maelvls · June 9, 2021 09:39
diff --git a/cert-manager-upgrade-test b/cert-manager-upgrade-test
 #! /usr/bin/env bash
 set -ueo pipefail

 FROM=
 TO=
 MODE=helm-without-crds

 help() {
  cat <<EOF
 The cert-manager teams does upgrade tests with various upgrade modes.
 Usage:

  $(basename "$0") v1.2.1 v1.3.0 [--mode=MODE]

 where MODE can be one of:

  helm-without-crds        Upgrade using Helm with installCRDs=false (default)
  helm-with-crds           Upgrade using Helm with installCRDs=true.
  plain-manifests          Upgrade using the plain manifests.
 EOF
  exit
 }

 pos_args=()
 while [ $# -ne 0 ]; do
  case "$1" in
  -h | --help)
    help
    exit 0
    ;;
  --mode)
    if [ $# -lt 2 ]; then
      echo "$1 requires an argument, try one of [helm-without-crds, helm-with-crds, plain-manifests]" >&2
      exit 124
    fi
    case "$2" in
    helm-without-crds | helm-with-crds | plain-manifests) ;;
    *)
      echo "error: --mode $MODE not in [helm-without-crds, helm-with-crds, plain-manifests]" >&2
      exit 124
      ;;
    esac
    MODE="$2"
    echo "Mode: $MODE"
    shift
    ;;
  --*)
    echo "error: flag $1 does not exist" >&2
    exit 124
    ;;
  *)
    pos_args+=("$1")
    ;;
  esac
  shift
 done
 if [ ${#pos_args[@]} -ne 2 ]; then
  echo "usage: $(basename "$0") v1.2.1 v1.3.0" >&2
  exit 124
 fi
 FROM=${pos_args[0]}
 TO=${pos_args[1]}

 yel="\033[33m"
 gray="\033[90m"
 end='\033[0m'

 # color "$yel"
 color() {
  while read -r line; do
    printf "${1}%s${end}\n" "$line"
  done
 }

 uncolor() {
  sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g"
 }

 # trace ls /usr/local
 trace() {
  printf "${yel}%s${end} " "$1"
  LANG=C perl -e 'print join(" ", map { $_ =~ / / ? "\"".$_."\"" : $_} @ARGV)' -- "${@:2}" $'\n'

  # (1) First, if stdin is attached, display stdin.
  # (2) Then, run the command and print stdout/stderr.
  if ! [ -t 0 ]; then
    tee >(cat >&2) | command "$@" 2>&1 | uncolor | color "$gray" >&2
    # <-------------(1)------------> <----------------------(2)--------------------->
  else
    command "$@" 2>&1 | uncolor | color "$gray" >&2
    # <--------------------(2)--------------------->
  fi
 }

 export KUBECONFIG=/tmp/ugpradetest

 trace k3d cluster delete ugpradetest || true
 trace k3d cluster create ugpradetest

 (helm repo list | grep -q jetstack && trace helm repo update) \
  || trace helm repo add jetstack https://charts.jetstack.io

 # STEP 1: install the old version.
 TAG=$FROM

 case "$MODE" in
 helm-without-crds)
  trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
  trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=false
  ;;
 helm-with-crds)
  trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=true
  ;;
 plain-manifests)
  trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
  trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.yaml
  ;;
 esac

 trace kubectl wait --for=condition=available deploy/cert-manager-webhook --timeout=5m
 trace kubectl get deploy -owide

 # STEP 2: smoke test using a self-signed issuer.
 trace kubectl apply -f- <<EOF
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: smoketest-selfsigned-issuer
 spec:
  selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: smoketest-cert
 spec:
  secretName: smoketest-cert-tls
  commonName: smoketest-cert
  dnsNames:
  - example.com
  issuerRef:
    name: smoketest-selfsigned-issuer
    kind: Issuer
 EOF
 trace kubectl wait --for=condition=ready certificate smoketest-cert --timeout=5m

 # STEP 3: upgrade to a newer tag.
 TAG=$TO

 case "$MODE" in
 helm-without-crds)
  trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
  trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=false
  ;;
 helm-with-crds)
  trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=true
  ;;
 plain-manifests)
  trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
  trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.yaml
  ;;
 esac

 trace kubectl wait --for=condition=available deploy/cert-manager-webhook --timeout=5m
 trace kubectl get deploy -owide

 # STEP 4: smoke test the reissuance of an old certificate.

 # We use the kubectl plugin because kubectl patch can't patch the status of a
 # resource: https://github.com/kubernetes/kubernetes/issues/67455
 trace kubectl cert-manager renew smoketest-cert
 trace kubectl wait --for=condition=ready=true certificate smoketest-cert --timeout=5m
	#! /usr/bin/env bash
	set -ueo pipefail

	FROM=
	TO=
	MODE=helm-without-crds

	help() {
	cat <<EOF
	The cert-manager teams does upgrade tests with various upgrade modes.
	Usage:

	$(basename "$0") v1.2.1 v1.3.0 [--mode=MODE]

	where MODE can be one of:

	helm-without-crds Upgrade using Helm with installCRDs=false (default)
	helm-with-crds Upgrade using Helm with installCRDs=true.
	plain-manifests Upgrade using the plain manifests.
	EOF
	exit
	}

	pos_args=()
	while [ $# -ne 0 ]; do
	case "$1" in
	-h \| --help)
	help
	exit 0
	;;
	--mode)
	if [ $# -lt 2 ]; then
	echo "$1 requires an argument, try one of [helm-without-crds, helm-with-crds, plain-manifests]" >&2
	exit 124
	fi
	case "$2" in
	helm-without-crds \| helm-with-crds \| plain-manifests) ;;
	*)
	echo "error: --mode $MODE not in [helm-without-crds, helm-with-crds, plain-manifests]" >&2
	exit 124
	;;
	esac
	MODE="$2"
	echo "Mode: $MODE"
	shift
	;;
	--*)
	echo "error: flag $1 does not exist" >&2
	exit 124
	;;
	*)
	pos_args+=("$1")
	;;
	esac
	shift
	done
	if [ ${#pos_args[@]} -ne 2 ]; then
	echo "usage: $(basename "$0") v1.2.1 v1.3.0" >&2
	exit 124
	fi
	FROM=${pos_args[0]}
	TO=${pos_args[1]}

	yel="\033[33m"
	gray="\033[90m"
	end='\033[0m'

	# color "$yel"
	color() {
	while read -r line; do
	printf "${1}%s${end}\n" "$line"
	done
	}

	uncolor() {
	sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g"
	}

	# trace ls /usr/local
	trace() {
	printf "${yel}%s${end} " "$1"
	LANG=C perl -e 'print join(" ", map { $_ =~ / / ? "\"".$_."\"" : $_} @ARGV)' -- "${@:2}" $'\n'

	# (1) First, if stdin is attached, display stdin.
	# (2) Then, run the command and print stdout/stderr.
	if ! [ -t 0 ]; then
	tee >(cat >&2) \| command "$@" 2>&1 \| uncolor \| color "$gray" >&2
	# <-------------(1)------------> <----------------------(2)--------------------->
	else
	command "$@" 2>&1 \| uncolor \| color "$gray" >&2
	# <--------------------(2)--------------------->
	fi
	}

	export KUBECONFIG=/tmp/ugpradetest

	trace k3d cluster delete ugpradetest \|\| true
	trace k3d cluster create ugpradetest

	(helm repo list \| grep -q jetstack && trace helm repo update) \
	\|\| trace helm repo add jetstack https://charts.jetstack.io

	# STEP 1: install the old version.
	TAG=$FROM

	case "$MODE" in
	helm-without-crds)
	trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
	trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=false
	;;
	helm-with-crds)
	trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=true
	;;
	plain-manifests)
	trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
	trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.yaml
	;;
	esac

	trace kubectl wait --for=condition=available deploy/cert-manager-webhook --timeout=5m
	trace kubectl get deploy -owide

	# STEP 2: smoke test using a self-signed issuer.
	trace kubectl apply -f- <<EOF
	apiVersion: cert-manager.io/v1
	kind: Issuer
	metadata:
	name: smoketest-selfsigned-issuer
	spec:
	selfSigned: {}
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: smoketest-cert
	spec:
	secretName: smoketest-cert-tls
	commonName: smoketest-cert
	dnsNames:
	- example.com
	issuerRef:
	name: smoketest-selfsigned-issuer
	kind: Issuer
	EOF
	trace kubectl wait --for=condition=ready certificate smoketest-cert --timeout=5m

	# STEP 3: upgrade to a newer tag.
	TAG=$TO

	case "$MODE" in
	helm-without-crds)
	trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
	trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=false
	;;
	helm-with-crds)
	trace helm upgrade --install cert-manager jetstack/cert-manager --version $TAG --set installCRDs=true
	;;
	plain-manifests)
	trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.crds.yaml
	trace kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/$TAG/cert-manager.yaml
	;;
	esac

	trace kubectl wait --for=condition=available deploy/cert-manager-webhook --timeout=5m
	trace kubectl get deploy -owide

	# STEP 4: smoke test the reissuance of an old certificate.

	# We use the kubectl plugin because kubectl patch can't patch the status of a
	# resource: https://github.com/kubernetes/kubernetes/issues/67455
	trace kubectl cert-manager renew smoketest-cert
	trace kubectl wait --for=condition=ready=true certificate smoketest-cert --timeout=5m