Created
June 22, 2023 02:57
-
-
Save drewp/49381b695d2c50f51779408cd5864bbd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @task | |
| def run(ctx): | |
| ctx.run("kubectl delete -n pomerium job/pomerium-gen-secrets --ignore-not-found", echo=True) | |
| ctx.run("kubectl apply -f config/05-idp-secret.yaml", echo=True) | |
| # ctx.run("kubectl apply -f config/06-postgres.yaml", echo=True) | |
| ctx.run("kubectl apply -f config/51-pomerium-production-issuer.yaml", echo=True) | |
| ctx.run("kubectl apply -f config/51-pomerium-staging-issuer.yaml", echo=True) | |
| ctx.run("./make_global.py no_cert | kubectl apply -f -", echo=True) | |
| ctx.run("kubectl kustomize upstream | kubectl apply -f -", echo=True) | |
| # this may wait for | |
| # 1) nothing; cert+secret exist | |
| # 2) a letsencrypt session | |
| # 3) a cert-manager delay before a LE session (e.g. 45 minutes) | |
| ctx.run("./make_global.py wait_for_cert | kubectl apply -f -", echo=True) | |
| ctx.run("./make_global.py output_pom_cert | kubectl apply -f -", echo=True) | |
| ctx.run("kubectl apply -f ingress/default.yaml", echo=True) | |
| ctx.run("kubectl apply -f ingress/static.yaml", echo=True) | |
| @task | |
| def delete(ctx): | |
| ctx.run("kubectl delete -f ingress/static.yaml --ignore-not-found", echo=True) | |
| ctx.run("kubectl delete -f ingress/default.yaml --ignore-not-found", echo=True) | |
| # delete cert, but don't delete secrets (which could take a while to reacquire) | |
| ctx.run("./make_global.py output_pom_cert | kubectl delete -f - --ignore-not-found", echo=True) | |
| ctx.run("kubectl delete pomerium/global --ignore-not-found", echo=True) | |
| ctx.run("kubectl delete -f config/51-pomerium-staging-issuer.yaml --ignore-not-found", echo=True) | |
| ctx.run("kubectl delete -f config/51-pomerium-production-issuer.yaml --ignore-not-found", echo=True) | |
| # the kustomize workloads | |
| for type, ns, name in [ | |
| ('job', 'pomerium', 'pomerium-gen-secrets'), | |
| ('deploy', 'cert-manager', 'cert-manager'), | |
| ('deploy', 'cert-manager', 'cert-manager-cainjector'), | |
| ('deploy', 'cert-manager', 'cert-manager-webhook'), | |
| ('deploy', 'pomerium', 'pomerium'), | |
| ('service', 'cert-manager', 'cert-manager'), | |
| ('service', 'cert-manager', 'cert-manager-webhook'), | |
| ('service', 'pomerium', 'pomerium-metrics'), | |
| ('service', 'pomerium', 'pomerium-proxy'), | |
| ]: | |
| ctx.run(f"kubectl delete -n {ns} {type} {name} --ignore-not-found", echo=True) | |
| ctx.run("kubectl delete -f config/06-postgres.yaml --ignore-not-found", echo=True) | |
| ctx.run("kubectl delete -f config/05-idp-secret.yaml --ignore-not-found", echo=True) | |
| ctx.run("kubectl delete -n pomerium job/pomerium-gen-secrets --ignore-not-found", echo=True) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment