sigs.k8s.io/cluster-api-provider-azure@v1.14.3/tilt_modules/cert_manager/Tiltfile (about)

     1  cert_manager_test_resources = """
     2  apiVersion: v1
     3  kind: Namespace
     4  metadata:
     5    name: cert-manager-test
     6  ---
     7  apiVersion: cert-manager.io/{cert_manager_api_version}
     8  kind: Issuer
     9  metadata:
    10    name: test-selfsigned
    11    namespace: cert-manager-test
    12  spec:
    13    selfSigned: {{}}
    14  ---
    15  apiVersion: cert-manager.io/{cert_manager_api_version}
    16  kind: Certificate
    17  metadata:
    18    name: selfsigned-cert
    19    namespace: cert-manager-test
    20  spec:
    21    dnsNames:
    22      - example.com
    23    secretName: selfsigned-cert-tls
    24    issuerRef:
    25      name: test-selfsigned
    26  """
    27  
    28  # Deploys cert manager to your environment
    29  def deploy_cert_manager(registry="quay.io/jetstack", version="v1.3.1", load_to_kind=False, kind_cluster_name="kind"):
    30      silent=True
    31      if version.startswith('v0'):
    32        cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1alpha2')
    33      else:
    34        cert_manager_test_resources_versioned = cert_manager_test_resources.format(cert_manager_api_version='v1')
    35  
    36      if load_to_kind == True:
    37          print("Loading images to kind")
    38          # Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up
    39          # setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over
    40          # the network each time.
    41          images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"]
    42          for image in images:
    43              local("docker pull {}/{}:{}".format(registry, image, version), quiet=silent, echo_off=silent)
    44              local("kind load docker-image --name {} {}/{}:{}".format(kind_cluster_name, registry, image, version), quiet=silent, echo_off=silent)
    45  
    46      # apply the cert-manager manifest
    47      # NOTE!
    48      # Applying the same manifest twice to same cluster kubectl get stuck with older versions of kubernetes/cert-manager.
    49      # https://github.com/jetstack/cert-manager/issues/3121
    50      print("Installing cert-manager")
    51      local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version), quiet=silent, echo_off=silent)
    52  
    53      # verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation)
    54      # 1. wait for the cert-manager to be running
    55      print("Waiting for cert-manager to start")
    56      local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager", quiet=silent, echo_off=silent)
    57      local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector", quiet=silent, echo_off=silent)
    58      local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook", quiet=silent, echo_off=silent)
    59  
    60      # 2. create a test certificate
    61      print("Testing cert-manager")
    62      # The webhook may refuse connections initially (despite the deployment being Available), so try several times.
    63      local("for i in 1 2 3 4 5 6; do (kubectl apply -f - <<EOF" + cert_manager_test_resources_versioned + "EOF\n) && break || sleep 15; done", quiet=silent, echo_off=silent)
    64      local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ", quiet=silent, echo_off=silent)
    65      local("kubectl delete -f - <<EOF" + cert_manager_test_resources_versioned + "EOF", quiet=silent, echo_off=silent)