diff --git a/tasks.py b/tasks.py --- a/tasks.py +++ b/tasks.py @@ -1,19 +1,43 @@ +import sys +import time from invoke import task from invoke.exceptions import UnexpectedExit + +def authCert(ctx): + for tries in range(100): + try: + ctx.run("kubectl apply -f config/60-auth-cert.yaml", echo=True, ) + sys.stderr.write("worked") + return + except UnexpectedExit: + time.sleep(2) + sys.stderr.write('.') + sys.stderr.flush() + raise ValueError + + + @task def run(ctx): - ctx.run("cd 00-defs; skaffold run", echo=True) - ctx.run("cd 10-vols; skaffold run", echo=True) - ctx.run("cd 20-kube; skaffold run", echo=True) - # here we must wait for cert-manager-webhook.cert-manager.svc - ctx.run("cd 30-cert-manager; skaffold run", echo=True, warn=True) - ctx.run("cd 30-cert-manager; skaffold run", echo=True) + ctx.run("kubectl delete -n pomerium job/pomerium-gen-secrets --ignore-not-found", echo=True) + ctx.run("skaffold run -f use-invoke-not-skaffold.yaml", echo=True) + authCert(ctx) + ctx.run("./make_global.py | kubectl apply -f -", echo=True) + ctx.run("kubectl apply -f config/51-pomerium-production-issuer.yaml", echo=True) + ctx.run("kubectl apply -f config/51-pomerium-staging-issuer.yaml", echo=True) + - try: - ctx.run("kubectl get -n pomerium ingress | grep 80") - except UnexpectedExit: - raise SystemExit("expected cm-acme-http-solver-... ingress on port 80") +@task +def delete(ctx): + # todo don't delete certs that have big timeouts to remake + ctx.run("kubectl delete -n pomerium job/pomerium-gen-secrets --ignore-not-found", echo=True) + ctx.run("skaffold delete -f use-invoke-not-skaffold.yaml ", echo=True) + ctx.run("kubectl delete pomerium/global --ignore-not-found", echo=True) + ctx.run("kubectl delete -f config/60-auth-cert.yaml --ignore-not-found", echo=True) + ctx.run("kubectl delete -f config/51-pomerium-production-issuer.yaml --ignore-not-found", echo=True) + ctx.run("kubectl delete -f config/51-pomerium-staging-issuer.yaml --ignore-not-found", echo=True) + ''' troubleshooting, based on