Last active
June 9, 2021 09:39
-
-
Save maelvls/927f02b4ff70882afa387131929e650a to your computer and use it in GitHub Desktop.
Test an upgrade of cert-manager using k3s instead of kind (a tiny bit faster to bootstrap a cluster).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env bash | |
| set -ueo pipefail | |
| FROM= | |
| TO= | |
| MODE=helm-without-crds | |
| help() { | |
| cat <<EOF | |
| The cert-manager teams does upgrade tests with various upgrade modes. | |
| Usage: | |
| $(basename "$0") v1.2.1 v1.3.0 [--mode=MODE] | |
| where MODE can be one of: | |
| helm-without-crds Upgrade using Helm with installCRDs=false (default) | |
| helm-with-crds Upgrade using Helm with installCRDs=true. | |
| plain-manifests Upgrade using the plain manifests. | |
| EOF | |
| exit | |
| } | |
| pos_args=() | |
| while [ $# -ne 0 ]; do | |
| case "$1" in | |
| -h | --help) | |
| help | |
| exit 0 | |
| ;; | |
| --mode) | |
| if [ $# -lt 2 ]; then | |
| echo "$1 requires an argument, try one of [helm-without-crds, helm-with-crds, plain-manifests]" >&2 | |
| exit 124 | |
| fi | |
| case "$2" in | |
| helm-without-crds | helm-with-crds | plain-manifests) ;; | |
| *) | |
| echo "error: --mode $MODE not in [helm-without-crds, helm-with-crds, plain-manifests]" >&2 | |
| exit 124 | |
| ;; | |
| esac | |
| MODE="$2" | |
| echo "Mode: $MODE" | |
| shift | |
| ;; | |
| --*) | |
| echo "error: flag $1 does not exist" >&2 | |
| exit 124 | |
| ;; | |
| *) | |
| pos_args+=("$1") | |
| ;; | |
| esac | |
| shift | |
| done | |
| if [ ${#pos_args[@]} -ne 2 ]; then | |
| echo "usage: $(basename "$0") v1.2.1 v1.3.0" >&2 | |
| exit 124 | |
| fi | |
| FROM=${pos_args[0]} | |
| TO=${pos_args[1]} | |
| yel="\033[33m" | |
| gray="\033[90m" | |
| end='\033[0m' | |
| # color "$yel" | |
| color() { | |
| while read -r line; do | |
| printf "${1}%s${end}\n" "$line" | |
| done | |
| } | |
| uncolor() { | |
| sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g" | |
| } | |
| # trace ls /usr/local | |
| trace() { | |
| printf "${yel}%s${end} " "$1" | |
| LANG=C perl -e 'print join(" ", map { $_ =~ / / ? "\"".$_."\"" : $_} @ARGV)' -- "${@:2}" $'\n' | |
| # (1) First, if stdin is attached, display stdin. | |
| # (2) Then, run the command and print stdout/stderr. | |
| if ! [ -t 0 ]; then | |
| tee >(cat >&2) | command "$@" 2>&1 | uncolor | color "$gray" >&2 | |
| # <-------------(1)------------> <----------------------(2)---------------------> | |
| else | |
| command "$@" 2>&1 | uncolor | color "$gray" >&2 | |
| # <--------------------(2)---------------------> | |
| fi | |
| } | |
| export KUBECONFIG=/tmp/ugpradetest | |
| trace k3d cluster delete ugpradetest || true | |
| trace k3d cluster create ugpradetest | |
| (helm repo list | grep -q jetstack && trace helm repo update) \ | |
| || trace helm repo add jetstack https://charts.jetstack.io | |
| # STEP 1: install the old version. | |
| TAG=$FROM | |
| case "$MODE" in | |
| helm-without-crds) | |
| trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml | |
| trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=false | |
| ;; | |
| helm-with-crds) | |
| trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=true | |
| ;; | |
| plain-manifests) | |
| trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml | |
| trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.yaml | |
| ;; | |
| esac | |
| trace kubectl wait --for=condition=available deploy/cert-manager-webhook --timeout=5m | |
| trace kubectl get deploy -owide | |
| # STEP 2: smoke test using a self-signed issuer. | |
| trace kubectl apply -f- <<EOF | |
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: smoketest-selfsigned-issuer | |
| spec: | |
| selfSigned: {} | |
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: Certificate | |
| metadata: | |
| name: smoketest-cert | |
| spec: | |
| secretName: smoketest-cert-tls | |
| commonName: smoketest-cert | |
| dnsNames: | |
| - example.com | |
| issuerRef: | |
| name: smoketest-selfsigned-issuer | |
| kind: Issuer | |
| EOF | |
| trace kubectl wait --for=condition=ready certificate smoketest-cert --timeout=5m | |
| # STEP 3: upgrade to a newer tag. | |
| TAG=$TO | |
| case "$MODE" in | |
| helm-without-crds) | |
| trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml | |
| trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=false | |
| ;; | |
| helm-with-crds) | |
| trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=true | |
| ;; | |
| plain-manifests) | |
| trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml | |
| trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.yaml | |
| ;; | |
| esac | |
| trace kubectl wait --for=condition=available deploy/cert-manager-webhook --timeout=5m | |
| trace kubectl get deploy -owide | |
| # STEP 4: smoke test the reissuance of an old certificate. | |
| # We use the kubectl plugin because kubectl patch can't patch the status of a | |
| # resource: https://github.com/kubernetes/kubernetes/issues/67455 | |
| trace kubectl cert-manager renew smoketest-cert | |
| trace kubectl wait --for=condition=ready=true certificate smoketest-cert --timeout=5m |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment