From f34a6699efab9e78aa090332cbb9a85bde652991 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Mon, 17 Sep 2018 16:58:04 +0800 Subject: [PATCH] cert-manager: Upgrade to 0.5.0 Upstream Changes: - cert-manager 0.5.0 (https://github.com/jetstack/cert-manager/releases/tag/v0.5.0) Our Changes: - Templates sync with upstream manifests --- README.md | 2 +- roles/download/defaults/main.yml | 2 +- .../cert_manager/templates/00-namespace.yml.j2 | 1 + .../templates/clusterrole-cert-manager.yml.j2 | 9 ++------- .../templates/clusterrolebinding-cert-manager.yml.j2 | 2 +- .../cert_manager/templates/crd-certificate.yml.j2 | 4 +++- .../cert_manager/templates/crd-clusterissuer.yml.j2 | 4 +++- .../cert_manager/templates/crd-issuer.yml.j2 | 4 +++- .../cert_manager/templates/deploy-cert-manager.yml.j2 | 2 +- .../cert_manager/templates/sa-cert-manager.yml.j2 | 2 +- 10 files changed, 17 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 59686019f..04992cc66 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,7 @@ Supported Components - [weave](https://github.com/weaveworks/weave) v2.4.0 - Application - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11 - - [cert-manager](https://github.com/jetstack/cert-manager) v0.4.1 + - [cert-manager](https://github.com/jetstack/cert-manager) v0.5.0 - [coredns](https://github.com/coredns/coredns) v1.2.2 - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.19.0 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 5c1ca3f4e..9f01cf08b 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -164,7 +164,7 @@ ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/ngin ingress_nginx_controller_image_tag: "0.19.0" ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend" ingress_nginx_default_backend_image_tag: "1.4" -cert_manager_version: "v0.4.1" +cert_manager_version: "v0.5.0" cert_manager_controller_image_repo: "quay.io/jetstack/cert-manager-controller" cert_manager_controller_image_tag: "{{ cert_manager_version }}" diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2 index 7cf3a282d..fef90aed6 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2 @@ -5,3 +5,4 @@ metadata: name: {{ cert_manager_namespace }} labels: name: {{ cert_manager_namespace }} + certmanager.k8s.io/disable-validation: "true" diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2 index 0ce11fb9b..b8b6251fa 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2 @@ -5,7 +5,7 @@ metadata: name: cert-manager labels: app: cert-manager - chart: cert-manager-v0.4.1 + chart: cert-manager-v0.5.0 release: cert-manager heritage: Tiller rules: @@ -13,12 +13,7 @@ rules: resources: ["certificates", "issuers", "clusterissuers"] verbs: ["*"] - apiGroups: [""] - # TODO: remove endpoints once 0.4 is released. We include it here in case - # users use the 'master' version of the Helm chart with a 0.2.x release of - # cert-manager that still performs leader election with Endpoint resources. - # We advise users don't do this, but some will anyway and this will reduce - # friction. - resources: ["endpoints", "configmaps", "secrets", "events", "services", "pods"] + resources: ["configmaps", "secrets", "events", "services", "pods"] verbs: ["*"] - apiGroups: ["extensions"] resources: ["ingresses"] diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2 index 7dd567fd9..95cdeb525 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2 @@ -5,7 +5,7 @@ metadata: name: cert-manager labels: app: cert-manager - chart: cert-manager-v0.4.1 + chart: cert-manager-v0.5.0 release: cert-manager heritage: Tiller roleRef: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 index a1663c64d..2d9a5c1f9 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 @@ -3,9 +3,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: certificates.certmanager.k8s.io + annotations: + "helm.sh/hook": crd-install labels: app: cert-manager - chart: cert-manager-v0.4.1 + chart: cert-manager-v0.5.0 release: cert-manager heritage: Tiller spec: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2 index 869d4d260..53d65e4bc 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2 @@ -3,9 +3,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: clusterissuers.certmanager.k8s.io + annotations: + "helm.sh/hook": crd-install labels: app: cert-manager - chart: cert-manager-v0.4.1 + chart: cert-manager-v0.5.0 release: cert-manager heritage: Tiller spec: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2 index 1946b81bf..7a19c7ede 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2 @@ -3,9 +3,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: issuers.certmanager.k8s.io + annotations: + "helm.sh/hook": crd-install labels: app: cert-manager - chart: cert-manager-v0.4.1 + chart: cert-manager-v0.5.0 release: cert-manager heritage: Tiller spec: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 index 2bcf5c701..1fedf42a2 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 @@ -6,7 +6,7 @@ metadata: namespace: {{ cert_manager_namespace }} labels: app: cert-manager - chart: cert-manager-v0.4.1 + chart: cert-manager-v0.5.0 release: cert-manager heritage: Tiller spec: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2 index c5270e88b..f73fd0c34 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2 @@ -6,6 +6,6 @@ metadata: namespace: {{ cert_manager_namespace }} labels: app: cert-manager - chart: cert-manager-v0.4.1 + chart: cert-manager-v0.5.0 release: cert-manager heritage: Tiller