Fix cert recreation

vulkoingim · roboquat · commit a6e5622035c0 · 2022-10-12T11:43:27.000+02:00
diff --git a/.werft/util/certs.ts b/.werft/util/certs.ts
@@ -14,6 +14,19 @@ export class InstallCertificateParams {
 
 export async function certReady(werft: Werft, config: JobConfig, slice: string): Promise<boolean> {
     const certName = `harvester-${config.previewEnvironment.destname}`;
+    const cpu = config.withLargeVM ? 12 : 6;
+    const memory = config.withLargeVM ? 24 : 12;
+
+    // set some common vars for TF
+    // We pass the GCP credentials explicitly, otherwise for some reason TF doesn't pick them up
+    const commonVars = `GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
+                        GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
+                        TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
+                        TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
+                        TF_VAR_preview_name=${config.previewEnvironment.destname} \
+                        TF_VAR_vm_cpu=${cpu} \
+                        TF_VAR_vm_memory=${memory}Gi \
+                        TF_VAR_vm_storage_class="longhorn-gitpod-k3s-202209251218-onereplica"`
 
     if (isCertReady(certName)){
         werft.log(slice, `Certificate ready`);
@@ -23,21 +36,17 @@ export async function certReady(werft: Werft, config: JobConfig, slice: string):
     const maxAttempts = 5
     var certReady = false
     for (var i = 1;i<=maxAttempts;i++) {
-        werft.log(slice, `Creating cert: Attempt ${i}`);
-        exec(`GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                        GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                        TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
-                        TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
-                        TF_VAR_preview_name=${config.previewEnvironment.destname} \
-                        TF_CLI_ARGS_plan="-replace=kubernetes_manifest.cert" \
-                        ./dev/preview/workflow/preview/deploy-harvester.sh`,
-            {slice: slice})
-
         werft.log(slice, `Checking for cert readiness: Attempt ${i}`);
         if (waitCertReady(certName)) {
             certReady = true;
             break;
         }
+
+        werft.log(slice, `Creating cert: Attempt ${i}`);
+        exec(`${commonVars} \
+                        TF_CLI_ARGS_plan="-replace=kubernetes_manifest.cert" \
+                        ./dev/preview/workflow/preview/deploy-harvester.sh`,
+            {slice: slice})
     }
 
     if (!certReady) {
diff --git a/dev/preview/infrastructure/harvester/variables.tf b/dev/preview/infrastructure/harvester/variables.tf
@@ -15,19 +15,18 @@ variable "dev_kube_path" {
 
 variable "vm_memory" {
   type        = string
-  default     = "2Gi"
+  default     = "12Gi"
   description = "Memory for the VM"
 }
 
 variable "vm_cpu" {
   type        = number
-  default     = 2
+  default     = 6
   description = "CPU for the VM"
 }
 
 variable "vm_storage_class" {
   type        = string
-  default     = "longhorn-gitpod-k3s-202209251218-onereplica"
   description = "The storage class for the VM"
 }
 

Original file line number	Diff line number	Diff line change
`@@ -15,19 +15,18 @@ variable "dev_kube_path" {`
`15`	`15`
`16`	`16`	`variable "vm_memory" {`
`17`	`17`	`type = string`
`18`		`- default = "2Gi"`
	`18`	`+ default = "12Gi"`
`19`	`19`	`description = "Memory for the VM"`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`variable "vm_cpu" {`
`23`	`23`	`type = number`
`24`		`- default = 2`
	`24`	`+ default = 6`
`25`	`25`	`description = "CPU for the VM"`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`variable "vm_storage_class" {`
`29`	`29`	`type = string`
`30`		`- default = "longhorn-gitpod-k3s-202209251218-onereplica"`
`31`	`30`	`description = "The storage class for the VM"`
`32`	`31`	`}`
`33`	`32`