From f34a6699efab9e78aa090332cbb9a85bde652991 Mon Sep 17 00:00:00 2001
From: Wong Hoi Sing Edison <hswong3i@gmail.com>
Date: Mon, 17 Sep 2018 16:58:04 +0800
Subject: [PATCH] cert-manager: Upgrade to 0.5.0
Upstream Changes:
- cert-manager 0.5.0 (https://github.com/jetstack/cert-manager/releases/tag/v0.5.0)
Our Changes:
- Templates sync with upstream manifests
---
README.md | 2 +-
roles/download/defaults/main.yml | 2 +-
.../cert_manager/templates/00-namespace.yml.j2 | 1 +
.../templates/clusterrole-cert-manager.yml.j2 | 9 ++-------
.../templates/clusterrolebinding-cert-manager.yml.j2 | 2 +-
.../cert_manager/templates/crd-certificate.yml.j2 | 4 +++-
.../cert_manager/templates/crd-clusterissuer.yml.j2 | 4 +++-
.../cert_manager/templates/crd-issuer.yml.j2 | 4 +++-
.../cert_manager/templates/deploy-cert-manager.yml.j2 | 2 +-
.../cert_manager/templates/sa-cert-manager.yml.j2 | 2 +-
10 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/README.md b/README.md
index 59686019f..04992cc66 100644
--- a/README.md
+++ b/README.md
@@ -114,7 +114,7 @@ Supported Components
- [weave](https://github.com/weaveworks/weave) v2.4.0
- Application
- [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
- - [cert-manager](https://github.com/jetstack/cert-manager) v0.4.1
+ - [cert-manager](https://github.com/jetstack/cert-manager) v0.5.0
- [coredns](https://github.com/coredns/coredns) v1.2.2
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.19.0
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 5c1ca3f4e..9f01cf08b 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -164,7 +164,7 @@ ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/ngin
ingress_nginx_controller_image_tag: "0.19.0"
ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend"
ingress_nginx_default_backend_image_tag: "1.4"
-cert_manager_version: "v0.4.1"
+cert_manager_version: "v0.5.0"
cert_manager_controller_image_repo: "quay.io/jetstack/cert-manager-controller"
cert_manager_controller_image_tag: "{{ cert_manager_version }}"
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2
index 7cf3a282d..fef90aed6 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2
@@ -5,3 +5,4 @@ metadata:
name: {{ cert_manager_namespace }}
labels:
name: {{ cert_manager_namespace }}
+ certmanager.k8s.io/disable-validation: "true"
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2
index 0ce11fb9b..b8b6251fa 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2
@@ -5,7 +5,7 @@ metadata:
name: cert-manager
labels:
app: cert-manager
- chart: cert-manager-v0.4.1
+ chart: cert-manager-v0.5.0
release: cert-manager
heritage: Tiller
rules:
@@ -13,12 +13,7 @@ rules:
resources: ["certificates", "issuers", "clusterissuers"]
verbs: ["*"]
- apiGroups: [""]
- # TODO: remove endpoints once 0.4 is released. We include it here in case
- # users use the 'master' version of the Helm chart with a 0.2.x release of
- # cert-manager that still performs leader election with Endpoint resources.
- # We advise users don't do this, but some will anyway and this will reduce
- # friction.
- resources: ["endpoints", "configmaps", "secrets", "events", "services", "pods"]
+ resources: ["configmaps", "secrets", "events", "services", "pods"]
verbs: ["*"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2
index 7dd567fd9..95cdeb525 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2
@@ -5,7 +5,7 @@ metadata:
name: cert-manager
labels:
app: cert-manager
- chart: cert-manager-v0.4.1
+ chart: cert-manager-v0.5.0
release: cert-manager
heritage: Tiller
roleRef:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2
index a1663c64d..2d9a5c1f9 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2
@@ -3,9 +3,11 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: certificates.certmanager.k8s.io
+ annotations:
+ "helm.sh/hook": crd-install
labels:
app: cert-manager
- chart: cert-manager-v0.4.1
+ chart: cert-manager-v0.5.0
release: cert-manager
heritage: Tiller
spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2
index 869d4d260..53d65e4bc 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2
@@ -3,9 +3,11 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterissuers.certmanager.k8s.io
+ annotations:
+ "helm.sh/hook": crd-install
labels:
app: cert-manager
- chart: cert-manager-v0.4.1
+ chart: cert-manager-v0.5.0
release: cert-manager
heritage: Tiller
spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2
index 1946b81bf..7a19c7ede 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2
@@ -3,9 +3,11 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: issuers.certmanager.k8s.io
+ annotations:
+ "helm.sh/hook": crd-install
labels:
app: cert-manager
- chart: cert-manager-v0.4.1
+ chart: cert-manager-v0.5.0
release: cert-manager
heritage: Tiller
spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
index 2bcf5c701..1fedf42a2 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
@@ -6,7 +6,7 @@ metadata:
namespace: {{ cert_manager_namespace }}
labels:
app: cert-manager
- chart: cert-manager-v0.4.1
+ chart: cert-manager-v0.5.0
release: cert-manager
heritage: Tiller
spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2
index c5270e88b..f73fd0c34 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2
@@ -6,6 +6,6 @@ metadata:
namespace: {{ cert_manager_namespace }}
labels:
app: cert-manager
- chart: cert-manager-v0.4.1
+ chart: cert-manager-v0.5.0
release: cert-manager
heritage: Tiller
--
GitLab