From 38da0adeada1fb49a99cc2dc74fdcff4dd43cee1 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Thu, 7 Jun 2018 20:16:20 +0800 Subject: [PATCH] cert-manager: Upgrade to v0.3.0 --- README.md | 1 + roles/download/defaults/main.yml | 12 +----------- .../cert-manager-certificate-crd.yml.j2 | 2 +- .../cert-manager-clusterissuer-crd.yml.j2 | 2 +- .../templates/cert-manager-clusterrole.yml.j2 | 2 +- .../cert-manager-clusterrolebinding.yml.j2 | 2 +- .../templates/cert-manager-deploy.yml.j2 | 19 ++++++------------- .../templates/cert-manager-issuer-crd.yml.j2 | 2 +- .../templates/cert-manager-sa.yml.j2 | 2 +- 9 files changed, 14 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 0846f1f3e..dbf9a7e69 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,7 @@ Supported Components - [weave](https://github.com/weaveworks/weave) v2.3.0 - Application - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.15.0 + - [cert-manager](https://github.com/jetstack/cert-manager/releases) v0.3.0 Note: kubernetes doesn't support newer docker versions. Among other things kubelet currently breaks on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin). diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index f07d40483..2c80ffae5 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -160,11 +160,9 @@ ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/ngin ingress_nginx_controller_image_tag: "0.15.0" ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend" ingress_nginx_default_backend_image_tag: "1.4" -cert_manager_version: "v0.2.4" +cert_manager_version: "v0.3.0" cert_manager_controller_image_repo: "quay.io/jetstack/cert-manager-controller" cert_manager_controller_image_tag: "{{ cert_manager_version }}" -cert_manager_ingress_shim_image_repo: "quay.io/jetstack/cert-manager-ingress-shim" -cert_manager_ingress_shim_image_tag: "{{ cert_manager_version }}" downloads: netcheck_server: @@ -583,14 +581,6 @@ downloads: sha256: "{{ cert_manager_controller_digest_checksum|default(None) }}" groups: - kube-node - cert_manager_ingress_shim: - enabled: "{{ cert_manager_enabled }}" - container: true - repo: "{{ cert_manager_ingress_shim_image_repo }}" - tag: "{{ cert_manager_ingress_shim_image_tag }}" - sha256: "{{ cert_manager_ingress_shim_digest_checksum|default(None) }}" - groups: - - kube-node download_defaults: container: false diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-certificate-crd.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-certificate-crd.yml.j2 index 0d27800b3..3b154656f 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-certificate-crd.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-certificate-crd.yml.j2 @@ -5,7 +5,7 @@ metadata: name: certificates.certmanager.k8s.io labels: app: cert-manager - chart: cert-manager-0.2.8 + chart: cert-manager-v0.3.2 release: cert-manager heritage: Tiller spec: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterissuer-crd.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterissuer-crd.yml.j2 index 8ac64e35f..38f68cb2f 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterissuer-crd.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterissuer-crd.yml.j2 @@ -5,7 +5,7 @@ metadata: name: clusterissuers.certmanager.k8s.io labels: app: cert-manager - chart: cert-manager-0.2.8 + chart: cert-manager-v0.3.2 release: cert-manager heritage: Tiller spec: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrole.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrole.yml.j2 index ce6aa48bf..e7f7aa47b 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrole.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrole.yml.j2 @@ -5,7 +5,7 @@ metadata: name: cert-manager labels: app: cert-manager - chart: cert-manager-0.2.8 + chart: cert-manager-v0.3.2 release: cert-manager heritage: Tiller rules: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrolebinding.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrolebinding.yml.j2 index d1e26e462..6cf3c2a31 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrolebinding.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrolebinding.yml.j2 @@ -5,7 +5,7 @@ metadata: name: cert-manager labels: app: cert-manager - chart: cert-manager-0.2.8 + chart: cert-manager-v0.3.2 release: cert-manager heritage: Tiller roleRef: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-deploy.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-deploy.yml.j2 index 7fe98407b..1760ed4b8 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-deploy.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-deploy.yml.j2 @@ -6,11 +6,15 @@ metadata: namespace: {{ cert_manager_namespace }} labels: app: cert-manager - chart: cert-manager-0.2.8 + chart: cert-manager-v0.3.2 release: cert-manager heritage: Tiller spec: replicas: 1 + selector: + matchLabels: + k8s-app: cert-manager + release: cert-manager template: metadata: labels: @@ -25,6 +29,7 @@ spec: imagePullPolicy: {{ k8s_image_pull_policy }} args: - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=$(POD_NAMESPACE) env: - name: POD_NAMESPACE valueFrom: @@ -37,15 +42,3 @@ spec: limits: cpu: {{ cert_manager_cpu_limits }} memory: {{ cert_manager_memory_limits }} - - - name: ingress-shim - image: {{ cert_manager_ingress_shim_image_repo }}:{{ cert_manager_ingress_shim_image_tag }} - imagePullPolicy: {{ k8s_image_pull_policy }} - resources: - requests: - cpu: {{ cert_manager_cpu_requests }} - memory: {{ cert_manager_memory_requests }} - limits: - cpu: {{ cert_manager_cpu_limits }} - memory: {{ cert_manager_memory_limits }} - diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-issuer-crd.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-issuer-crd.yml.j2 index a11386d10..041b82559 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-issuer-crd.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-issuer-crd.yml.j2 @@ -5,7 +5,7 @@ metadata: name: issuers.certmanager.k8s.io labels: app: cert-manager - chart: cert-manager-0.2.8 + chart: cert-manager-v0.3.2 release: cert-manager heritage: Tiller spec: diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-sa.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-sa.yml.j2 index 1a67bf6a4..b96c97a2a 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-sa.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-sa.yml.j2 @@ -6,6 +6,6 @@ metadata: namespace: {{ cert_manager_namespace }} labels: app: cert-manager - chart: cert-manager-0.2.8 + chart: cert-manager-v0.3.2 release: cert-manager heritage: Tiller