Use existing certificates if available and update status command
Some checks failed
Lint Checks / Run linter (pull_request) Successful in 15s
Smoke Test / Run basic test suite (pull_request) Successful in 1m42s
Webapp Test / Run webapp test suite (pull_request) Successful in 1m59s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Failing after 2m13s
Deploy Test / Run deploy test suite (pull_request) Successful in 2m36s
K8s Deployment Control Test / Run deployment control suite on kind/k8s (pull_request) Failing after 2m47s
Some checks failed
Lint Checks / Run linter (pull_request) Successful in 15s
Smoke Test / Run basic test suite (pull_request) Successful in 1m42s
Webapp Test / Run webapp test suite (pull_request) Successful in 1m59s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Failing after 2m13s
Deploy Test / Run deploy test suite (pull_request) Successful in 2m36s
K8s Deployment Control Test / Run deployment control suite on kind/k8s (pull_request) Failing after 2m47s
This commit is contained in:
parent
9bc8ce4866
commit
e491545354
@ -114,7 +114,7 @@ class ClusterInfo:
|
||||
nodeports.append(service)
|
||||
return nodeports
|
||||
|
||||
def get_ingress(self, use_tls=False, certificate=None, cluster_issuer="letsencrypt-prod"):
|
||||
def get_ingress(self, use_tls=False, certificate_by_host={}, cluster_issuer="letsencrypt-prod"):
|
||||
# No ingress for a deployment that has no http-proxy defined, for now
|
||||
http_proxy_info_list = self.spec.get_http_proxy()
|
||||
if not http_proxy_info_list:
|
||||
@ -127,6 +127,7 @@ class ClusterInfo:
|
||||
print(f"http-proxy: {http_proxy_info}")
|
||||
# TODO: good enough parsing for webapp deployment for now
|
||||
host_name = http_proxy_info["host-name"]
|
||||
certificate = certificate_by_host[host_name] if host_name in certificate_by_host else None
|
||||
|
||||
if use_tls:
|
||||
tls.append(client.V1IngressTLS(
|
||||
|
||||
@ -227,16 +227,18 @@ class K8sDeployer(Deployer):
|
||||
self._create_volume_data()
|
||||
self._create_deployment()
|
||||
|
||||
http_proxy_info = self.cluster_info.spec.get_http_proxy()
|
||||
http_proxy_info_list = self.cluster_info.spec.get_http_proxy()
|
||||
# Note: at present we don't support tls for kind (and enabling tls causes errors)
|
||||
use_tls = http_proxy_info and not self.is_kind()
|
||||
# TODO Handle for multiple http_proxy_info
|
||||
certificate = self._find_certificate_for_host_name(http_proxy_info[0]["host-name"]) if use_tls else None
|
||||
if opts.o.debug:
|
||||
if certificate:
|
||||
use_tls = http_proxy_info_list and not self.is_kind()
|
||||
certificate_by_host = {}
|
||||
if use_tls:
|
||||
for http_proxy_info in http_proxy_info_list:
|
||||
certificate = self._find_certificate_for_host_name(http_proxy_info["host-name"])
|
||||
if opts.o.debug and certificate:
|
||||
print(f"Using existing certificate: {certificate}")
|
||||
certificate_by_host[http_proxy_info["host-name"]] = certificate
|
||||
|
||||
ingress: client.V1Ingress = self.cluster_info.get_ingress(use_tls=use_tls, certificate=certificate)
|
||||
ingress: client.V1Ingress = self.cluster_info.get_ingress(use_tls=use_tls, certificates_by_host_name=certificate_by_host)
|
||||
if ingress:
|
||||
if opts.o.debug:
|
||||
print(f"Sending this ingress: {ingress}")
|
||||
@ -368,7 +370,6 @@ class K8sDeployer(Deployer):
|
||||
# Destroy the kind cluster
|
||||
destroy_cluster(self.kind_cluster_name)
|
||||
|
||||
# TODO: Update for multiple host-names
|
||||
def status(self):
|
||||
self.connect_api()
|
||||
# Call whatever API we need to get the running container list
|
||||
@ -383,36 +384,46 @@ class K8sDeployer(Deployer):
|
||||
if not pods:
|
||||
return
|
||||
|
||||
hostname = "?"
|
||||
ip = "?"
|
||||
tls = "?"
|
||||
tls_by_host = {}
|
||||
try:
|
||||
ingress = self.networking_api.read_namespaced_ingress(namespace=self.k8s_namespace,
|
||||
name=self.cluster_info.get_ingress().metadata.name)
|
||||
|
||||
ip = ingress.status.load_balancer.ingress[0].ip
|
||||
for rule in ingress.spec.rules:
|
||||
hostname = rule.host
|
||||
tls_spec = next((tls for tls in ingress.spec.tls if hostname in tls.hosts), None)
|
||||
if tls_spec:
|
||||
cert = self.custom_obj_api.get_namespaced_custom_object(
|
||||
group="cert-manager.io",
|
||||
version="v1",
|
||||
namespace=self.k8s_namespace,
|
||||
plural="certificates",
|
||||
name=ingress.spec.tls[0].secret_name
|
||||
name=tls_spec.secret_name
|
||||
)
|
||||
|
||||
hostname = ingress.spec.rules[0].host
|
||||
ip = ingress.status.load_balancer.ingress[0].ip
|
||||
tls = "notBefore: %s; notAfter: %s; names: %s" % (
|
||||
cert["status"]["notBefore"], cert["status"]["notAfter"], ingress.spec.tls[0].hosts
|
||||
cert["status"]["notBefore"], cert["status"]["notAfter"], tls_spec.hosts
|
||||
)
|
||||
tls_by_host[hostname] = tls
|
||||
else:
|
||||
tls_by_host[hostname] = None
|
||||
except: # noqa: E722
|
||||
pass
|
||||
|
||||
print("Ingress:")
|
||||
if len(tls_by_host) == 0:
|
||||
print("\tHostname:", "?")
|
||||
print("\tIP:", "?")
|
||||
print("\tTLS:", "?")
|
||||
print("")
|
||||
|
||||
for hostname, tls in tls_by_host.items():
|
||||
print("\tHostname:", hostname)
|
||||
print("\tIP:", ip)
|
||||
print("\tTLS:", tls)
|
||||
print("")
|
||||
print("Pods:")
|
||||
|
||||
print("Pods:")
|
||||
for p in pods:
|
||||
if p.metadata.deletion_timestamp:
|
||||
print(f"\t{p.metadata.namespace}/{p.metadata.name}: Terminating ({p.metadata.deletion_timestamp})")
|
||||
|
||||
Loading…
Reference in New Issue
Block a user