feat: cert-manager version bump

This commit is contained in:
Stefan Reimer 2021-12-09 14:03:34 +01:00
parent 3f7b0a842d
commit 3ed32c2aa9
7 changed files with 52 additions and 46 deletions

View File

@ -2,21 +2,22 @@ apiVersion: v2
name: kubezero-cert-manager name: kubezero-cert-manager
description: KubeZero Umbrella Chart for cert-manager description: KubeZero Umbrella Chart for cert-manager
type: application type: application
version: 0.7.3 version: 0.8.0
appVersion: 1.5.3 appVersion: 1.6.1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
- kubezero - kubezero
- cert-manager - cert-manager
maintainers: maintainers:
- name: Stefan Reimer
email: stefan@zero-downtime.net
dependencies: dependencies:
- name: kubezero-lib - name: kubezero-lib
version: ">= 0.1.3" version: ">= 0.1.4"
repository: https://cdn.zero-downtime.net/charts/ repository: https://cdn.zero-downtime.net/charts/
- name: cert-manager - name: cert-manager
version: 1.5.3 version: 1.6.1
condition: cert-manager.enabled condition: cert-manager.enabled
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
kubeVersion: ">= 1.18.0" kubeVersion: ">= 1.20.0"

View File

@ -13,14 +13,11 @@
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}
## AWS - IAM Role ## AWS - OIDC IAM roles
If you use kiam or kube2iam and restrict access on nodes running cert-manager please adjust:
```
cert-manager.podAnnotations:
iam.amazonaws.com/role: <ROLE>
```
## Resolver Secrets ## Resolver Secrets
If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers. If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.
## Resources
- [Backup & Restore](https://cert-manager.io/docs/tutorials/backup/)
{{ template "chart.valuesSection" . }} {{ template "chart.valuesSection" . }}

View File

@ -8,8 +8,8 @@
"subdir": "grafana" "subdir": "grafana"
} }
}, },
"version": "c3b14b24b83cfe9abf1064649d19e2d679f033fb", "version": "199e363523104ff8b3a12483a4e3eca86372b078",
"sum": "YrE4DNQsWgYWs6h0j/FjQETt8xDXdYdsslb1WK7xQEk=" "sum": "/jDHzVAjHB4AOLkJHw1GyATX5ogZ1iMdcJXZAgaG3+g="
}, },
{ {
"source": { "source": {
@ -18,8 +18,8 @@
"subdir": "contrib/mixin" "subdir": "contrib/mixin"
} }
}, },
"version": "3df272774672366beb02c5447782805ab5fec957", "version": "29292aa7bdafaf65cb5e054591fe0ff07b36f5ee",
"sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" "sum": "cdKL5kPYfpWSpTCu4qctmh+gWQqL+4YWom6rw9qLYJU="
}, },
{ {
"source": { "source": {
@ -28,7 +28,7 @@
"subdir": "grafonnet" "subdir": "grafonnet"
} }
}, },
"version": "19b27b272abf4263af1365ec485784c49815a332", "version": "3626fc4dc2326931c530861ac5bebe39444f6cbf",
"sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w=" "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
}, },
{ {
@ -38,8 +38,8 @@
"subdir": "grafana-builder" "subdir": "grafana-builder"
} }
}, },
"version": "b7eae75972a369bf8ebfb03dcb0d4c14464ef85a", "version": "b102f9ac7d1290ac025c2a7ac99f7fd9a9948503",
"sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" "sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc="
}, },
{ {
"source": { "source": {
@ -48,8 +48,8 @@
"subdir": "" "subdir": ""
} }
}, },
"version": "ff4641bcd83314c955150bea6b147df9ca335c4a", "version": "9821d07e94e9a9916575a234fb699ae3331fa939",
"sum": "oUVGwcCbmdH8qz9B+lbRawI9s23GY9HeW7MwYZRbZ/0=" "sum": "xubNXyvDwUw9GZzi9BRb6ob3bYzfoMr5F5zCVn2d7ag="
}, },
{ {
"source": { "source": {
@ -58,7 +58,7 @@
"subdir": "lib/promgrafonnet" "subdir": "lib/promgrafonnet"
} }
}, },
"version": "ff4641bcd83314c955150bea6b147df9ca335c4a", "version": "9821d07e94e9a9916575a234fb699ae3331fa939",
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
}, },
{ {
@ -68,8 +68,8 @@
"subdir": "jsonnet/kube-state-metrics" "subdir": "jsonnet/kube-state-metrics"
} }
}, },
"version": "8dab6f7472c26987ab7f8899a4a2f753fed8e8a8", "version": "e3056ae518d0234105276ec916296923968ad294",
"sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" "sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y="
}, },
{ {
"source": { "source": {
@ -78,7 +78,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin" "subdir": "jsonnet/kube-state-metrics-mixin"
} }
}, },
"version": "8dab6f7472c26987ab7f8899a4a2f753fed8e8a8", "version": "e3056ae518d0234105276ec916296923968ad294",
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
}, },
{ {
@ -88,8 +88,8 @@
"subdir": "jsonnet/kube-prometheus" "subdir": "jsonnet/kube-prometheus"
} }
}, },
"version": "a2eee1803a074fb40cad109d690732c22f0130cf", "version": "9ca30579f61ec51e63d87927d19b9d2a433c7e25",
"sum": "kqVnoNBux2YF1s03m+O3w/5jreAnjXx2/NjvNP1Hoy4=" "sum": "EYlmVYtdVovF3ziMZ9dhV0trzXww6YSz8A2tH2YF9Zw="
}, },
{ {
"source": { "source": {
@ -98,8 +98,8 @@
"subdir": "jsonnet/mixin" "subdir": "jsonnet/mixin"
} }
}, },
"version": "42fc15967e35e0cca68cf935f844086edbc82d0e", "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
"sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=",
"name": "prometheus-operator-mixin" "name": "prometheus-operator-mixin"
}, },
{ {
@ -109,8 +109,8 @@
"subdir": "jsonnet/prometheus-operator" "subdir": "jsonnet/prometheus-operator"
} }
}, },
"version": "42fc15967e35e0cca68cf935f844086edbc82d0e", "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
"sum": "sECNXs/aIEreFUma1BWVyknBygqh3AVJEB3msmrAYYY=" "sum": "Vr2IY6Uz1lYYyGDF7QaEAVkJwAtOEikCfuXJN2eAUM0="
}, },
{ {
"source": { "source": {
@ -119,7 +119,7 @@
"subdir": "doc/alertmanager-mixin" "subdir": "doc/alertmanager-mixin"
} }
}, },
"version": "e35efbddb66a73fd8723be5334477e76f21fbd19", "version": "e2a10119aaf7777fa523d216e05897c5b719134c",
"sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
"name": "alertmanager" "name": "alertmanager"
}, },
@ -130,8 +130,8 @@
"subdir": "docs/node-mixin" "subdir": "docs/node-mixin"
} }
}, },
"version": "0e6b23c338e98809c9872c70a2f5dfa8d6d370d4", "version": "7dbf35891570f9ce3bccb25a55176ea4923b35dd",
"sum": "MnfAA4+l2BkgJncnYfV8uHC7CxHZut8+ap8KkEqyB5Y=" "sum": "MlWDAKGZ+JArozRKdKEvewHeWn8j2DNBzesJfLVd0dk="
}, },
{ {
"source": { "source": {
@ -140,8 +140,8 @@
"subdir": "documentation/prometheus-mixin" "subdir": "documentation/prometheus-mixin"
} }
}, },
"version": "a05b510fc32c3ecc2fc369002576179ae1cbcc23", "version": "c965a7555b7ffcee1a127d782abd5bb478a16750",
"sum": "m4VHwft4fUcxzL4+52lLZG/V5aH5ZEdjaweb88vISL0=", "sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=",
"name": "prometheus" "name": "prometheus"
}, },
{ {
@ -151,8 +151,8 @@
"subdir": "mixin" "subdir": "mixin"
} }
}, },
"version": "360b39e1c6ab3ac8dcefa225a6205142f9362c68", "version": "d1acaea2a11a3e4db6bb435c98dea63c517e3530",
"sum": "Og+wEHfgzXBvBLAeeQvGNoiCw3FY4LQHlJdpsG/owj8=", "sum": "1Y1cPIeoPg2nCAEhKPCt8bAGuwuOP2eZ3kVF432mlMA=",
"name": "thanos-mixin" "name": "thanos-mixin"
}, },
{ {

