[cert-manager] Upgrade to v1.10.1 (#9512)

This commit is contained in:
rtsp 2022-11-29 22:17:26 +07:00 committed by GitHub
parent 47510899c7
commit 529faeea9e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 1731 additions and 1643 deletions

View file

@ -156,7 +156,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [weave](https://github.com/weaveworks/weave) v2.8.1 - [weave](https://github.com/weaveworks/weave) v2.8.1
- [kube-vip](https://github.com/kube-vip/kube-vip) v0.5.5 - [kube-vip](https://github.com/kube-vip/kube-vip) v0.5.5
- Application - Application
- [cert-manager](https://github.com/jetstack/cert-manager) v1.9.1 - [cert-manager](https://github.com/jetstack/cert-manager) v1.10.1
- [coredns](https://github.com/coredns/coredns) v1.9.3 - [coredns](https://github.com/coredns/coredns) v1.9.3
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.4.0 - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.4.0
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.3 - [krew](https://github.com/kubernetes-sigs/krew) v0.4.3

View file

@ -1044,7 +1044,7 @@ ingress_nginx_kube_webhook_certgen_imae_repo: "{{ kube_image_repo }}/ingress-ngi
ingress_nginx_kube_webhook_certgen_imae_tag: "v1.3.0" ingress_nginx_kube_webhook_certgen_imae_tag: "v1.3.0"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller" alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.9" alb_ingress_image_tag: "v1.1.9"
cert_manager_version: "v1.9.1" cert_manager_version: "v1.10.1"
cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller" cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller"
cert_manager_controller_image_tag: "{{ cert_manager_version }}" cert_manager_controller_image_tag: "{{ cert_manager_version }}"
cert_manager_cainjector_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-cainjector" cert_manager_cainjector_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-cainjector"

View file

@ -1,4 +1,4 @@
# Copyright 2021 The cert-manager Authors. # Copyright 2022 The cert-manager Authors.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -856,8 +856,10 @@ spec:
serviceAccountName: cert-manager-cainjector serviceAccountName: cert-manager-cainjector
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: cert-manager - name: cert-manager-cainjector
image: "{{ cert_manager_cainjector_image_repo }}:{{ cert_manager_cainjector_image_tag }}" image: "{{ cert_manager_cainjector_image_repo }}:{{ cert_manager_cainjector_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
args: args:
@ -871,7 +873,8 @@ spec:
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: ['ALL'] drop:
- ALL
runAsNonRoot: true runAsNonRoot: true
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -933,10 +936,11 @@ spec:
spec: spec:
serviceAccountName: cert-manager serviceAccountName: cert-manager
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: cert-manager - name: cert-manager-controller
image: "{{ cert_manager_controller_image_repo }}:{{ cert_manager_controller_image_tag }}" image: "{{ cert_manager_controller_image_repo }}:{{ cert_manager_controller_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
args: args:
@ -950,7 +954,8 @@ spec:
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: ['ALL'] drop:
- ALL
runAsNonRoot: true runAsNonRoot: true
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -1014,8 +1019,10 @@ spec:
serviceAccountName: cert-manager-webhook serviceAccountName: cert-manager-webhook
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: cert-manager - name: cert-manager-webhook
image: "{{ cert_manager_webhook_image_repo }}:{{ cert_manager_webhook_image_tag }}" image: "{{ cert_manager_webhook_image_repo }}:{{ cert_manager_webhook_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
args: args:
@ -1023,11 +1030,16 @@ spec:
- --secure-port=10250 - --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
- --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.$(POD_NAMESPACE),cert-manager-webhook.$(POD_NAMESPACE).svc - --dynamic-serving-dns-names=cert-manager-webhook
- --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)
- --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc
ports: ports:
- name: https - name: https
protocol: TCP protocol: TCP
containerPort: 10250 containerPort: 10250
- name: healthcheck
protocol: TCP
containerPort: 6080
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /livez path: /livez
@ -1051,7 +1063,8 @@ spec:
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: ['ALL'] drop:
- ALL
runAsNonRoot: true runAsNonRoot: true
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault