Update cert-manager for 1.26
This commit is contained in:
parent
0a845f687f
commit
d322ad1b03
@ -3,6 +3,9 @@ set -ex
|
||||
|
||||
. ../../scripts/lib-update.sh
|
||||
|
||||
login_ecr_public
|
||||
update_helm
|
||||
|
||||
patch_chart aws-node-termination-handler
|
||||
patch_chart aws-eks-asg-rolling-update-handler
|
||||
|
||||
|
@ -18,4 +18,4 @@ dependencies:
|
||||
- name: cert-manager
|
||||
version: v1.12.3
|
||||
repository: https://charts.jetstack.io
|
||||
kubeVersion: ">= 1.25.0"
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
@ -1,6 +1,6 @@
|
||||
# kubezero-cert-manager
|
||||
|
||||
![Version: 0.9.4](https://img.shields.io/badge/Version-0.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.9.5](https://img.shields.io/badge/Version-0.9.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for cert-manager
|
||||
|
||||
@ -14,12 +14,12 @@ KubeZero Umbrella Chart for cert-manager
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.25.0`
|
||||
Kubernetes: `>= 1.26.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://charts.jetstack.io | cert-manager | 1.11.1 |
|
||||
| https://charts.jetstack.io | cert-manager | v1.12.3 |
|
||||
|
||||
## AWS - OIDC IAM roles
|
||||
|
||||
@ -32,11 +32,15 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| cert-manager.cainjector.extraArgs[0] | string | `"--logging-format=json"` | |
|
||||
| cert-manager.cainjector.extraArgs[1] | string | `"--leader-elect=false"` | |
|
||||
| cert-manager.cainjector.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cert-manager.cainjector.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| cert-manager.cainjector.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
| cert-manager.enabled | bool | `true` | |
|
||||
| cert-manager.extraArgs[0] | string | `"--dns01-recursive-nameservers-only"` | |
|
||||
| cert-manager.extraArgs[0] | string | `"--logging-format=json"` | |
|
||||
| cert-manager.extraArgs[1] | string | `"--leader-elect=false"` | |
|
||||
| cert-manager.extraArgs[2] | string | `"--dns01-recursive-nameservers-only"` | |
|
||||
| cert-manager.global.leaderElection.namespace | string | `"cert-manager"` | |
|
||||
| cert-manager.ingressShim.defaultIssuerKind | string | `"ClusterIssuer"` | |
|
||||
| cert-manager.ingressShim.defaultIssuerName | string | `"letsencrypt-dns-prod"` | |
|
||||
@ -45,6 +49,7 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make
|
||||
| cert-manager.startupapicheck.enabled | bool | `false` | |
|
||||
| cert-manager.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| cert-manager.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
| cert-manager.webhook.extraArgs[0] | string | `"--logging-format=json"` | |
|
||||
| cert-manager.webhook.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cert-manager.webhook.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| cert-manager.webhook.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
|
@ -1,3 +1,4 @@
|
||||
rules:
|
||||
- name: prometheus-rules
|
||||
condition: 'index .Values "cert-manager" "prometheus" "servicemonitor" "enabled"'
|
||||
url: file://rules/cert-manager-mixin-prometheusRule
|
||||
|
@ -8,7 +8,7 @@
|
||||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "release-0.10"
|
||||
"version": "main"
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -8,8 +8,8 @@
|
||||
"subdir": "grafana"
|
||||
}
|
||||
},
|
||||
"version": "199e363523104ff8b3a12483a4e3eca86372b078",
|
||||
"sum": "/jDHzVAjHB4AOLkJHw1GyATX5ogZ1iMdcJXZAgaG3+g="
|
||||
"version": "5698c8940b6dadca3f42107b7839557bc041761f",
|
||||
"sum": "l6fPvh3tW6fWot308w71QY/amrYsFPeitvz1IgJxqQA="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -18,8 +18,18 @@
|
||||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "9d2cda4e44a26f064d8578e258bbba2fc3cd5b73",
|
||||
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
|
||||
"version": "e2e17c75fe1006ea44b6ad793fa7b23f5e3546f4",
|
||||
"sum": "GdePvMDfLQcVhwzk/Ephi/jC27ywGObLB5t0eC0lXd4="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafana.git",
|
||||
"subdir": "grafana-mixin"
|
||||
}
|
||||
},
|
||||
"version": "1120f9e255760a3c104b57871fcb91801e934382",
|
||||
"sum": "MkjR7zCgq6MUZgjDzop574tFKoTX2OBr7DTwm1K+Ofs="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -28,9 +38,19 @@
|
||||
"subdir": "grafonnet"
|
||||
}
|
||||
},
|
||||
"version": "f0b70307b8e5f12236b277883d998af129a8211f",
|
||||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet-lib.git",
|
||||
"subdir": "grafonnet-7.0"
|
||||
}
|
||||
},
|
||||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
@ -38,8 +58,8 @@
|
||||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "e0b90a4435817ad642d8d049e7dd975264cb960e",
|
||||
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
||||
"version": "62aec8403a5c38d5dc97ba596703753289b1c33b",
|
||||
"sum": "xEFMv4+ObwP5L1Wu0XK5agWci4AJzNApys6iKAQxLlQ="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -48,18 +68,8 @@
|
||||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "ab104c5c406b91078d676475c14ab18644f84f2d",
|
||||
"sum": "tRpIInEClWUNe5IS6uIjucFN/KqDFgg19+yo78VrLfU="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin.git",
|
||||
"subdir": "lib/promgrafonnet"
|
||||
}
|
||||
},
|
||||
"version": "eed459199703c969afc318ea55b9361ae48180a7",
|
||||
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
|
||||
"version": "46fc905d5b2981642043088ac7902ea50db2903e",
|
||||
"sum": "8FAie1MXww5Ip9F8hQWkU9Fio1Af+hO4weQuuexioIQ="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -68,8 +78,8 @@
|
||||
"subdir": "jsonnet/kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"version": "e080c3ce73ad514254e38dccb37c93bec6b257ae",
|
||||
"sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y="
|
||||
"version": "570970378edf10655dd81e662658359eb10d9329",
|
||||
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -78,8 +88,8 @@
|
||||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||
}
|
||||
},
|
||||
"version": "e080c3ce73ad514254e38dccb37c93bec6b257ae",
|
||||
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
|
||||
"version": "570970378edf10655dd81e662658359eb10d9329",
|
||||
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -88,8 +98,8 @@
|
||||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "e7eff18e7e70d7f1168105521451c4d7bd6a6d96",
|
||||
"sum": "gcgf9y8wos4W8jgcJKuTDfORYDigCxx+q3QOYEijQFo="
|
||||
"version": "4b5b94347dd71b3649fef612ab3b8cf237ac48b9",
|
||||
"sum": "8AeC579AWxP6VzLTxQ/ccIrwOY0G782ZceLlWmOL5/o="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -98,8 +108,8 @@
|
||||
"subdir": "jsonnet/mixin"
|
||||
}
|
||||
},
|
||||
"version": "d8ba1c766a141cb35072ae2f2578ec8588c9efcd",
|
||||
"sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=",
|
||||
"version": "8b947d4ff1329440a46903c16f05717b24170061",
|
||||
"sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=",
|
||||
"name": "prometheus-operator-mixin"
|
||||
},
|
||||
{
|
||||
@ -109,8 +119,8 @@
|
||||
"subdir": "jsonnet/prometheus-operator"
|
||||
}
|
||||
},
|
||||
"version": "d8ba1c766a141cb35072ae2f2578ec8588c9efcd",
|
||||
"sum": "yjdwZ+5UXL42EavJleAJmd8Ou6MSDfExvlKAxFCxXVE="
|
||||
"version": "8b947d4ff1329440a46903c16f05717b24170061",
|
||||
"sum": "LLGbS2uangsA5enNpZKxwdCAPZnO1Bj+W+o8Esk0QLw="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -119,8 +129,8 @@
|
||||
"subdir": "doc/alertmanager-mixin"
|
||||
}
|
||||
},
|
||||
"version": "16fa045db47d68a09a102c7b80b8899c1f57c153",
|
||||
"sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
|
||||
"version": "6fe1a24df07eed6f6818abd500708040beee7d7b",
|
||||
"sum": "1d7ZKYArJKacAWXLUz0bRC1uOkozee/PPw97/W5zGhc=",
|
||||
"name": "alertmanager"
|
||||
},
|
||||
{
|
||||
@ -130,8 +140,8 @@
|
||||
"subdir": "docs/node-mixin"
|
||||
}
|
||||
},
|
||||
"version": "a2321e7b940ddcff26873612bccdf7cd4c42b6b6",
|
||||
"sum": "MlWDAKGZ+JArozRKdKEvewHeWn8j2DNBzesJfLVd0dk="
|
||||
"version": "f2b274350a07bfd8afcad1a62ef561f8a303fcc2",
|
||||
"sum": "By6n6U10hYDogUsyhsaKZehbhzxBZZobJloiKyKadgM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -140,10 +150,20 @@
|
||||
"subdir": "documentation/prometheus-mixin"
|
||||
}
|
||||
},
|
||||
"version": "41f1a8125e664985dd30674e5bdf6b683eff5d32",
|
||||
"sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=",
|
||||
"version": "4d8e380269da5912265274469ff873142bbbabc3",
|
||||
"sum": "8OngT76gVXOUROOOeP9yTe6E/dn+2D2J34Dn690QCG0=",
|
||||
"name": "prometheus"
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/pyrra-dev/pyrra.git",
|
||||
"subdir": "config/crd/bases"
|
||||
}
|
||||
},
|
||||
"version": "2b8c6d372d90942c3b53a9b225a82441be8c5b7b",
|
||||
"sum": "L3lljFFoFB+nhXnyo8Yl1hKqe60nhHXY0IZCO3H2iVk="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
@ -151,8 +171,8 @@
|
||||
"subdir": "mixin"
|
||||
}
|
||||
},
|
||||
"version": "fb97c9a5ef51849ccb7960abbeb9581ad7f511b9",
|
||||
"sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=",
|
||||
"version": "8fcd30ffcedf9e2728518dc2970d070d4c301302",
|
||||
"sum": "WhheqsiX0maUXByZFsb9xhCEsGXK2955bPmPPf1x+Cs=",
|
||||
"name": "thanos-mixin"
|
||||
},
|
||||
{
|
||||
|
@ -1,24 +1,19 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
helm dep update
|
||||
. ../../scripts/lib-update.sh
|
||||
|
||||
update_helm
|
||||
|
||||
update_jsonnet
|
||||
|
||||
# Install cert-mamanger mixin
|
||||
jb install gitlab.com/uneeq-oss/cert-manager-mixin@master
|
||||
|
||||
# Install rules
|
||||
rm -rf rules && mkdir -p rules
|
||||
jsonnet -J vendor -m rules rules.jsonnet
|
||||
../kubezero-metrics/sync_prometheus_rules.py cert-manager-rules.yaml templates
|
||||
|
||||
# Fetch dashboards from Grafana.com and update ZDT CM
|
||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
||||
|
||||
# Get kube-mixin for alerts
|
||||
which jsonnet > /dev/null || { echo "Required jsonnet not found!"; exit 1;}
|
||||
which jb > /dev/null || { echo "Required jb ( json-bundler ) not found!"; exit 1;}