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero name: kubezero
description: KubeZero - Root App of Apps chart description: KubeZero - Root App of Apps chart
type: application type: application
version: 1.21.7-6 version: 1.21.7-7
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -18,7 +18,7 @@ network:
cert-manager: cert-manager:
enabled: false enabled: false
namespace: cert-manager namespace: cert-manager
targetRevision: 0.7.3 targetRevision: 0.8.0
# deprecated - removed with 1.22 # deprecated - removed with 1.22
kiam: kiam:

View File

@ -20,25 +20,30 @@ Kubernetes: `>= 1.20.0`
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| addons.aws-node-termination-handler.enabled | bool | `false` | |
| addons.aws-node-termination-handler.queueURL | string | `""` | arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTERNAME}_Nth |
| addons.clusterBackup.enabled | bool | `false` | |
| addons.clusterBackup.passwordFile | string | `""` | /etc/cloudbender/clusterBackup.passphrase |
| addons.clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup |
| api.allEtcdEndpoints | string | `""` | | | api.allEtcdEndpoints | string | `""` | |
| api.apiAudiences | string | `"istio-ca"` | | | api.apiAudiences | string | `"istio-ca"` | |
| api.awsIamAuth.enabled | bool | `false` | |
| api.awsIamAuth.kubeAdminRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| api.awsIamAuth.workerNodeRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| api.endpoint | string | `"kube-api.changeme.org:6443"` | | | api.endpoint | string | `"kube-api.changeme.org:6443"` | |
| api.extraArgs | object | `{}` | | | api.extraArgs | object | `{}` | |
| api.listenPort | int | `6443` | | | api.listenPort | int | `6443` | |
| api.oidcEndpoint | string | `""` | s3://${CFN[ConfigBucket]}/k8s/$CLUSTERNAME | | api.oidcEndpoint | string | `""` | s3://${CFN[ConfigBucket]}/k8s/$CLUSTERNAME |
| api.serviceAccountIssuer | string | `""` | https://s3.${REGION}.amazonaws.com/${CFN[ConfigBucket]}/k8s/$CLUSTERNAME | | api.serviceAccountIssuer | string | `""` | https://s3.${REGION}.amazonaws.com/${CFN[ConfigBucket]}/k8s/$CLUSTERNAME |
| awsIamAuth.enabled | bool | `false` | |
| awsIamAuth.kubeAdminRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| awsIamAuth.workerNodeRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| backup.passwordFile | string | `""` | /etc/cloudbender/clusterBackup.passphrase |
| backup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup |
| clusterName | string | `"pleasechangeme"` | | | clusterName | string | `"pleasechangeme"` | |
| domain | string | `"changeme.org"` | | | domain | string | `"changeme.org"` | |
| etcd.extraArgs | object | `{}` | | | etcd.extraArgs | object | `{}` | |
| etcd.nodeName | string | `"set_via_cmdline"` | | | etcd.nodeName | string | `"set_via_cmdline"` | |
| highAvailable | bool | `false` | | | highAvailable | bool | `false` | |
| listenAddress | string | `"0.0.0.0"` | Needs to be set to primary node IP | | listenAddress | string | `"0.0.0.0"` | Needs to be set to primary node IP |
| network.multus.enabled | bool | `true` | | | network.calico.enabled | bool | `false` | |
| network.cilium.enabled | bool | `false` | |
| network.multus.enabled | bool | `false` | |
| network.multus.tag | string | `"v3.8"` | | | network.multus.tag | string | `"v3.8"` | |
| nodeName | string | `"localhost"` | set to $HOSTNAME | | nodeName | string | `"localhost"` | set to $HOSTNAME |
| protectKernelDefaults | bool | `true` | | | protectKernelDefaults | bool | `true` | |

View File

@ -14,3 +14,6 @@ kubectl delete statefulset ebs-snapshot-controller -n kube-system
kubectl delete deployment efs-csi-controller -n kube-system kubectl delete deployment efs-csi-controller -n kube-system
kubectl delete daemonSet efs-csi-node -n kube-system kubectl delete daemonSet efs-csi-node -n kube-system
# Remove calico Servicemonitor in case still around
# kubectl delete servicemonitor calico-node -n kube-system