From 3cb228ac7d42059798433eb7722a54f547b56ffc Mon Sep 17 00:00:00 2001 From: eratnch Date: Tue, 13 Oct 2020 14:14:02 -0700 Subject: [PATCH] Use tilt cert_manager extension for CAPZ Removed existing deploy_cert_manager Used tilt cert_manager extension --- Tiltfile | 64 +---------------------------- tilt_modules/cert_manager/README.md | 26 ++++++++++++ tilt_modules/cert_manager/Tiltfile | 62 ++++++++++++++++++++++++++++ tilt_modules/extensions.json | 9 ++++ 4 files changed, 99 insertions(+), 62 deletions(-) create mode 100644 tilt_modules/cert_manager/README.md create mode 100644 tilt_modules/cert_manager/Tiltfile create mode 100644 tilt_modules/extensions.json diff --git a/Tiltfile b/Tiltfile index 2cb5ffc346c..19ef9d87f5b 100644 --- a/Tiltfile +++ b/Tiltfile @@ -35,41 +35,6 @@ if "allowed_contexts" in settings: if "default_registry" in settings: default_registry(settings.get("default_registry")) - -# Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up -# setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over -# the network each time. -def deploy_cert_manager(): - registry = settings.get("cert_manager_registry", "quay.io/jetstack") - version = settings.get("cert_manager_version") - - # check if cert-mamager is already installed, otherwise pre-load images & apply the manifest - # NB. this is required until https://github.com/jetstack/cert-manager/issues/3121 is addressed otherwise - # when applying the manifest twice to same cluster kubectl get stuck - existsCheck = str(local("kubectl get namespaces")) - if existsCheck.find("cert-manager") == -1: - # pre-load cert-manager images in kind - images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"] - if settings.get("preload_images_for_kind"): - for image in images: - local("docker pull {}/{}:{}".format(registry, image, version)) - local("kind load docker-image --name {} {}/{}:{}".format(settings.get("kind_cluster_name"), registry, image, version)) - - # apply the cert-manager manifest - local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version)) - - # verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation) - # 1. wait for the cert-manager to be running - local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager") - local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector") - local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook") - - # 2. create a test certificate - local("cat << EOF | kubectl apply -f - " + cert_manager_test_resources + "EOF") - local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ") - local("cat << EOF | kubectl delete -f - " + cert_manager_test_resources + "EOF") - - # deploy CAPI def deploy_capi(): version = settings.get("capi_version") @@ -164,33 +129,6 @@ COPY --from=tilt-helper /restart.sh . COPY manager . """ -cert_manager_test_resources = """ -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager-test ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Issuer -metadata: - name: test-selfsigned - namespace: cert-manager-test -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: selfsigned-cert - namespace: cert-manager-test -spec: - dnsNames: - - example.com - secretName: selfsigned-cert-tls - issuerRef: - name: test-selfsigned -""" - # Build CAPZ and add feature gates def capz(): # Apply the kustomized yaml for this provider @@ -385,6 +323,8 @@ validate_auth() include_user_tilt_files() +load("ext://cert_manager", "deploy_cert_manager") + if settings.get("deploy_cert_manager"): deploy_cert_manager() diff --git a/tilt_modules/cert_manager/README.md b/tilt_modules/cert_manager/README.md new file mode 100644 index 00000000000..f45fac1b057 --- /dev/null +++ b/tilt_modules/cert_manager/README.md @@ -0,0 +1,26 @@ +# Cert-manager + +This extension deploys cert-manager. + +## Usage + +Basic usage + +``` +load('ext://cert_manager', 'deploy_cert_manager') + +deploy_cert_manager() +``` + +This will deploy cert-manager to you cluster and checks it actually works. + +If working with Kind, its is possible to pass `load_to_kind=True` to `deploy_cert_manager` so +all the cert-manager images will be pre-pulled to your local environment and then loaded into Kind before installing. +This speeds up your workflow if you're repeatedly destroying and recreating your kind cluster, as it doesn't +have to pull the images over the network each time. + +The full list of parameters accepted by `deploy_cert_manager` includes: +- `registry` from which images should be pulled, defaults to `quay.io/jetstack` +- `version` of cert-manager to install, defaults to `v0.16.1` +- `load_to_kind` (see above), defaults to `False` +- `kind_cluster_name`, defaults to `kind` diff --git a/tilt_modules/cert_manager/Tiltfile b/tilt_modules/cert_manager/Tiltfile new file mode 100644 index 00000000000..93f4437e2b9 --- /dev/null +++ b/tilt_modules/cert_manager/Tiltfile @@ -0,0 +1,62 @@ +cert_manager_test_resources = """ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager-test +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: test-selfsigned + namespace: cert-manager-test +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: selfsigned-cert + namespace: cert-manager-test +spec: + dnsNames: + - example.com + secretName: selfsigned-cert-tls + issuerRef: + name: test-selfsigned +""" + +# Deploys cert manager to your environment +def deploy_cert_manager(registry="quay.io/jetstack", version="v0.16.1", load_to_kind=False, kind_cluster_name="kind"): + silent=True + + # check if cert-mamager is already installed, otherwise pre-load images & apply the manifest + # NB. this is required until https://github.com/jetstack/cert-manager/issues/3121 is addressed otherwise + # when applying the manifest twice to same cluster kubectl get stuck + existsCheck = str(local("kubectl get namespaces", quiet=silent, echo_off=silent)) + if existsCheck.find("cert-manager") == -1: + if load_to_kind == True: + print("Loading images to kind") + # Prepull all the cert-manager images to your local environment and then load them directly into kind. This speeds up + # setup if you're repeatedly destroying and recreating your kind cluster, as it doesn't have to pull the images over + # the network each time. + images = ["cert-manager-controller", "cert-manager-cainjector", "cert-manager-webhook"] + for image in images: + local("docker pull {}/{}:{}".format(registry, image, version), quiet=silent, echo_off=silent) + local("kind load docker-image --name {} {}/{}:{}".format(kind_cluster_name, registry, image, version), quiet=silent, echo_off=silent) + + # apply the cert-manager manifest + print("Installing cert-manager") + local("kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/{}/cert-manager.yaml".format(version), quiet=silent, echo_off=silent) + + # verifies cert-manager is properly working (https://cert-manager.io/docs/installation/kubernetes/#verifying-the-installation) + # 1. wait for the cert-manager to be running + print("Waiting for cert-manager to start") + local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager", quiet=silent, echo_off=silent) + local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector", quiet=silent, echo_off=silent) + local("kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook", quiet=silent, echo_off=silent) + + # 2. create a test certificate + print("Testing cert-manager") + local("cat << EOF | kubectl apply -f - " + cert_manager_test_resources + "EOF", quiet=silent, echo_off=silent) + local("kubectl wait --for=condition=Ready --timeout=300s -n cert-manager-test certificate/selfsigned-cert ", quiet=silent, echo_off=silent) + local("cat << EOF | kubectl delete -f - " + cert_manager_test_resources + "EOF", quiet=silent, echo_off=silent) diff --git a/tilt_modules/extensions.json b/tilt_modules/extensions.json new file mode 100644 index 00000000000..3b29240c3e4 --- /dev/null +++ b/tilt_modules/extensions.json @@ -0,0 +1,9 @@ +{ + "Extensions": [ + { + "Name": "cert_manager", + "ExtensionRegistry": "https://github.com/tilt-dev/tilt-extensions", + "TimeFetched": "2020-10-13T13:51:07.717747266-07:00" + } + ] +}