Mercurial > code > home > repos > pomerium
comparison tasks.py @ 24:b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
| author | drewp@bigasterisk.com |
|---|---|
| date | Thu, 08 Jun 2023 10:50:01 -0700 |
| parents | 695948b426ae |
| children | bd2cbc36bc65 |
comparison
equal
deleted
inserted
replaced
| 23:695948b426ae | 24:b53ab97e8979 |
|---|---|
| 1 import sys | |
| 2 import time | |
| 1 from invoke import task | 3 from invoke import task |
| 2 from invoke.exceptions import UnexpectedExit | 4 from invoke.exceptions import UnexpectedExit |
| 3 | 5 |
| 6 | |
| 7 def authCert(ctx): | |
| 8 for tries in range(100): | |
| 9 try: | |
| 10 ctx.run("kubectl apply -f config/60-auth-cert.yaml", echo=True, ) | |
| 11 sys.stderr.write("worked") | |
| 12 return | |
| 13 except UnexpectedExit: | |
| 14 time.sleep(2) | |
| 15 sys.stderr.write('.') | |
| 16 sys.stderr.flush() | |
| 17 raise ValueError | |
| 18 | |
| 19 | |
| 20 | |
| 4 @task | 21 @task |
| 5 def run(ctx): | 22 def run(ctx): |
| 6 ctx.run("cd 00-defs; skaffold run", echo=True) | 23 ctx.run("kubectl delete -n pomerium job/pomerium-gen-secrets --ignore-not-found", echo=True) |
| 7 ctx.run("cd 10-vols; skaffold run", echo=True) | 24 ctx.run("skaffold run -f use-invoke-not-skaffold.yaml", echo=True) |
| 8 ctx.run("cd 20-kube; skaffold run", echo=True) | 25 authCert(ctx) |
| 9 # here we must wait for cert-manager-webhook.cert-manager.svc | 26 ctx.run("./make_global.py | kubectl apply -f -", echo=True) |
| 10 ctx.run("cd 30-cert-manager; skaffold run", echo=True, warn=True) | 27 ctx.run("kubectl apply -f config/51-pomerium-production-issuer.yaml", echo=True) |
| 11 ctx.run("cd 30-cert-manager; skaffold run", echo=True) | 28 ctx.run("kubectl apply -f config/51-pomerium-staging-issuer.yaml", echo=True) |
| 12 | 29 |
| 13 try: | 30 |
| 14 ctx.run("kubectl get -n pomerium ingress | grep 80") | 31 @task |
| 15 except UnexpectedExit: | 32 def delete(ctx): |
| 16 raise SystemExit("expected cm-acme-http-solver-... ingress on port 80") | 33 # todo don't delete certs that have big timeouts to remake |
| 34 ctx.run("kubectl delete -n pomerium job/pomerium-gen-secrets --ignore-not-found", echo=True) | |
| 35 ctx.run("skaffold delete -f use-invoke-not-skaffold.yaml ", echo=True) | |
| 36 ctx.run("kubectl delete pomerium/global --ignore-not-found", echo=True) | |
| 37 ctx.run("kubectl delete -f config/60-auth-cert.yaml --ignore-not-found", echo=True) | |
| 38 ctx.run("kubectl delete -f config/51-pomerium-production-issuer.yaml --ignore-not-found", echo=True) | |
| 39 ctx.run("kubectl delete -f config/51-pomerium-staging-issuer.yaml --ignore-not-found", echo=True) | |
| 40 | |
| 17 | 41 |
| 18 ''' | 42 ''' |
| 19 troubleshooting, based on | 43 troubleshooting, based on |
| 20 https://cert-manager.io/docs/troubleshooting/ | 44 https://cert-manager.io/docs/troubleshooting/ |
| 21 then | 45 then |