-
Notifications
You must be signed in to change notification settings - Fork 169
/
Tiltfile
65 lines (60 loc) · 3.32 KB
/
Tiltfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
cert_manager_test_resources = """
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager-test
---
apiVersion: cert-manager.io/{cert_manager_api_version}
kind: Issuer
metadata:
name: test-selfsigned
namespace: cert-manager-test
spec:
selfSigned: {{}}
---
apiVersion: cert-manager.io/{cert_manager_api_version}
kind: Certificate
metadata:
name: selfsigned-cert
namespace: cert-manager-test
spec:
dnsNames:
- example.com
secretName: selfsigned-cert-tls
issuerRef:
name: test-selfsigned
"""
# Deploys cert manager to your environment
def deploy_cert_manager(registry="quay.io/jetstack", version="v1.3.1", load_to_kind=False, kind_cluster_name="kind"):
silent=True
if version.startswith('v0'):
cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1alpha2')
else:
cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1')
if load_to_kind:
print("Loading images to kind")
# Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up
# setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over
# the network each time.
images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"]
for image in images:
local("docker pull {}/{}:{}".format(registry, image, version), quiet=silent, echo_off=silent)
local("kind load docker-image --name {} {}/{}:{}".format(kind_cluster_name, registry, image, version), quiet=silent, echo_off=silent)
# apply the cert-manager manifest
# NOTE!
# Applying the same manifest twice to same cluster kubectl get stuck with older versions of kubernetes/cert-manager.
# https://github.com/jetstack/cert-manager/issues/3121
print("Installing cert-manager")
local("kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/{}/cert-manager.yaml".format(version), quiet=silent, echo_off=silent)
# verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation)
# 1. wait for the cert-manager to be running
print("Waiting for cert-manager to start")
local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager", quiet=silent, echo_off=silent)
local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector", quiet=silent, echo_off=silent)
local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook", quiet=silent, echo_off=silent)
# 2. create a test certificate
print("Testing cert-manager")
# The webhook may refuse connections initially (despite the deployment being Available), so try several times.
local("for i in 1 2 3 4 5 6; do (kubectl apply -f - <<EOF" + cert_manager_test_resources_versioned + "EOF\n) && break || sleep 15; done", quiet=silent, echo_off=silent)
local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ", quiet=silent, echo_off=silent)
local("kubectl delete -f - <<EOF" + cert_manager_test_resources_versioned + "EOF", quiet=silent, echo_off=silent)