From 09cc9e25cc0d18778e440ee7932844183a12a125 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 30 Jun 2021 12:34:02 +0200 Subject: [PATCH] feat: convert cert-manager to use service account tokens rather than kiam, version bump of cert-manager --- charts/kubezero-cert-manager/Chart.yaml | 8 ++++---- charts/kubezero-cert-manager/README.md | 11 ++--------- charts/kubezero-cert-manager/values.yaml | 24 ++++++++++++++++++++++-- 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index bb8ab082..8e47cebc 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -2,20 +2,20 @@ apiVersion: v2 name: kubezero-cert-manager description: KubeZero Umbrella Chart for cert-manager type: application -version: 0.5.0 +version: 0.6.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: - kubezero - cert-manager maintainers: - - name: Quarky9 + dependencies: - name: kubezero-lib version: ">= 0.1.3" repository: https://zero-down-time.github.io/kubezero/ - name: cert-manager - version: 1.2.0 - repository: https://charts.jetstack.io + version: 1.4.0 condition: cert-manager.enabled + repository: https://charts.jetstack.io kubeVersion: ">= 1.18.0" diff --git a/charts/kubezero-cert-manager/README.md b/charts/kubezero-cert-manager/README.md index bfab896e..c985dd6f 100644 --- a/charts/kubezero-cert-manager/README.md +++ b/charts/kubezero-cert-manager/README.md @@ -1,24 +1,18 @@ # kubezero-cert-manager -![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for cert-manager **Homepage:** -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Quarky9 | | | - ## Requirements Kubernetes: `>= 1.18.0` | Repository | Name | Version | |------------|------|---------| -| https://charts.jetstack.io | cert-manager | 1.2.0 | +| https://charts.jetstack.io | cert-manager | 1.4.0 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | ## AWS - IAM Role @@ -44,7 +38,6 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make | cert-manager.ingressShim.defaultIssuerKind | string | `"ClusterIssuer"` | | | cert-manager.ingressShim.defaultIssuerName | string | `"letsencrypt-dns-prod"` | | | cert-manager.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | -| cert-manager.podAnnotations | object | `{}` | | | cert-manager.prometheus.servicemonitor.enabled | bool | `false` | | | cert-manager.tolerations[0].effect | string | `"NoSchedule"` | | | cert-manager.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | diff --git a/charts/kubezero-cert-manager/values.yaml b/charts/kubezero-cert-manager/values.yaml index 9a7badec..3fb9601c 100644 --- a/charts/kubezero-cert-manager/values.yaml +++ b/charts/kubezero-cert-manager/values.yaml @@ -23,8 +23,28 @@ cert-manager: leaderElection: namespace: "cert-manager" - podAnnotations: {} - # iam.amazonaws.com/role: "" + # On AWS enable Projected Service Accounts to assume IAM role + #extraEnv: + #- name: AWS_ROLE_ARN + # value: "" + #- name: AWS_WEB_IDENTITY_TOKEN_FILE + # value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" + #- name: AWS_STS_REGIONAL_ENDPOINTS + # value: regional + + #volumes: + #- name: aws-token + # projected: + # sources: + # - serviceAccountToken: + # path: token + # expirationSeconds: 86400 + # audience: "sts.amazonaws.com" + + #volumeMounts: + #- name: aws-token + # mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" + # readOnly: true tolerations: - key: node-role.kubernetes.io/master