diff --git a/hack/verify-upgrade.sh b/hack/verify-upgrade.sh index e0a1d714f..a00ce7e47 100755 --- a/hack/verify-upgrade.sh +++ b/hack/verify-upgrade.sh @@ -22,6 +22,7 @@ SCRIPT_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )" export REPO_ROOT="${SCRIPT_ROOT}/.." source "${REPO_ROOT}/devel/lib/lib.sh" source "${REPO_ROOT}/hack/build/version.sh" +export APP_VERSION="$(date +"%s")" kube::version::last_published_release @@ -29,11 +30,28 @@ LATEST_RELEASE="${KUBE_LAST_RELEASE}" CURRENT_VERSION="${KUBE_GIT_VERSION}" # Ensure helm, kind, kubectl, ytt, jq are available +echo "Building the required tools.." bazel build //hack/bin:helm //hack/bin:kind //hack/bin:ytt //hack/bin:jq //hack/bin:kubectl //hack/bin:kubectl-cert_manager bindir="$(bazel info bazel-bin)" export PATH="${bindir}/hack/bin/:$PATH" -echo "Testing upgrade from ${LATEST_RELEASE} to ${CURRENT_VERSION}" +# Build images from latest master and load into the kind cluster. These will be +# used when upgrading with both kubectl and helm. +# Tag images with APP_VERSION for consistency with devel/addon/certmanager/install.sh. +echo "Building latest cert-manger images.." +APP_VERSION=${APP_VERSION} \ +bazel run \ + --stamp=true \ + --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 \ + "//devel/addon/certmanager:bundle" + +echo "Loading latest cert-manager images to cluster.." +load_image "quay.io/jetstack/cert-manager-controller:${APP_VERSION}" & +load_image "quay.io/jetstack/cert-manager-acmesolver:${APP_VERSION}" & +load_image "quay.io/jetstack/cert-manager-cainjector:${APP_VERSION}" & +load_image "quay.io/jetstack/cert-manager-webhook:${APP_VERSION}" & +load_image "quay.io/jetstack/cert-manager-ctl:${APP_VERSION}" & +wait # Namespace to deploy into NAMESPACE="${NAMESPACE:-cert-manager}" @@ -46,6 +64,8 @@ HELM_CHART="jetstack/cert-manager" # VERIFY INSTALL, UPGRADE, UNINSTALL WITH HELM ############ +echo "Testing upgrade from ${LATEST_RELEASE} to ${CURRENT_VERSION} with Helm.." + # This will target the host's helm repository cache helm repo add jetstack https://charts.jetstack.io helm repo update @@ -68,16 +88,28 @@ helm upgrade \ # Wait for the cert-manager api to be available kubectl cert-manager check api --wait=1m -v +echo "Creating some cert-manager resources.." + # Create a cert-manager issuer and cert kubectl apply -f "${REPO_ROOT}/test/fixtures/cert-manager-resources.yaml" --selector=test="first" # Ensure cert becomes ready kubectl wait --for=condition=Ready cert/test1 --timeout=180s -# 1. BUILD AND UPGRADE TO HELM CHART FROM THE CURRENT MASTER +# 2. BUILD AND UPGRADE TO HELM CHART FROM THE CURRENT MASTER + +bazel build //deploy/charts/cert-manager echo "Upgrading cert-manager Helm release to ${CURRENT_VERSION}..." -"${REPO_ROOT}/devel/addon/certmanager/install.sh" +helm upgrade \ + --install \ + --wait \ + --namespace "${NAMESPACE}" \ + --set installCRDs=true \ + --create-namespace \ + --version "${CURRENT_VERSION}" \ + "$RELEASE_NAME" \ + "$REPO_ROOT/bazel-bin/deploy/charts/cert-manager/cert-manager.tgz" # Wait for the cert-manager api to be available kubectl cert-manager check api --wait=1m -v @@ -85,13 +117,17 @@ kubectl cert-manager check api --wait=1m -v # Test that the existing cert-manager resources can still be retrieved kubectl get issuer/selfsigned-issuer cert/test1 +echo "Creating some cert-manager resources.." + # # Create another certificate kubectl apply -f "${REPO_ROOT}/test/fixtures/cert-manager-resources.yaml" --selector=test="second" # Ensure cert becomes ready kubectl wait --for=condition=Ready cert/test2 --timeout=180s -# 1. UNINSTALL HELM RELEASE +# 3. UNINSTALL HELM RELEASE +echo "Uninstalling the Helm release.." + kubectl delete \ -f "${REPO_ROOT}/test/fixtures/cert-manager-resources.yaml" @@ -108,6 +144,8 @@ kubectl delete "namespace/${NAMESPACE}" \ # 1. INSTALL THE LATEST PUBLISHED RELEASE WITH STATIC MANIFESTS +echo "Testing cert-manager upgrade from ${LATEST_RELEASE} to ${CURRENT_VERSION} with static manifests.." + echo "Install cert-manager ${LATEST_RELEASE} using static manifests.." kubectl apply \ -f "https://github.com/jetstack/cert-manager/releases/download/${LATEST_RELEASE}/cert-manager.yaml" \ @@ -134,23 +172,6 @@ echo "Install cert-manager ${CURRENT_VERSION} using static manifests.." # Build the static manifests bazel build //deploy/manifests -# TODO: refactor this functionality here and in -# devel/addon/certmanager/install.sh so it can be reused. -# Tag images with APP_VERSION for consistency with devel/addon/certmanager/install.sh. -export APP_VERSION="$(date +"%s")" -# Build cert-manager images. -bazel run --stamp=true \ - --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 \ - "//devel/addon/certmanager:bundle" - -# Load all images into the cluster -load_image "quay.io/jetstack/cert-manager-controller:${APP_VERSION}" & -load_image "quay.io/jetstack/cert-manager-acmesolver:${APP_VERSION}" & -load_image "quay.io/jetstack/cert-manager-cainjector:${APP_VERSION}" & -load_image "quay.io/jetstack/cert-manager-webhook:${APP_VERSION}" & -load_image "quay.io/jetstack/cert-manager-ctl:${APP_VERSION}" & -wait - # Overwrite image tags in the static manifests and deploy. ytt -f "${REPO_ROOT}/test/fixtures/upgrade/overlay/controller-ops.yaml" \ -f "${REPO_ROOT}/test/fixtures/upgrade/overlay/cainjector-ops.yaml" \ @@ -178,12 +199,16 @@ kubectl cert-manager check api --wait=1m -v # Test that the existing cert-manager resources can still be retrieved kubectl get issuer/selfsigned-issuer cert/test1 +echo "Creating some cert-manager resources.." + # # Create another certificate kubectl apply -f "${REPO_ROOT}/test/fixtures/cert-manager-resources.yaml" --selector=test="second" # Ensure cert becomes ready kubectl wait --for=condition=Ready cert/test2 --timeout=180s +echo "Uninstalling cert-manager.." + # 3. UNINSTALL kubectl delete \ -f "${REPO_ROOT}/bazel-bin/deploy/manifests/cert-manager.yaml" \