|
||||
|
||||
[ -r jsonnetfile.json ] || jb init
|
||||
if [ -r jsonnetfile.lock.json ]; then
|
||||
jb update
|
||||
else
|
||||
jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.10
|
||||
jb install gitlab.com/uneeq-oss/cert-manager-mixin@master
|
||||
fi
|
||||
|
||||
rm -rf rules && mkdir -p rules
|
||||
jsonnet -J vendor -m rules rules.jsonnet
|
||||
|
||||
../kubezero-metrics/sync_prometheus_rules.py cert-manager-rules.yaml templates
|
||||
|
@ -23,6 +23,13 @@ cert-manager:
|
||||
leaderElection:
|
||||
namespace: "cert-manager"
|
||||
|
||||
extraArgs:
|
||||
- "--logging-format=json"
|
||||
- "--leader-elect=false"
|
||||
- "--dns01-recursive-nameservers-only"
|
||||
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
|
||||
# - --enable-certificate-owner-ref=true
|
||||
|
||||
#enableCertificateOwnerRef: true
|
||||
|
||||
# On AWS enable Projected Service Accounts to assume IAM role
|
||||
@ -64,6 +71,8 @@ cert-manager:
|
||||
effect: NoSchedule
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/control-plane: ""
|
||||
extraArgs:
|
||||
- "--logging-format=json"
|
||||
|
||||
cainjector:
|
||||
tolerations:
|
||||
@ -71,11 +80,9 @@ cert-manager:
|
||||
effect: NoSchedule
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/control-plane: ""
|
||||
|
||||
extraArgs:
|
||||
- "--dns01-recursive-nameservers-only"
|
||||
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
|
||||
# - --enable-certificate-owner-ref=true
|
||||
- "--logging-format=json"
|
||||
- "--leader-elect=false"
|
||||
|
||||
prometheus:
|
||||
servicemonitor:
|
||||
|
@ -38,7 +38,7 @@ network:
|
||||
cert-manager:
|
||||
enabled: false
|
||||
namespace: cert-manager
|
||||
targetRevision: 0.9.4
|
||||
targetRevision: 0.9.5
|
||||
|
||||
storage:
|
||||
enabled: false
|
||||
|
@ -1,15 +1,33 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
# prometheus metrics mixin branch
|
||||
# https://github.com/prometheus-operator/kube-prometheus#compatibility
|
||||
KUBE_PROMETHEUS_RELEASE=main
|
||||
|
||||
update_jsonnet() {
|
||||
which jsonnet > /dev/null || { echo "Required jsonnet not found!"; exit 1;}
|
||||
which jb > /dev/null || { echo "Required jb ( json-bundler ) not found!"; exit 1;}
|
||||
|
||||
# remove previous versions
|
||||
rm -f jsonnetfile.json jsonnetfile.lock.json
|
||||
|
||||
jb init
|
||||
jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main
|
||||
}
|
||||
|
||||
update_helm() {
|
||||
#helm repo update
|
||||
helm dep update
|
||||
}
|
||||
|
||||
# AWS public ECR
|
||||
login_ecr_public() {
|
||||
aws ecr-public get-login-password \
|
||||
--region us-east-1 | helm registry login \
|
||||
--username AWS \
|
||||
--password-stdin public.ecr.aws
|
||||
|
||||
helm dep update
|
||||
}
|
||||
|
||||
patch_chart() {
|
||||
CHART=$1
|
||||
@ -20,7 +38,7 @@ patch_chart() {
|
||||
tar xfvz charts/$CHART-$VERSION.tgz -C charts && rm charts/$CHART-$VERSION.tgz
|
||||
|
||||
# diff -tuNr charts/aws-node-termination-handler.orig charts/aws-node-termination-handler > nth.patch
|
||||
patch -p0 -i $CHART.patch --no-backup-if-mismatch
|
||||
[ -r $CHART.patch ] && patch -p0 -i $CHART.patch --no-backup-if-mismatch
|
||||
}
|
||||
|
||||
update_docs() {
|
||||
|
Loading…
Reference in New Issue
Block a user