sparse-intern-71089
08/30/2019, 2:10 PMearly-intern-90238
08/30/2019, 2:54 PMbitter-dentist-28132
08/30/2019, 3:12 PMdependsOn
what?early-intern-90238
08/30/2019, 3:16 PMbitter-dentist-28132
08/30/2019, 3:16 PMdependsOn
various cert-manager resources, but it always fails with Plan apply failed: resource letsencrypt-prod was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "<http://clusterissuers.admission.certmanager.k8s.io|clusterissuers.admission.certmanager.k8s.io>": the server is currently unable to handle the request
i also tried depending on the parent kubernetes:yaml:ConfigFile
. this didn't work because depending on the parent doesn't wait for its children resources. (so it failed because the CRD didn't exist yet)
what i'd like to try is waiting on all children resources (which i don't think i can do without enumerating all children resources). and if that doesn't work, wait for 30s after all the children resources have been created, then create the ClusterIssuer.early-intern-90238
08/30/2019, 3:16 PMearly-intern-90238
08/30/2019, 3:17 PMearly-intern-90238
08/30/2019, 3:17 PMbitter-dentist-28132
08/30/2019, 3:18 PMbitter-dentist-28132
08/30/2019, 3:18 PMearly-intern-90238
08/30/2019, 3:18 PMbitter-dentist-28132
08/30/2019, 3:18 PMearly-intern-90238
08/30/2019, 3:18 PMbitter-dentist-28132
08/30/2019, 3:19 PMkubernetes:yaml:ConfigGroup
-- that also didn't work (CRD not existing issue)bitter-dentist-28132
08/30/2019, 3:19 PMearly-intern-90238
08/30/2019, 3:20 PMearly-intern-90238
08/30/2019, 3:20 PMbitter-dentist-28132
08/30/2019, 3:20 PMearly-intern-90238
08/30/2019, 3:22 PMbitter-dentist-28132
08/30/2019, 3:23 PMearly-intern-90238
08/30/2019, 3:26 PMbitter-dentist-28132
08/30/2019, 3:26 PMearly-intern-90238
08/30/2019, 3:27 PMearly-intern-90238
08/30/2019, 3:31 PMbitter-dentist-28132
08/30/2019, 3:37 PMutil.checkHttpLatency
to resolve? and during that time it might throw an error?bitter-dentist-28132
08/30/2019, 3:39 PMPromise.all([...]).then(createCluserIssuer)
?early-intern-90238
08/30/2019, 3:47 PMearly-intern-90238
08/30/2019, 3:47 PMbitter-dentist-28132
08/30/2019, 4:14 PMresources
property of the ConfigFile
as the dependsOn
... i guess i'll see if that worksbetter-rainbow-14549
08/30/2019, 4:27 PMconst certManager = new kubernetes.yaml.ConfigFile(
"cert-manager",
{ file: CertManagerYamlFile, },
{ providers: { kubernetes: provider } }
);
const dependsOn = [certManager.getResource("v1/Namespace", "cert-manager")];
better-rainbow-14549
08/30/2019, 4:28 PMbitter-dentist-28132
08/30/2019, 4:56 PMconst certManager = new k8s.yaml.ConfigFile("<https://github.com/jetstack/cert-manager/releases/download/v0.9.1/cert-manager.yaml>", {}, {provider: provider});
const CLUSTER_ISSUER_YAML = `...`;
// transform the {key: Resource} type of
// certManager.resources to the
// Resource[] type accepted by dependsOn
const dependsOn = certManager.resources.apply(resources => Object.keys(resources).map(key => resources[key]));
const clusterIssuer = new k8s.yaml.ConfigGroup('cluster-issuer', {yaml: CLUSTER_ISSUER_YAML}, {provider, dependsOn});
better-rainbow-14549
08/30/2019, 4:57 PMbitter-dentist-28132
08/30/2019, 4:58 PMbetter-rainbow-14549
08/30/2019, 4:58 PM/**
* A resource which issues certificates via HTTP01 Challenge Provider.
*/
export class Http01CertificateIssuer extends kubernetes.apiextensions.CustomResource implements CertificateIssuer {
/**
* The name of the issuer.
*/
public name: string;
/**
* The issuer configuration.
*/
public configuration: CertificateProviderConfigHttp01[];
/**
* The provider used to deploy the created resource.
*/
public provider: pulumi.ProviderResource;
/**
* Registers a new ClusterCertificateIssuer using LetsEncrypt.
* @param issuerName The name to refer to the issuer as.
* @param namespace The namespace to store the issuer in.
* @param acmeCertificateEmail The email to supply as the registrant.
* @param server The LetsEncrypt endpoint to use.
* @param provider A specific provider to use.
* @param dependsOn Additional dependencies.
* @param privateKeySecretRef An optional name for the secret where the private key for the certificate is stored.
*/
constructor(
issuerName: string,
namespace: pulumi.Input<string>,
acmeCertificateEmail: pulumi.Input<string>,
server: pulumi.Input<string>,
provider: pulumi.ProviderResource,
dependsOn: pulumi.Resource[] | undefined,
privateKeySecretRef: pulumi.Input<string> = issuerName,
ingressClass: pulumi.Input<string> = "nginx"
) {
super(
issuerName,
{
apiVersion: "<http://certmanager.k8s.io/v1alpha1|certmanager.k8s.io/v1alpha1>",
kind: "ClusterIssuer",
metadata: {
name: issuerName,
namespace: namespace
},
spec: {
acme: {
server: server,
email: acmeCertificateEmail,
privateKeySecretRef: {
name: privateKeySecretRef
},
http01: {}
},
solvers: [{
selector: {},
http01: {
ingress: {
class: "nginx"
}
}
}]
}
},
{ provider: provider, dependsOn: dependsOn }
);
this.name = issuerName;
this.provider = provider;
this.configuration = [{ http01: { ingressClass: ingressClass } }];
}
}
better-rainbow-14549
08/30/2019, 4:58 PMbetter-rainbow-14549
08/30/2019, 4:58 PMbetter-rainbow-14549
08/30/2019, 4:59 PMbitter-dentist-28132
08/30/2019, 5:00 PMbitter-dentist-28132
08/30/2019, 5:01 PMbetter-rainbow-14549
08/30/2019, 5:01 PM/**
* A certificate issued by a CertificateIssuer.
*/
export class Certificate extends kubernetes.apiextensions.CustomResource implements ICertificate {
public readonly name: string;
public readonly namespace: pulumi.Output<string>;
public readonly secretName: pulumi.Output<string>;
public readonly domains: pulumi.Output<string[]>;
/**
* Creates a new certificate.
* @param name The name of the certificate.
* @param namespace The namespace to store the certificate in.
* @param domains The domains the certificate certifies.
* @param issuer The CertificateIssuer used to issue it.
*/
constructor(
name: string,
namespace: pulumi.Input<string>,
domains: pulumi.Input<string>[],
issuer: CertificateIssuer,
secretName: pulumi.Input<string> = name
) {
super(
name,
{
apiVersion: "<http://certmanager.k8s.io/v1alpha1|certmanager.k8s.io/v1alpha1>",
kind: "Certificate",
metadata: {
name: name,
namespace: namespace
},
spec: {
secretName: secretName,
dnsNames: domains,
acme: {
config: issuer.configuration.map(x => ({
...x,
domains: domains
}))
},
issuerRef: {
name: issuer.name,
kind: issuer.kind
}
}
},
{
provider: issuer.provider
}
);
this.name = name;
this.namespace = pulumi.Output.create(namespace);
this.secretName = pulumi.Output.create(secretName);
this.domains = pulumi.Output.create(domains);
}
}
better-rainbow-14549
08/30/2019, 5:01 PMbetter-rainbow-14549
08/30/2019, 5:01 PMbetter-rainbow-14549
08/30/2019, 5:02 PMcurved-doctor-83600
12/11/2019, 5:16 PM