iskm/maabara
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cert-manager upgrade v1.16.1 --> v1.17.2

Browse Source
This commit is contained in:
Ibrahim Mkusa 2025-05-31 21:22:33 -04:00
parent 39f39732e3
commit f37e839267
2 changed files with 87 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
manifests/cert-manager/cert-manager.yaml
View File

@ -34,7 +34,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
group: cert-manager.io
names:
@ -355,7 +355,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
group: cert-manager.io
names:
@ -537,7 +537,6 @@ spec:
type: object
required:
- create
- passwordSecretRef
properties:
alias:
description: |-
@ -549,17 +548,25 @@ spec:
Create enables JKS keystore creation for the Certificate.
If true, a file named `keystore.jks` will be created in the target
Secret resource, encrypted using the password stored in
`passwordSecretRef`.
`passwordSecretRef` or `password`.
The keystore file will be updated immediately.
If the issuer provided a CA certificate, a file named `truststore.jks`
will also be created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef`
containing the issuing Certificate Authority
type: boolean
password:
description: |-
Password provides a literal password used to encrypt the JKS keystore.
Mutually exclusive with passwordSecretRef.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: string
passwordSecretRef:
description: |-
PasswordSecretRef is a reference to a key in a Secret resource
PasswordSecretRef is a reference to a non-empty key in a Secret resource
containing the password used to encrypt the JKS keystore.
Mutually exclusive with password.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: object
required:
- name
@ -582,24 +589,31 @@ spec:
type: object
required:
- create
- passwordSecretRef
properties:
create:
description: |-
Create enables PKCS12 keystore creation for the Certificate.
If true, a file named `keystore.p12` will be created in the target
Secret resource, encrypted using the password stored in
`passwordSecretRef`.
`passwordSecretRef` or in `password`.
The keystore file will be updated immediately.
If the issuer provided a CA certificate, a file named `truststore.p12` will
also be created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef` containing the issuing Certificate
Authority
type: boolean
password:
description: |-
Password provides a literal password used to encrypt the PKCS#12 keystore.
Mutually exclusive with passwordSecretRef.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: string
passwordSecretRef:
description: |-
PasswordSecretRef is a reference to a key in a Secret resource
containing the password used to encrypt the PKCS12 keystore.
PasswordSecretRef is a reference to a non-empty key in a Secret resource
containing the password used to encrypt the PKCS#12 keystore.
Mutually exclusive with password.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: object
required:
- name
@ -1124,7 +1138,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
group: acme.cert-manager.io
names:
@ -1400,6 +1414,9 @@ spec:
resource ID of the managed identity, can not be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity, can not be used at the same time as resourceID
type: string
resourceGroupName:
description: resource group the DNS zone is located in
type: string
@ -4331,7 +4348,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
group: cert-manager.io
names:
@ -4714,6 +4731,9 @@ spec:
resource ID of the managed identity, can not be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity, can not be used at the same time as resourceID
type: string
resourceGroupName:
description: resource group the DNS zone is located in
type: string
@ -8059,7 +8079,7 @@ metadata:
app.kubernetes.io/instance: 'cert-manager'
app.kubernetes.io/component: "crds"
# Generated labels
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
group: cert-manager.io
names:
@ -8441,6 +8461,9 @@ spec:
resource ID of the managed identity, can not be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity, can not be used at the same time as resourceID
type: string
resourceGroupName:
description: resource group the DNS zone is located in
type: string
@ -11786,7 +11809,7 @@ metadata:
app.kubernetes.io/instance: 'cert-manager'
app.kubernetes.io/component: "crds"
# Generated labels
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
group: acme.cert-manager.io
names:
@ -12052,7 +12075,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
---
# Source: cert-manager/templates/serviceaccount.yaml
apiVersion: v1
@ -12066,7 +12089,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
---
# Source: cert-manager/templates/webhook-serviceaccount.yaml
apiVersion: v1
@ -12080,7 +12103,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
---
# Source: cert-manager/templates/cainjector-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
@ -12092,7 +12115,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["certificates"]
@ -12124,7 +12147,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["issuers", "issuers/status"]
@ -12150,7 +12173,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["clusterissuers", "clusterissuers/status"]
@ -12176,7 +12199,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
@ -12211,7 +12234,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["acme.cert-manager.io"]
resources: ["orders", "orders/status"]
@ -12249,7 +12272,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
# Use to update challenge resource status
- apiGroups: ["acme.cert-manager.io"]
@ -12309,7 +12332,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificaterequests"]
@ -12346,7 +12369,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
rules:
- apiGroups: ["cert-manager.io"]
@ -12363,7 +12386,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
@ -12386,7 +12409,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
@ -12411,7 +12434,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["signers"]
@ -12433,7 +12456,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
@ -12459,7 +12482,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["authorization.k8s.io"]
resources: ["subjectaccessreviews"]
@ -12475,7 +12498,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12495,7 +12518,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12515,7 +12538,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12535,7 +12558,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12555,7 +12578,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12575,7 +12598,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12595,7 +12618,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12615,7 +12638,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12635,7 +12658,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12655,7 +12678,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -12677,7 +12700,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
# Used for leader election by the controller
# cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
@ -12703,7 +12726,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
@ -12724,7 +12747,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: [""]
resources: ["serviceaccounts/token"]
@ -12742,7 +12765,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
rules:
- apiGroups: [""]
resources: ["secrets"]
@ -12767,7 +12790,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -12790,7 +12813,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -12812,7 +12835,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -12833,7 +12856,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -12854,7 +12877,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
type: ClusterIP
ports:
@ -12877,7 +12900,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
type: ClusterIP
ports:
@ -12901,7 +12924,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
type: ClusterIP
ports:
@ -12929,7 +12952,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
replicas: 1
selector:
@ -12944,7 +12967,7 @@ spec:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
annotations:
prometheus.io/path: "/metrics"
prometheus.io/scrape: 'true'
@ -12958,7 +12981,7 @@ spec:
type: RuntimeDefault
containers:
- name: cert-manager-cainjector
image: "quay.io/jetstack/cert-manager-cainjector:v1.16.1"
image: "quay.io/jetstack/cert-manager-cainjector:v1.17.2"
imagePullPolicy: IfNotPresent
args:
- --v=2
@ -12992,7 +13015,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
replicas: 1
selector:
@ -13007,7 +13030,7 @@ spec:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
annotations:
prometheus.io/path: "/metrics"
prometheus.io/scrape: 'true'
@ -13021,13 +13044,13 @@ spec:
type: RuntimeDefault
containers:
- name: cert-manager-controller
image: "quay.io/jetstack/cert-manager-controller:v1.16.1"
image: "quay.io/jetstack/cert-manager-controller:v1.17.2"
imagePullPolicy: IfNotPresent
args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.1
- --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.17.2
- --max-concurrent-challenges=60
ports:
- containerPort: 9402
@ -13074,7 +13097,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
spec:
replicas: 1
selector:
@ -13089,7 +13112,7 @@ spec:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
annotations:
prometheus.io/path: "/metrics"
prometheus.io/scrape: 'true'
@ -13103,7 +13126,7 @@ spec:
type: RuntimeDefault
containers:
- name: cert-manager-webhook
image: "quay.io/jetstack/cert-manager-webhook:v1.16.1"
image: "quay.io/jetstack/cert-manager-webhook:v1.17.2"
imagePullPolicy: IfNotPresent
args:
- --v=2
@ -13187,7 +13210,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
annotations:
cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca"
webhooks:
@ -13226,7 +13249,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.16.1"
app.kubernetes.io/version: "v1.17.2"
annotations:
cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca"
webhooks:

2
manifests/ingress-nginx/deploy.yaml
View File

@ -343,6 +343,8 @@ metadata:
app.kubernetes.io/version: 1.12.2
name: ingress-nginx-controller
namespace: ingress-nginx
annotations:
external-dns.alpha.kubernetes.io/hostname: www.homelab.local
spec:
externalTrafficPolicy: Local
ipFamilies: