[preview] retry installing trust-manager

kylos101 · kylos101 · commit 0aee955eabc9 · 2023-04-28T18:20:02.000Z
And use trust-manager from the packer image
diff --git a/dev/preview/infrastructure/modules/gce/vm.tf b/dev/preview/infrastructure/modules/gce/vm.tf
@@ -69,10 +69,17 @@ data "kubernetes_secret" "harvester-k3s-dockerhub-pull-account" {
 }
 
 locals {
-  startup_script = templatefile("${path.module}/../../scripts/bootstrap-k3s.sh", {
+  bootstrap_script = templatefile("${path.module}/../../scripts/bootstrap-k3s.sh", {
     vm_name = var.preview_name
   })
 
+  trustmanager_script = file("${path.module}/../../scripts/install-trustmanager.sh")
+
+  startup_script = <<-EOT
+    ${local.bootstrap_script}
+    ${local.trustmanager_script}
+  EOT
+
   cloudinit_user_data = templatefile("${path.module}/cloudinit.yaml", {
     dockerhub_user      = data.kubernetes_secret.harvester-k3s-dockerhub-pull-account.data["username"]
     dockerhub_passwd    = data.kubernetes_secret.harvester-k3s-dockerhub-pull-account.data["password"]
diff --git a/dev/preview/infrastructure/scripts/install-trustmanager.sh b/dev/preview/infrastructure/scripts/install-trustmanager.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -eo pipefail
+
+logger -t install-trustmanager "Starting to install trust manager"
+
+kubectl apply -f /var/lib/gitpod/manifests/trust-manager.yaml --wait=false
+
+logger -t install-trustmanager "Trust manager applied"
+
+# shellcheck disable=SC2016
+timeout 5m bash -c '
+while [[ -z $(kubectl get certificate trust-manager -n cert-manager --ignore-not-found=true) ]]
+do
+    logger -t install-trustmanager "Sleeping 5 seconds..."
+    sleep 5
+    kubectl apply -f /var/lib/gitpod/manifests/trust-manager.yaml
+done
+'
+
+kubectl wait --for=condition=Available --timeout=300s deployment -n cert-manager trust-manager
+
+logger -t install-trustmanager "Finishing installing trust manager"
diff --git a/dev/preview/workflow/preview/deploy-gitpod.sh b/dev/preview/workflow/preview/deploy-gitpod.sh
@@ -179,23 +179,6 @@ function installFluentBit {
       upgrade --install fluent-bit fluent/fluent-bit --version 0.21.6 -n "${PREVIEW_NAMESPACE}" -f "$ROOT/.werft/vm/charts/fluentbit/values.yaml"
 }
 
-function installTrustManager {
-    helm3 \
-      --kubeconfig "${PREVIEW_K3S_KUBE_PATH}" \
-      --kube-context "${PREVIEW_K3S_KUBE_CONTEXT}" \
-      repo add jetstack https://charts.jetstack.io
-
-    helm3 \
-      --kubeconfig "${PREVIEW_K3S_KUBE_PATH}" \
-      --kube-context "${PREVIEW_K3S_KUBE_CONTEXT}" \
-      repo update
-
-    helm3 \
-      --kubeconfig "${PREVIEW_K3S_KUBE_PATH}" \
-      --kube-context "${PREVIEW_K3S_KUBE_CONTEXT}" \
-      upgrade --install --namespace cert-manager trust-manager jetstack/trust-manager --wait
-}
-
 # ====================================
 # Prerequisites
 # ====================================
@@ -218,7 +201,6 @@ done
 copyImagePullSecret
 installRookCeph
 installFluentBit
-installTrustManager
 
 # ========
 # Init
