Mercurial > code > home > repos > pomerium

annotate tasks.py @ 11:54b0edb7cca8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
debug notes
author drewp@bigasterisk.com
date Mon, 12 Dec 2022 23:24:30 -0800
parents d3caeaf39d87
children 695948b426ae
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
1 from invoke import task
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
2 from invoke.exceptions import UnexpectedExit
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
3 @task
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
4 def delete(ctx):
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
5 ctx.run("cd 30-cert-manager; skaffold delete")
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
6 ctx.run("cd 20-kube; skaffold delete")
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
7 ctx.run("cd 10-vols; skaffold delete")
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
8 ctx.run("cd 00-defs; skaffold delete")
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
9
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
10 @task
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
11 def run(ctx):
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
12 ctx.run("cd 00-defs; skaffold run", echo=True)
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
13 ctx.run("cd 10-vols; skaffold run", echo=True)
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
14 ctx.run("cd 20-kube; skaffold run", echo=True)
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
15 # here we must wait for cert-manager-webhook.cert-manager.svc
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
16 ctx.run("cd 30-cert-manager; skaffold run", echo=True, warn=True)
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
17 ctx.run("cd 30-cert-manager; skaffold run", echo=True)
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
18
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
19 try:
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
20 ctx.run("kubectl get -n pomerium ingress | grep 80")
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
21 except UnexpectedExit:
d3caeaf39d87 deploy with invoke & skaffold
drewp@bigasterisk.com
parents:
diff changeset
22 raise SystemExit("expected cm-acme-http-solver-... ingress on port 80")
11
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
23
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
24 '''
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
25 troubleshooting, based on
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
26 https://cert-manager.io/docs/troubleshooting/
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
27 then
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
28 https://cert-manager.io/docs/concepts/acme-orders-challenges/
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
29
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
30 I had these open:
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
31 ✨ dash(pts/31):~% watch 'kubectl describe -n pomerium issuers.cert-manager.io letsencrypt-staging'
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
32 ✨ dash(pts/31):~% watch 'kubectl describe -n pomerium issuers.cert-manager.io letsencrypt-prod'
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
33 ✨ dash(pts/29):~% watch "kubectl get -n pomerium certificates.cert-manager.io -o wide"
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
34 ✨ dash(pts/36):~% watch 'kubectl describe -n pomerium certificaterequests.cert-manager.io'
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
35 ✨ dash(pts/37):~% watch 'kubectl describe -n pomerium orders.acme.cert-manager.io'
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
36 ✨ dash(pts/38):~% watch 'kubectl describe -n pomerium challenges.acme.cert-manager.io '
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
37
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
38 then i checked clusterissuer vs issuer, the ns of the 60-auth-cert.yaml resources,
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
39 and i often restarted cert-manager and eventually pomerium too. 10-pom-pom.yaml last line
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
40 may need to be toggled.
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
41
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
42 The 'cm-acme-http-solver' ingress for LE comes and goes but i didn't have to force it to exist.
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
43
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
44 Didn't need 04-gen-secrets-job.yaml
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
45
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
46 Also, CM says this a lot which means it may be afraid to renew bigasterisk.com
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
47
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
48 I1213 07:00:01.946799 1 sync.go:394] cert-manager/controller/ingress-shim "msg"="certificate resource is not owned by this object. refusing to update non-owned certificate resource for object" "related_resource_kind"="Certificate" "related_resource_name"="bigasterisk.com-tls" "related_resource_namespace"="default" "related_resource_version"="v1" "resource_kind"="Ingress" "resource_name"="registry" "resource_namespace"="default" "resource_version"="v1"
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
49
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents: 6
diff changeset
50 '''