[cert-manager] Upgrade to v1.10.1 (#9512)
This commit is contained in:
rtsp
GitHub
parent
47510899c7
commit
529faeea9e
4 changed files with 1731 additions and 1643 deletions
|
|
@ -156,7 +156,7 @@ Note: Upstart/SysV init based OS types are not supported.
|
||||||
- [weave](https://github.com/weaveworks/weave) v2.8.1
|
- [weave](https://github.com/weaveworks/weave) v2.8.1
|
||||||
- [kube-vip](https://github.com/kube-vip/kube-vip) v0.5.5
|
- [kube-vip](https://github.com/kube-vip/kube-vip) v0.5.5
|
||||||
- Application
|
- Application
|
||||||
- [cert-manager](https://github.com/jetstack/cert-manager) v1.9.1
|
- [cert-manager](https://github.com/jetstack/cert-manager) v1.10.1
|
||||||
- [coredns](https://github.com/coredns/coredns) v1.9.3
|
- [coredns](https://github.com/coredns/coredns) v1.9.3
|
||||||
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.4.0
|
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.4.0
|
||||||
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.3
|
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.3
|
||||||
|
|
|
||||||
|
|
@ -1044,7 +1044,7 @@ ingress_nginx_kube_webhook_certgen_imae_repo: "{{ kube_image_repo }}/ingress-ngi
|
||||||
ingress_nginx_kube_webhook_certgen_imae_tag: "v1.3.0"
|
ingress_nginx_kube_webhook_certgen_imae_tag: "v1.3.0"
|
||||||
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
|
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
|
||||||
alb_ingress_image_tag: "v1.1.9"
|
alb_ingress_image_tag: "v1.1.9"
|
||||||
cert_manager_version: "v1.9.1"
|
cert_manager_version: "v1.10.1"
|
||||||
cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller"
|
cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller"
|
||||||
cert_manager_controller_image_tag: "{{ cert_manager_version }}"
|
cert_manager_controller_image_tag: "{{ cert_manager_version }}"
|
||||||
cert_manager_cainjector_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-cainjector"
|
cert_manager_cainjector_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-cainjector"
|
||||||
|
|
|
||||||
File diff suppressed because it is too large
Load diff
|
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2021 The cert-manager Authors.
|
# Copyright 2022 The cert-manager Authors.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
|
@ -856,8 +856,10 @@ spec:
|
||||||
serviceAccountName: cert-manager-cainjector
|
serviceAccountName: cert-manager-cainjector
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
containers:
|
containers:
|
||||||
- name: cert-manager
|
- name: cert-manager-cainjector
|
||||||
image: "{{ cert_manager_cainjector_image_repo }}:{{ cert_manager_cainjector_image_tag }}"
|
image: "{{ cert_manager_cainjector_image_repo }}:{{ cert_manager_cainjector_image_tag }}"
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
args:
|
args:
|
||||||
|
|
@ -871,7 +873,8 @@ spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
capabilities:
|
capabilities:
|
||||||
drop: ['ALL']
|
drop:
|
||||||
|
- ALL
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
|
|
@ -933,10 +936,11 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: cert-manager
|
serviceAccountName: cert-manager
|
||||||
securityContext:
|
securityContext:
|
||||||
|
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
containers:
|
containers:
|
||||||
- name: cert-manager
|
- name: cert-manager-controller
|
||||||
image: "{{ cert_manager_controller_image_repo }}:{{ cert_manager_controller_image_tag }}"
|
image: "{{ cert_manager_controller_image_repo }}:{{ cert_manager_controller_image_tag }}"
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
args:
|
args:
|
||||||
|
|
@ -950,7 +954,8 @@ spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
capabilities:
|
capabilities:
|
||||||
drop: ['ALL']
|
drop:
|
||||||
|
- ALL
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
|
|
@ -1014,8 +1019,10 @@ spec:
|
||||||
serviceAccountName: cert-manager-webhook
|
serviceAccountName: cert-manager-webhook
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
containers:
|
containers:
|
||||||
- name: cert-manager
|
- name: cert-manager-webhook
|
||||||
image: "{{ cert_manager_webhook_image_repo }}:{{ cert_manager_webhook_image_tag }}"
|
image: "{{ cert_manager_webhook_image_repo }}:{{ cert_manager_webhook_image_tag }}"
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
args:
|
args:
|
||||||
|
|
@ -1023,11 +1030,16 @@ spec:
|
||||||
- --secure-port=10250
|
- --secure-port=10250
|
||||||
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
|
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
|
||||||
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
|
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
|
||||||
- --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.$(POD_NAMESPACE),cert-manager-webhook.$(POD_NAMESPACE).svc
|
- --dynamic-serving-dns-names=cert-manager-webhook
|
||||||
|
- --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)
|
||||||
|
- --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc
|
||||||
ports:
|
ports:
|
||||||
- name: https
|
- name: https
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
containerPort: 10250
|
containerPort: 10250
|
||||||
|
- name: healthcheck
|
||||||
|
protocol: TCP
|
||||||
|
containerPort: 6080
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /livez
|
path: /livez
|
||||||
|
|
@ -1051,7 +1063,8 @@ spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
capabilities:
|
capabilities:
|
||||||
drop: ['ALL']
|
drop:
|
||||||
|
- ALL
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue