,7 +148,7 @@ def file_extension(filename):
     return os.path.splitext(filename)[1].split(".")[-1].lower()
 
 skipped_dirs = ['Godeps', 'third_party', '_gopath', '_output', '.git', 'cluster/env.sh',
-                "vendor", "test/e2e/generated/bindata.go", "hack/boilerplate/test",
+                "vendor", "test/e2e/generated/bindata.go", "hack/boilerplate/test", "tilt_modules",
                 "pkg/kubectl/generated/bindata.go"]
 
 # list all the files contain 'DO NOT EDIT', but are not generated

tilt_modules/cert_manager/README.md

@@ -12,16 +12,16 @@ load('ext://cert_manager', 'deploy_cert_manager')
 deploy_cert_manager()
 ```
 
-This will deploy cert-manager to you cluster and checks it actually works.
+This will deploy cert-manager to your cluster and checks that it actually works.
 
-If working with Kind, its is possible to pass `load_to_kind=True` to `deploy_cert_manager` so
+If working with Kind, it's possible to pass `load_to_kind=True` to `deploy_cert_manager` so
 all the cert-manager images will be pre-pulled to your local environment and then loaded into Kind before installing.
 This speeds up your workflow if you're repeatedly destroying and recreating your kind cluster, as it doesn't
 have to pull the images over the network each time.
 
 The full list of parameters accepted by `deploy_cert_manager` includes:
 
 - `registry` from which images should be pulled, defaults to `quay.io/jetstack`
-- `version` of cert-manager to install, defaults to `v0.16.1`
+- `version` of cert-manager to install, defaults to `v1.3.1`
 - `load_to_kind` (see above), defaults to `False`
 - `kind_cluster_name`, defaults to `kind`

tilt_modules/cert_manager/Tiltfile

@@ -4,15 +4,15 @@ kind: Namespace
 metadata:
   name: cert-manager-test
 ---
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/{cert_manager_api_version}
 kind: Issuer
 metadata:
   name: test-selfsigned
   namespace: cert-manager-test
 spec:
-  selfSigned: {}
+  selfSigned: {{}}
 ---
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/{cert_manager_api_version}
 kind: Certificate
 metadata:
   name: selfsigned-cert
@@ -28,25 +28,27 @@ spec:
 # Deploys cert manager to your environment
 def deploy_cert_manager(registry="quay.io/jetstack", version="v1.5.0", load_to_kind=False, kind_cluster_name="kind"):
     silent=True
+    if version.startswith('v0'):
+      cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1alpha2')
+    else:
+      cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1')
 
-    # check if cert-mamager is already installed, otherwise pre-load images & apply the manifest
-    # NB. this is required until https://github.com/jetstack/cert-manager/issues/3121 is addressed otherwise
-    # when applying the manifest twice to same cluster kubectl get stuck
-    existsCheck = str(local("kubectl get namespaces", quiet=silent, echo_off=silent))
-    if existsCheck.find("cert-manager") == -1:
-        if load_to_kind == True:
-            print("Loading images to kind")
-            # Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up
-            # setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over
-            # the network each time.
-            images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"]
-            for image in images:
-                local("docker pull {}/{}:{}".format(registry, image, version), quiet=silent, echo_off=silent)
-                local("kind load docker-image --name {} {}/{}:{}".format(kind_cluster_name, registry, image, version), quiet=silent, echo_off=silent)
+    if load_to_kind == True:
+        print("Loading images to kind")
+        # Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up
+        # setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over
+        # the network each time.
+        images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"]
+        for image in images:
+            local("docker pull {}/{}:{}".format(registry, image, version), quiet=silent, echo_off=silent)
+            local("kind load docker-image --name {} {}/{}:{}".format(kind_cluster_name, registry, image, version), quiet=silent, echo_off=silent)
 
-        # apply the cert-manager manifest
-        print("Installing cert-manager")
-        local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version), quiet=silent, echo_off=silent)
+    # apply the cert-manager manifest
+    # NOTE!
+    # Applying the same manifest twice to same cluster kubectl get stuck with older versions of kubernetes/cert-manager.
+    # https://github.com/jetstack/cert-manager/issues/3121
+    print("Installing cert-manager")
+    local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version), quiet=silent, echo_off=silent)
 
     # verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation)
     # 1. wait for the cert-manager to be running
@@ -57,6 +59,7 @@ def deploy_cert_manager(registry="quay.io/jetstack", version="v1.5.0", load_to_k
 
     # 2. create a test certificate
     print("Testing cert-manager")
-    local("cat << EOF | kubectl apply -f - " + cert_manager_test_resources + "EOF", quiet=silent, echo_off=silent)
+    # The webhook may refuse connections initially (despite the deployment being Available), so try several times.
+    local("for i in 1 2 3 4 5 6; do (kubectl apply -f - <<EOF" + cert_manager_test_resources_versioned + "EOF\n) && break || sleep 15; done", quiet=silent, echo_off=silent)
     local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ", quiet=silent, echo_off=silent)
-    local("cat << EOF | kubectl delete -f - " + cert_manager_test_resources + "EOF", quiet=silent, echo_off=silent)
+    local("kubectl delete -f - <<EOF" + cert_manager_test_resources_versioned + "EOF", quiet=silent, echo_off=silent)