Use existing certificates if available and update status command

stack_orchestrator/deploy/k8s/cluster_info.py

@@ -114,7 +114,7 @@ class ClusterInfo:
                         nodeports.append(service)
         return nodeports
 
-    def get_ingress(self, use_tls=False, certificate=None, cluster_issuer="letsencrypt-prod"):
+    def get_ingress(self, use_tls=False, certificate_by_host={}, cluster_issuer="letsencrypt-prod"):
         # No ingress for a deployment that has no http-proxy defined, for now
         http_proxy_info_list = self.spec.get_http_proxy()
         if not http_proxy_info_list:
@@ -127,6 +127,7 @@ class ClusterInfo:
                 print(f"http-proxy: {http_proxy_info}")
             # TODO: good enough parsing for webapp deployment for now
             host_name = http_proxy_info["host-name"]
+            certificate = certificate_by_host[host_name] if host_name in certificate_by_host else None
 
             if use_tls:
                 tls.append(client.V1IngressTLS(

stack_orchestrator/deploy/k8s/deploy_k8s.py

@@ -227,16 +227,18 @@ class K8sDeployer(Deployer):
         self._create_volume_data()
         self._create_deployment()
 
-        http_proxy_info = self.cluster_info.spec.get_http_proxy()
+        http_proxy_info_list = self.cluster_info.spec.get_http_proxy()
         # Note: at present we don't support tls for kind (and enabling tls causes errors)
-        use_tls = http_proxy_info and not self.is_kind()
+        use_tls = http_proxy_info_list and not self.is_kind()
-        # TODO Handle for multiple http_proxy_info
+        certificate_by_host = {}
-        certificate = self._find_certificate_for_host_name(http_proxy_info[0]["host-name"]) if use_tls else None
+        if use_tls:
-        if opts.o.debug:
+            for http_proxy_info in http_proxy_info_list:
-            if certificate:
+                certificate = self._find_certificate_for_host_name(http_proxy_info["host-name"])
-                print(f"Using existing certificate: {certificate}")
+                if opts.o.debug and certificate:
+                    print(f"Using existing certificate: {certificate}")
+                certificate_by_host[http_proxy_info["host-name"]] = certificate
 
-        ingress: client.V1Ingress = self.cluster_info.get_ingress(use_tls=use_tls, certificate=certificate)
+        ingress: client.V1Ingress = self.cluster_info.get_ingress(use_tls=use_tls, certificates_by_host_name=certificate_by_host)
         if ingress:
             if opts.o.debug:
                 print(f"Sending this ingress: {ingress}")
@@ -368,7 +370,6 @@ class K8sDeployer(Deployer):
             # Destroy the kind cluster
             destroy_cluster(self.kind_cluster_name)
 
-    # TODO: Update for multiple host-names
     def status(self):
         self.connect_api()
         # Call whatever API we need to get the running container list
@@ -383,36 +384,46 @@ class K8sDeployer(Deployer):
         if not pods:
             return
 
-        hostname = "?"
+        tls_by_host = {}
-        ip = "?"
-        tls = "?"
         try:
             ingress = self.networking_api.read_namespaced_ingress(namespace=self.k8s_namespace,
                                                                   name=self.cluster_info.get_ingress().metadata.name)
 
-            cert = self.custom_obj_api.get_namespaced_custom_object(
-                group="cert-manager.io",
-                version="v1",
-                namespace=self.k8s_namespace,
-                plural="certificates",
-                name=ingress.spec.tls[0].secret_name
-            )
-
-            hostname = ingress.spec.rules[0].host
             ip = ingress.status.load_balancer.ingress[0].ip
-            tls = "notBefore: %s; notAfter: %s; names: %s" % (
+            for rule in ingress.spec.rules:
-                cert["status"]["notBefore"], cert["status"]["notAfter"], ingress.spec.tls[0].hosts
+                hostname = rule.host
-            )
+                tls_spec = next((tls for tls in ingress.spec.tls if hostname in tls.hosts), None)
+                if tls_spec:
+                    cert = self.custom_obj_api.get_namespaced_custom_object(
+                        group="cert-manager.io",
+                        version="v1",
+                        namespace=self.k8s_namespace,
+                        plural="certificates",
+                        name=tls_spec.secret_name
+                    )
+                    tls = "notBefore: %s; notAfter: %s; names: %s" % (
+                        cert["status"]["notBefore"], cert["status"]["notAfter"], tls_spec.hosts
+                    )
+                    tls_by_host[hostname] = tls
+                else:
+                    tls_by_host[hostname] = None
         except:  # noqa: E722
             pass
 
         print("Ingress:")
-        print("\tHostname:", hostname)
+        if len(tls_by_host) == 0:
-        print("\tIP:", ip)
+            print("\tHostname:", "?")
-        print("\tTLS:", tls)
+            print("\tIP:", "?")
-        print("")
+            print("\tTLS:", "?")
-        print("Pods:")
+            print("")
 
+        for hostname, tls in tls_by_host.items():
+            print("\tHostname:", hostname)
+            print("\tIP:", ip)
+            print("\tTLS:", tls)
+            print("")
+
+        print("Pods:")
         for p in pods:
             if p.metadata.deletion_timestamp:
                 print(f"\t{p.metadata.namespace}/{p.metadata.name}: Terminating ({p.metadata.deletion_timestamp})")