Mercurial > code > home > repos > pomerium
changeset 27:0f6176ce0b46
refactor retry code, but then don't use it since it seems we don't want the suffixed name after all
| author | drewp@bigasterisk.com |
|---|---|
| date | Mon, 19 Jun 2023 22:18:30 -0700 |
| parents | d846a4754d34 |
| children | 88fc66e2ebf5 |
| files | make_global.py |
| diffstat | 1 files changed, 19 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/make_global.py Mon Jun 19 22:17:23 2023 -0700 +++ b/make_global.py Mon Jun 19 22:18:30 2023 -0700 @@ -11,11 +11,24 @@ j = json.loads(subprocess.check_output(["kubectl", "get", "-n", ns, "secret", "-o", "json"]).decode('utf8')) for item in j['items']: name = item['metadata']['name'] - if name.startswith('pomerium-proxy-tls-'): + if name.startswith('pomerium-proxy-tls'): return ns + '/' + name raise ValueError() +def retryGetSuffixedName() -> str: + sys.stderr.write("\nwait for secret: ") + for tries in range(100): + try: + return getSuffixedName() + except ValueError: + sys.stderr.write('.') + sys.stderr.flush() + time.sleep(10) + else: + raise ValueError + + config = { 'apiVersion': "ingress.pomerium.io/v1", 'kind': "Pomerium", @@ -51,22 +64,11 @@ # Old note: pom won't start up if this cert doesn't exist, so you have to run once # with it commented out, then after cert success, run again with it enabled. -sys.stderr.write("wait for secret: ") -for tries in range(100): - try: - config['spec']['certificates'] = [ - #getSuffixedName() - 'pomerium/pomerium-proxy-tls' - ] - except ValueError: - sys.stderr.write('.') - sys.stderr.flush() - time.sleep(10) - else: - break -else: - raise ValueError +config['spec']['certificates'] = [ + # retryGetSuffixedName() # it appear this is a temporary cert and we should set the line below then wait a few minutes + 'pomerium/pomerium-proxy-tls' +] sys.stderr.write('\n') -print(json.dumps(config)) \ No newline at end of file +print(json.dumps(config))