def delete_managed_certificates():
print("### Delete ManagedCertificate objects")
names, success = command.call_get_out("kubectl get mcrt -o go-template='{{range .items}}{{.metadata.name}}{{\"\\n\"}}{{end}}'")
if success:
for name in names:
command.call("kubectl delete mcrt {0}".format(name))
def init():
if not os.path.isfile("/etc/service-account/service-account.json"):
return
print("### Configure registry authentication")
command.call("gcloud auth activate-service-account --key-file=/etc/service-account/service-account.json")
command.call("gcloud auth configure-docker")
print("### Get kubectl 1.11")
command.call("curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.11.0/bin/linux/amd64/kubectl")
command.call("chmod +x kubectl")
print("### kubectl version: {0}".format(command.call_get_out("./kubectl version")[0][0]))
print("### Set namespace default")
command.call("kubectl config set-context $(kubectl config current-context) --namespace=default")
def create_managed_certificates(domains):
i = 1
for domain in domains:
with open("/tmp/managed-certificate.yaml", "w") as f:
f.write(
"""apiVersion: alpha.cloud.google.com/v1alpha1
kind: ManagedCertificate
metadata:
name: test{0}-certificate
spec:
domains:
- {1}
""".format(i, domain))
f.flush()
command.call("kubectl create -f /tmp/managed-certificate.yaml", "Deploy test{0}-certificate ManagedCertificate custom object".format(i))
i += 1
def test(zone):
utils.printf("Create random DNS records")
domains = dns.create_random_domains(zone)
command.call(
"gcloud alpha compute ssl-certificates create user-created-certificate --global --domains example.com",
"Create additional managed SslCertificate to make sure it won't be deleted by managed-certificate-controller"
)
create_managed_certificates(domains)
command.call(
"kubectl annotate ingress test-ingress gke.googleapis.com/managed-certificates=test1-certificate,test2-certificate"
)
expect_ssl_certificates(3)
utils.printf("Wait for certificates to become Active...")
if utils.backoff(get_managed_certificate_statuses,
lambda statuses: statuses == ["Active", "Active"],
max_attempts=50):
utils.printf("ok")
else:
utils.printf(
"statuses are: {0}. Certificates did not become Active, exiting with failure"
.format(get_managed_certificate_statuses()))
sys.exit(1)
utils.printf(
"Check HTTP return codes for GET requests to domains {0}...".format(
", ".join(domains)))
if utils.backoff(lambda: get_http_statuses(domains),
lambda statuses: statuses == [200, 200]):
utils.printf("ok")
else:
utils.printf(
"statuses are: {0}. HTTP requests failed, exiting with failure.".
format(", ".join(get_http_statuses(domains))))
sys.exit(1)
command.call(
"kubectl delete -f {0}/deploy/ingress.yaml --ignore-not-found=true".
format(SCRIPT_ROOT))
delete_managed_certificates()
expect_ssl_certificates(1)
def delete_ssl_certificates():
print("### Remove all existing SslCertificate objects")
for uri in get_ssl_certificates():
command.call("echo y | gcloud compute ssl-certificates delete {0}".format(uri))
def kubectl_delete(*file_names):
for file_name in file_names:
command.call("kubectl delete -f {0}/deploy/{1} --ignore-not-found=true".format(SCRIPT_ROOT, file_name))
def kubectl_create(*file_names):
for file_name in file_names:
command.call("kubectl create -f {0}/deploy/{1}".format(SCRIPT_ROOT, file_name))