# HG changeset patch # User drewp@bigasterisk.com # Date 2023-06-20 05:18:30 # Node ID 0f6176ce0b46890c5e4178080d860579b662279d # Parent d846a4754d349d5367d40ffef07de28c775772a6 refactor retry code, but then don't use it since it seems we don't want the suffixed name after all diff --git a/make_global.py b/make_global.py --- a/make_global.py +++ b/make_global.py @@ -11,11 +11,24 @@ def getSuffixedName() -> str: j = json.loads(subprocess.check_output(["kubectl", "get", "-n", ns, "secret", "-o", "json"]).decode('utf8')) for item in j['items']: name = item['metadata']['name'] - if name.startswith('pomerium-proxy-tls-'): + if name.startswith('pomerium-proxy-tls'): return ns + '/' + name raise ValueError() +def retryGetSuffixedName() -> str: + sys.stderr.write("\nwait for secret: ") + for tries in range(100): + try: + return getSuffixedName() + except ValueError: + sys.stderr.write('.') + sys.stderr.flush() + time.sleep(10) + else: + raise ValueError + + config = { 'apiVersion': "ingress.pomerium.io/v1", 'kind': "Pomerium", @@ -51,22 +64,11 @@ config = { # Old note: pom won't start up if this cert doesn't exist, so you have to run once # with it commented out, then after cert success, run again with it enabled. -sys.stderr.write("wait for secret: ") -for tries in range(100): - try: - config['spec']['certificates'] = [ - #getSuffixedName() - 'pomerium/pomerium-proxy-tls' - ] - except ValueError: - sys.stderr.write('.') - sys.stderr.flush() - time.sleep(10) - else: - break -else: - raise ValueError +config['spec']['certificates'] = [ + # retryGetSuffixedName() # it appear this is a temporary cert and we should set the line below then wait a few minutes + 'pomerium/pomerium-proxy-tls' +] sys.stderr.write('\n') -print(json.dumps(config)) \ No newline at end of file +print(json.dumps(config))