Built tools: Update install with Allocation certs

Add `update-allocation-certs` to the development tooling to be run after `make install` to provide a target to generate and store certificates for the Allocation gRPC endpoint.
googleforgames · Oct 27, 2020 · c8048e8 · c8048e8
1 parent e3d62c7
commit c8048e8
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -30,6 +30,7 @@ terraform.tfvars
 terraform.tfstate*
 kubeconfig
 build/local-includes/*
+build/allocation
 !build/local-includes/README.md
 /release
 debug.test

diff --git a/build/Makefile b/build/Makefile
@@ -299,6 +299,7 @@ install: ALLOCATOR_SERVICE_TYPE := "LoadBalancer"
 install: CRD_CLEANUP := true
 install: LOG_LEVEL := "debug"
 install: FEATURE_GATES ?= $(ALPHA_FEATURE_GATES)
+install: HELM_ARGS ?=
 install: $(ensure-build-image) install-custom-pull-secret
 	$(DOCKER_RUN) \
 		helm upgrade --install --wait --namespace=agones-system \
@@ -311,8 +312,18 @@ install: $(ensure-build-image) install-custom-pull-secret
 		--set agones.controller.logLevel=$(LOG_LEVEL) \
 		--set agones.crds.cleanupOnDelete=$(CRD_CLEANUP) \
 		--set agones.featureGates=$(FEATURE_GATES) \
+		$(HELM_ARGS) \
 		agones $(mount_path)/install/helm/agones/
 
+update-allocation-certs: EXTERNAL_IP ?= $(shell $(DOCKER_RUN) kubectl get services agones-allocator -n agones-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+update-allocation-certs: NAMESPACE ?= default
+update-allocation-certs:
+	-mkdir -p $(agones_path)/build/allocation
+	$(MAKE) install HELM_ARGS="--set agones.allocator.http.loadBalancerIP=$(EXTERNAL_IP)"
+	$(DOCKER_RUN) bash -c 'kubectl get secret allocator-client.default -n default -ojsonpath="{.data.tls\.crt}" | base64 -d > $(mount_path)/build/allocation/client.crt'
+	$(DOCKER_RUN) bash -c 'kubectl get secret allocator-client.default -n default -ojsonpath="{.data.tls\.key}" | base64 -d > $(mount_path)/build/allocation/client.key'
+	$(DOCKER_RUN) bash -c 'kubectl get secret allocator-tls-ca -n agones-system -ojsonpath="{.data.tls-ca\.crt}" | base64 -d > $(mount_path)/build/allocation/ca.crt'
+
 uninstall: $(ensure-build-image)
 	$(DOCKER_RUN) \
 		helm uninstall agones --namespace=agones-system

diff --git a/build/README.md b/build/README.md
@@ -63,6 +63,7 @@ Table of Contents
      * [Google Cloud Platform](#google-cloud-platform)
         * [make gcloud-init](#make-gcloud-init)
         * [make gcloud-test-cluster](#make-gcloud-test-cluster)
+        * [make gcloud-test-cluster-allocation-certs](#gcloud-test-cluster-allocation-certs)
         * [make clean-gcloud-test-cluster](#make-clean-gcloud-test-cluster)
         * [make gcloud-auth-cluster](#make-gcloud-auth-cluster)
         * [make gcloud-auth-docker](#make-gcloud-auth-docker)
@@ -470,6 +471,12 @@ Installs the current development version of Agones into the Kubernetes cluster
 #### `make uninstall`
 Removes Agones from the Kubernetes cluster
 
+#### `make update-allocation-certs`
+Updates the Agones installation with the IP of the Allocation LoadBalancer, thereby creating a valid certificate
+for the Allocation gRPC endpoints.
+
+The certificates are downloaded from the test kubernetes cluster and stored in ./build/allocation
+
 #### `make test-e2e`
 Runs end-to-end tests on the previously installed version of Agones.
 These tests validate Agones flow from start to finish.