It's not working
Last active
May 13, 2022 23:50
-
-
Save hash-d/151fbc9fc7df56c76c499e88b439052f to your computer and use it in GitHub Desktop.
Reproducer for #762
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| background=' | |
| apiVersion: skupper.io/v1alpha1 | |
| kind: SkupperClusterPolicy | |
| metadata: | |
| name: background-policy | |
| spec: | |
| namespaces: | |
| - "*" | |
| allowIncomingLinks: true | |
| allowedExposedResources: | |
| - "*" | |
| allowedOutgoingLinksHostnames: [] | |
| allowedServices: | |
| - "*" | |
| ' | |
| host_policy () { | |
| cat <<EOF | |
| apiVersion: skupper.io/v1alpha1 | |
| kind: SkupperClusterPolicy | |
| metadata: | |
| name: hostnames-policy | |
| spec: | |
| namespaces: | |
| - "*" | |
| allowedOutgoingLinksHostnames: | |
| - "$1" | |
| - "$2" | |
| EOF | |
| } | |
| # Apply CRD, background policy, and initial hostname policy | |
| kubectl apply -f api/types/crds/skupper_cluster_policy_crd.yaml | |
| echo "$background" | kubectl apply -f - | |
| host_policy '*' '.*' | kubectl create -f - | |
| echo "Waiting for policy to stabilize" | |
| sleep 6 | |
| oc get skupperclusterpolicies.skupper.io hostnames-policy -o yaml | |
| kubectl create namespace pub | |
| skupper init --namespace pub | |
| skupper token create /tmp/pub.token --namespace pub | |
| kubectl create namespace prv | |
| skupper init --namespace prv --router-mode edge | |
| oc get skupperclusterpolicies.skupper.io hostnames-policy -o yaml | |
| skupper link create /tmp/pub.token --name hostnames --namespace prv | |
| echo "Waiting for the link to be up" | |
| sleep 10 | |
| edge=$( kubectl get secret hostnames --namespace prv -o json | jq -r '.metadata.annotations["edge-host"]' ) | |
| router=$( kubectl get secret hostnames --namespace prv -o json | jq -r '.metadata.annotations["inter-router-host"]' ) | |
| claim=$( kubectl get secret hostnames -o json | jq -r '.metadata.annotations["skupper.io/url"]' | sed 's_^.*://\(.*\):.*_\1_' ) | |
| echo "Edge: $edge" | |
| echo "Router: $router" | |
| echo "Claim: $claim" | |
| while true | |
| do | |
| echo "Removing authorization" | |
| try=0 | |
| host_policy "^testing$" "asdf" | kubectl replace -f - | sed 's/^/ /' | |
| sleep 10 | |
| while true | |
| do | |
| let try+=1 | |
| echo " Attempt $try" | |
| output=$( skupper link status hostnames --namespace prv ) | |
| echo "$output" | sed 's/^/ /' | |
| echo "$output" | sed 's/^/**/' | grep 'Link hostnames not active' && break | |
| if [ "$try" -ge 10 ] | |
| then | |
| echo "Too many retries; giving up this cycle" | |
| break | |
| fi | |
| done | |
| echo "Readding authorization" | |
| try=0 | |
| host_policy "$claim" "$router" | sed 's/^/ /' | |
| host_policy "$claim" "$router" | kubectl replace -f - | sed 's/^/ /' | |
| sleep 10 | |
| while true | |
| do | |
| let try+=1 | |
| echo " Attempt $try" | |
| output=$( skupper link status hostnames --namespace prv ) | |
| echo "$output" | sed 's/^/ /' | |
| echo "$output" | sed 's/^/**/' | grep 'Link hostnames is active' && break | |
| if [ "$try" -ge 10 ] | |
| then | |
| echo "Too many retries; giving up this cycle" | |
| break | |
| fi | |
| done | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment