@@ -22,30 +22,30 @@ def authCert(ctx):
def run(ctx):
ctx.run("kubectl delete -n pomerium job/pomerium-gen-secrets --ignore-not-found", echo=True)
ctx.run("skaffold run -f use-invoke-not-skaffold.yaml", echo=True)
authCert(ctx)
ctx.run("./make_global.py | kubectl apply -f -", echo=True)
ctx.run("kubectl apply -f config/51-pomerium-production-issuer.yaml", echo=True)
ctx.run("kubectl apply -f config/51-pomerium-staging-issuer.yaml", echo=True)
@task
def delete(ctx):
# todo don't delete certs that have big timeouts to remake
ctx.run("skaffold delete -f use-invoke-not-skaffold.yaml ", echo=True)
ctx.run("kubectl delete -f config/51-pomerium-staging-issuer.yaml --ignore-not-found", echo=True)
ctx.run("kubectl delete -f config/51-pomerium-production-issuer.yaml --ignore-not-found", echo=True)
ctx.run("kubectl delete -f config/60-auth-cert.yaml --ignore-not-found", echo=True)
ctx.run("kubectl delete pomerium/global --ignore-not-found", echo=True)
'''
troubleshooting, based on
https://cert-manager.io/docs/troubleshooting/
then
https://cert-manager.io/docs/concepts/acme-orders-challenges/
I had these open:
✨ dash(pts/31):~% watch 'kubectl describe -n pomerium issuers.cert-manager.io letsencrypt-staging'
✨ dash(pts/31):~% watch 'kubectl describe -n pomerium issuers.cert-manager.io letsencrypt-prod'
✨ dash(pts/29):~% watch "kubectl get -n pomerium certificates.cert-manager.io -o wide"
Status change: