mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-27 18:18:41 +00:00
[cert-manager] Update Cert-manager to v1.17.2
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This commit is contained in:
Andrei Kvapil
@@ -6,7 +6,7 @@ annotations:
|
||||
fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E
|
||||
url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg
|
||||
apiVersion: v2
|
||||
appVersion: v1.16.3
|
||||
appVersion: v1.17.2
|
||||
description: A Helm chart for cert-manager
|
||||
home: https://cert-manager.io
|
||||
icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png
|
||||
@@ -23,4 +23,4 @@ maintainers:
|
||||
name: cert-manager
|
||||
sources:
|
||||
- https://github.com/cert-manager/cert-manager
|
||||
version: v1.16.3
|
||||
version: v1.17.2
|
||||
|
||||
@@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou
|
||||
This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.
|
||||
|
||||
```bash
|
||||
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.3/cert-manager.crds.yaml
|
||||
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.crds.yaml
|
||||
```
|
||||
|
||||
To install the chart with the release name `cert-manager`:
|
||||
@@ -29,7 +29,7 @@ To install the chart with the release name `cert-manager`:
|
||||
$ helm repo add jetstack https://charts.jetstack.io --force-update
|
||||
|
||||
## Install the cert-manager helm chart
|
||||
$ helm install cert-manager --namespace cert-manager --version v1.16.3 jetstack/cert-manager
|
||||
$ helm install cert-manager --namespace cert-manager --version v1.17.2 jetstack/cert-manager
|
||||
```
|
||||
|
||||
In order to begin issuing certificates, you will need to set up a ClusterIssuer
|
||||
@@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als
|
||||
delete the previously installed CustomResourceDefinition resources:
|
||||
|
||||
```console
|
||||
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.3/cert-manager.crds.yaml
|
||||
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.crds.yaml
|
||||
```
|
||||
|
||||
## Configuration
|
||||
@@ -316,7 +316,13 @@ If not set and create is true, a name is generated using the fullname template.
|
||||
|
||||
#### **serviceAccount.annotations** ~ `object`
|
||||
|
||||
Optional additional annotations to add to the controller's Service Account.
|
||||
Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values.
|
||||
Example using templating:
|
||||
|
||||
```yaml
|
||||
annotations:
|
||||
"{{ .Chart.Name }}-helm-chart/version": "{{ .Chart.Version }}"
|
||||
```
|
||||
|
||||
#### **serviceAccount.labels** ~ `object`
|
||||
|
||||
@@ -364,17 +370,24 @@ config:
|
||||
kubernetesAPIQPS: 9000
|
||||
kubernetesAPIBurst: 9000
|
||||
numberOfConcurrentWorkers: 200
|
||||
enableGatewayAPI: true
|
||||
# Feature gates as of v1.17.0. Listed with their default values.
|
||||
# See https://cert-manager.io/docs/cli/controller/
|
||||
featureGates:
|
||||
AdditionalCertificateOutputFormats: true
|
||||
DisallowInsecureCSRUsageDefinition: true
|
||||
ExperimentalCertificateSigningRequestControllers: true
|
||||
ExperimentalGatewayAPISupport: true
|
||||
LiteralCertificateSubject: true
|
||||
SecretsFilteredCaching: true
|
||||
ServerSideApply: true
|
||||
StableCertificateRequestName: true
|
||||
UseCertificateRequestBasicConstraints: true
|
||||
ValidateCAA: true
|
||||
AdditionalCertificateOutputFormats: true # BETA - default=true
|
||||
AllAlpha: false # ALPHA - default=false
|
||||
AllBeta: false # BETA - default=false
|
||||
ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false
|
||||
ExperimentalGatewayAPISupport: true # BETA - default=true
|
||||
LiteralCertificateSubject: true # BETA - default=true
|
||||
NameConstraints: true # BETA - default=true
|
||||
OtherNames: false # ALPHA - default=false
|
||||
SecretsFilteredCaching: true # BETA - default=true
|
||||
ServerSideApply: false # ALPHA - default=false
|
||||
StableCertificateRequestName: true # BETA - default=true
|
||||
UseCertificateRequestBasicConstraints: false # ALPHA - default=false
|
||||
UseDomainQualifiedFinalizer: true # BETA - default=false
|
||||
ValidateCAA: false # ALPHA - default=false
|
||||
# Configure the metrics server for TLS
|
||||
# See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
|
||||
metricsTLSConfig:
|
||||
|
||||
@@ -53,6 +53,12 @@ spec:
|
||||
prometheus.io/port: '9402'
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if not .Values.cainjector.serviceAccount.create }}
|
||||
{{- with .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "cainjector.serviceAccountName" . }}
|
||||
{{- if hasKey .Values.cainjector "automountServiceAccountToken" }}
|
||||
automountServiceAccountToken: {{ .Values.cainjector.automountServiceAccountToken }}
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
{{- if .Values.cainjector.enabled }}
|
||||
{{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
@@ -28,3 +29,4 @@ spec:
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/component: "cainjector"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -514,7 +514,6 @@ spec:
|
||||
type: object
|
||||
required:
|
||||
- create
|
||||
- passwordSecretRef
|
||||
properties:
|
||||
alias:
|
||||
description: |-
|
||||
@@ -526,17 +525,25 @@ spec:
|
||||
Create enables JKS keystore creation for the Certificate.
|
||||
If true, a file named `keystore.jks` will be created in the target
|
||||
Secret resource, encrypted using the password stored in
|
||||
`passwordSecretRef`.
|
||||
`passwordSecretRef` or `password`.
|
||||
The keystore file will be updated immediately.
|
||||
If the issuer provided a CA certificate, a file named `truststore.jks`
|
||||
will also be created in the target Secret resource, encrypted using the
|
||||
password stored in `passwordSecretRef`
|
||||
containing the issuing Certificate Authority
|
||||
type: boolean
|
||||
password:
|
||||
description: |-
|
||||
Password provides a literal password used to encrypt the JKS keystore.
|
||||
Mutually exclusive with passwordSecretRef.
|
||||
One of password or passwordSecretRef must provide a password with a non-zero length.
|
||||
type: string
|
||||
passwordSecretRef:
|
||||
description: |-
|
||||
PasswordSecretRef is a reference to a key in a Secret resource
|
||||
PasswordSecretRef is a reference to a non-empty key in a Secret resource
|
||||
containing the password used to encrypt the JKS keystore.
|
||||
Mutually exclusive with password.
|
||||
One of password or passwordSecretRef must provide a password with a non-zero length.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
@@ -559,24 +566,31 @@ spec:
|
||||
type: object
|
||||
required:
|
||||
- create
|
||||
- passwordSecretRef
|
||||
properties:
|
||||
create:
|
||||
description: |-
|
||||
Create enables PKCS12 keystore creation for the Certificate.
|
||||
If true, a file named `keystore.p12` will be created in the target
|
||||
Secret resource, encrypted using the password stored in
|
||||
`passwordSecretRef`.
|
||||
`passwordSecretRef` or in `password`.
|
||||
The keystore file will be updated immediately.
|
||||
If the issuer provided a CA certificate, a file named `truststore.p12` will
|
||||
also be created in the target Secret resource, encrypted using the
|
||||
password stored in `passwordSecretRef` containing the issuing Certificate
|
||||
Authority
|
||||
type: boolean
|
||||
password:
|
||||
description: |-
|
||||
Password provides a literal password used to encrypt the PKCS#12 keystore.
|
||||
Mutually exclusive with passwordSecretRef.
|
||||
One of password or passwordSecretRef must provide a password with a non-zero length.
|
||||
type: string
|
||||
passwordSecretRef:
|
||||
description: |-
|
||||
PasswordSecretRef is a reference to a key in a Secret resource
|
||||
containing the password used to encrypt the PKCS12 keystore.
|
||||
PasswordSecretRef is a reference to a non-empty key in a Secret resource
|
||||
containing the password used to encrypt the PKCS#12 keystore.
|
||||
Mutually exclusive with password.
|
||||
One of password or passwordSecretRef must provide a password with a non-zero length.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
@@ -1376,6 +1390,9 @@ spec:
|
||||
resource ID of the managed identity, can not be used at the same time as clientID
|
||||
Cannot be used for Azure Managed Service Identity
|
||||
type: string
|
||||
tenantID:
|
||||
description: tenant ID of the managed identity, can not be used at the same time as resourceID
|
||||
type: string
|
||||
resourceGroupName:
|
||||
description: resource group the DNS zone is located in
|
||||
type: string
|
||||
@@ -4689,6 +4706,9 @@ spec:
|
||||
resource ID of the managed identity, can not be used at the same time as clientID
|
||||
Cannot be used for Azure Managed Service Identity
|
||||
type: string
|
||||
tenantID:
|
||||
description: tenant ID of the managed identity, can not be used at the same time as resourceID
|
||||
type: string
|
||||
resourceGroupName:
|
||||
description: resource group the DNS zone is located in
|
||||
type: string
|
||||
@@ -8415,6 +8435,9 @@ spec:
|
||||
resource ID of the managed identity, can not be used at the same time as clientID
|
||||
Cannot be used for Azure Managed Service Identity
|
||||
type: string
|
||||
tenantID:
|
||||
description: tenant ID of the managed identity, can not be used at the same time as resourceID
|
||||
type: string
|
||||
resourceGroupName:
|
||||
description: resource group the DNS zone is located in
|
||||
type: string
|
||||
|
||||
@@ -52,6 +52,12 @@ spec:
|
||||
prometheus.io/port: '9402'
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if not .Values.serviceAccount.create }}
|
||||
{{- with .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "cert-manager.serviceAccountName" . }}
|
||||
{{- if hasKey .Values "automountServiceAccountToken" }}
|
||||
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
|
||||
|
||||
@@ -11,7 +11,9 @@ metadata:
|
||||
namespace: {{ include "cert-manager.namespace" . }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- range $k, $v := . }}
|
||||
{{- printf "%s: %s" (tpl $k $) (tpl $v $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ include "cert-manager.name" . }}
|
||||
|
||||
@@ -52,6 +52,12 @@ spec:
|
||||
prometheus.io/port: '9402'
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if not .Values.webhook.serviceAccount.create }}
|
||||
{{- with .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "webhook.serviceAccountName" . }}
|
||||
{{- if hasKey .Values.webhook "automountServiceAccountToken" }}
|
||||
automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }}
|
||||
|
||||
@@ -579,7 +579,7 @@
|
||||
},
|
||||
"helm-values.config": {
|
||||
"default": {},
|
||||
"description": "This property is used to configure options for the controller pod. This allows setting options that would usually be provided using flags.\n\nIf `apiVersion` and `kind` are unspecified they default to the current latest version (currently `controller.config.cert-manager.io/v1alpha1`). You can pin the version by specifying the `apiVersion` yourself.\n\nFor example:\nconfig:\n apiVersion: controller.config.cert-manager.io/v1alpha1\n kind: ControllerConfiguration\n logging:\n verbosity: 2\n format: text\n leaderElectionConfig:\n namespace: kube-system\n kubernetesAPIQPS: 9000\n kubernetesAPIBurst: 9000\n numberOfConcurrentWorkers: 200\n featureGates:\n AdditionalCertificateOutputFormats: true\n DisallowInsecureCSRUsageDefinition: true\n ExperimentalCertificateSigningRequestControllers: true\n ExperimentalGatewayAPISupport: true\n LiteralCertificateSubject: true\n SecretsFilteredCaching: true\n ServerSideApply: true\n StableCertificateRequestName: true\n UseCertificateRequestBasicConstraints: true\n ValidateCAA: true\n # Configure the metrics server for TLS\n # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls\n metricsTLSConfig:\n dynamic:\n secretNamespace: \"cert-manager\"\n secretName: \"cert-manager-metrics-ca\"\n dnsNames:\n - cert-manager-metrics",
|
||||
"description": "This property is used to configure options for the controller pod. This allows setting options that would usually be provided using flags.\n\nIf `apiVersion` and `kind` are unspecified they default to the current latest version (currently `controller.config.cert-manager.io/v1alpha1`). You can pin the version by specifying the `apiVersion` yourself.\n\nFor example:\nconfig:\n apiVersion: controller.config.cert-manager.io/v1alpha1\n kind: ControllerConfiguration\n logging:\n verbosity: 2\n format: text\n leaderElectionConfig:\n namespace: kube-system\n kubernetesAPIQPS: 9000\n kubernetesAPIBurst: 9000\n numberOfConcurrentWorkers: 200\n enableGatewayAPI: true\n # Feature gates as of v1.17.0. Listed with their default values.\n # See https://cert-manager.io/docs/cli/controller/\n featureGates:\n AdditionalCertificateOutputFormats: true # BETA - default=true\n AllAlpha: false # ALPHA - default=false\n AllBeta: false # BETA - default=false\n ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false\n ExperimentalGatewayAPISupport: true # BETA - default=true\n LiteralCertificateSubject: true # BETA - default=true\n NameConstraints: true # BETA - default=true\n OtherNames: false # ALPHA - default=false\n SecretsFilteredCaching: true # BETA - default=true\n ServerSideApply: false # ALPHA - default=false\n StableCertificateRequestName: true # BETA - default=true\n UseCertificateRequestBasicConstraints: false # ALPHA - default=false\n UseDomainQualifiedFinalizer: true # BETA - default=false\n ValidateCAA: false # ALPHA - default=false\n # Configure the metrics server for TLS\n # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls\n metricsTLSConfig:\n dynamic:\n secretNamespace: \"cert-manager\"\n secretName: \"cert-manager-metrics-ca\"\n dnsNames:\n - cert-manager-metrics",
|
||||
"type": "object"
|
||||
},
|
||||
"helm-values.containerSecurityContext": {
|
||||
@@ -1223,7 +1223,7 @@
|
||||
"type": "object"
|
||||
},
|
||||
"helm-values.serviceAccount.annotations": {
|
||||
"description": "Optional additional annotations to add to the controller's Service Account.",
|
||||
"description": "Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values.\nExample using templating:\nannotations:\n \"{{ .Chart.Name }}-helm-chart/version\": \"{{ .Chart.Version }}\"",
|
||||
"type": "object"
|
||||
},
|
||||
"helm-values.serviceAccount.automountServiceAccountToken": {
|
||||
|
||||
@@ -190,7 +190,10 @@ serviceAccount:
|
||||
# +docs:property
|
||||
# name: ""
|
||||
|
||||
# Optional additional annotations to add to the controller's Service Account.
|
||||
# Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values.
|
||||
# Example using templating:
|
||||
# annotations:
|
||||
# "{{ .Chart.Name }}-helm-chart/version": "{{ .Chart.Version }}"
|
||||
# +docs:property
|
||||
# annotations: {}
|
||||
|
||||
@@ -227,17 +230,24 @@ enableCertificateOwnerRef: false
|
||||
# kubernetesAPIQPS: 9000
|
||||
# kubernetesAPIBurst: 9000
|
||||
# numberOfConcurrentWorkers: 200
|
||||
# enableGatewayAPI: true
|
||||
# # Feature gates as of v1.17.0. Listed with their default values.
|
||||
# # See https://cert-manager.io/docs/cli/controller/
|
||||
# featureGates:
|
||||
# AdditionalCertificateOutputFormats: true
|
||||
# DisallowInsecureCSRUsageDefinition: true
|
||||
# ExperimentalCertificateSigningRequestControllers: true
|
||||
# ExperimentalGatewayAPISupport: true
|
||||
# LiteralCertificateSubject: true
|
||||
# SecretsFilteredCaching: true
|
||||
# ServerSideApply: true
|
||||
# StableCertificateRequestName: true
|
||||
# UseCertificateRequestBasicConstraints: true
|
||||
# ValidateCAA: true
|
||||
# AdditionalCertificateOutputFormats: true # BETA - default=true
|
||||
# AllAlpha: false # ALPHA - default=false
|
||||
# AllBeta: false # BETA - default=false
|
||||
# ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false
|
||||
# ExperimentalGatewayAPISupport: true # BETA - default=true
|
||||
# LiteralCertificateSubject: true # BETA - default=true
|
||||
# NameConstraints: true # BETA - default=true
|
||||
# OtherNames: false # ALPHA - default=false
|
||||
# SecretsFilteredCaching: true # BETA - default=true
|
||||
# ServerSideApply: false # ALPHA - default=false
|
||||
# StableCertificateRequestName: true # BETA - default=true
|
||||
# UseCertificateRequestBasicConstraints: false # ALPHA - default=false
|
||||
# UseDomainQualifiedFinalizer: true # BETA - default=false
|
||||
# ValidateCAA: false # ALPHA - default=false
|
||||
# # Configure the metrics server for TLS
|
||||
# # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
|
||||
# metricsTLSConfig:
|
||||
|
||||
Reference in New Issue
Block a user