feat: cert-manager version bump

This commit is contained in:
Stefan Reimer 2021-12-09 14:03:34 +01:00
parent 3f7b0a842d
commit 3ed32c2aa9
7 changed files with 52 additions and 46 deletions

View File

@ -2,21 +2,22 @@ apiVersion: v2
name: kubezero-cert-manager
description: KubeZero Umbrella Chart for cert-manager
type: application
version: 0.7.3
appVersion: 1.5.3
version: 0.8.0
appVersion: 1.6.1
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
- kubezero
- cert-manager
maintainers:
- name: Stefan Reimer
email: stefan@zero-downtime.net
dependencies:
- name: kubezero-lib
version: ">= 0.1.3"
version: ">= 0.1.4"
repository: https://cdn.zero-downtime.net/charts/
- name: cert-manager
version: 1.5.3
version: 1.6.1
condition: cert-manager.enabled
repository: https://charts.jetstack.io
kubeVersion: ">= 1.18.0"
kubeVersion: ">= 1.20.0"

View File

@ -13,14 +13,11 @@
{{ template "chart.requirementsSection" . }}
## AWS - IAM Role
If you use kiam or kube2iam and restrict access on nodes running cert-manager please adjust:
```
cert-manager.podAnnotations:
iam.amazonaws.com/role: <ROLE>
```
## AWS - OIDC IAM roles
## Resolver Secrets
If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.
## Resources
- [Backup & Restore](https://cert-manager.io/docs/tutorials/backup/)
{{ template "chart.valuesSection" . }}

View File

@ -8,8 +8,8 @@
"subdir": "grafana"
}
},
"version": "c3b14b24b83cfe9abf1064649d19e2d679f033fb",
"sum": "YrE4DNQsWgYWs6h0j/FjQETt8xDXdYdsslb1WK7xQEk="
"version": "199e363523104ff8b3a12483a4e3eca86372b078",
"sum": "/jDHzVAjHB4AOLkJHw1GyATX5ogZ1iMdcJXZAgaG3+g="
},
{
"source": {
@ -18,8 +18,8 @@
"subdir": "contrib/mixin"
}
},
"version": "3df272774672366beb02c5447782805ab5fec957",
"sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI="
"version": "29292aa7bdafaf65cb5e054591fe0ff07b36f5ee",
"sum": "cdKL5kPYfpWSpTCu4qctmh+gWQqL+4YWom6rw9qLYJU="
},
{
"source": {
@ -28,7 +28,7 @@
"subdir": "grafonnet"
}
},
"version": "19b27b272abf4263af1365ec485784c49815a332",
"version": "3626fc4dc2326931c530861ac5bebe39444f6cbf",
"sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
},
{
@ -38,8 +38,8 @@
"subdir": "grafana-builder"
}
},
"version": "b7eae75972a369bf8ebfb03dcb0d4c14464ef85a",
"sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8="
"version": "b102f9ac7d1290ac025c2a7ac99f7fd9a9948503",
"sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc="
},
{
"source": {
@ -48,8 +48,8 @@
"subdir": ""
}
},
"version": "ff4641bcd83314c955150bea6b147df9ca335c4a",
"sum": "oUVGwcCbmdH8qz9B+lbRawI9s23GY9HeW7MwYZRbZ/0="
"version": "9821d07e94e9a9916575a234fb699ae3331fa939",
"sum": "xubNXyvDwUw9GZzi9BRb6ob3bYzfoMr5F5zCVn2d7ag="
},
{
"source": {
@ -58,7 +58,7 @@
"subdir": "lib/promgrafonnet"
}
},
"version": "ff4641bcd83314c955150bea6b147df9ca335c4a",
"version": "9821d07e94e9a9916575a234fb699ae3331fa939",
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
},
{
@ -68,8 +68,8 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
"version": "8dab6f7472c26987ab7f8899a4a2f753fed8e8a8",
"sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE="
"version": "e3056ae518d0234105276ec916296923968ad294",
"sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y="
},
{
"source": {
@ -78,7 +78,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
"version": "8dab6f7472c26987ab7f8899a4a2f753fed8e8a8",
"version": "e3056ae518d0234105276ec916296923968ad294",
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
},
{
@ -88,8 +88,8 @@
"subdir": "jsonnet/kube-prometheus"
}
},
"version": "a2eee1803a074fb40cad109d690732c22f0130cf",
"sum": "kqVnoNBux2YF1s03m+O3w/5jreAnjXx2/NjvNP1Hoy4="
"version": "9ca30579f61ec51e63d87927d19b9d2a433c7e25",
"sum": "EYlmVYtdVovF3ziMZ9dhV0trzXww6YSz8A2tH2YF9Zw="
},
{
"source": {
@ -98,8 +98,8 @@
"subdir": "jsonnet/mixin"
}
},
"version": "42fc15967e35e0cca68cf935f844086edbc82d0e",
"sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=",
"version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
"sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=",
"name": "prometheus-operator-mixin"
},
{
@ -109,8 +109,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "42fc15967e35e0cca68cf935f844086edbc82d0e",
"sum": "sECNXs/aIEreFUma1BWVyknBygqh3AVJEB3msmrAYYY="
"version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
"sum": "Vr2IY6Uz1lYYyGDF7QaEAVkJwAtOEikCfuXJN2eAUM0="
},
{
"source": {
@ -119,7 +119,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
"version": "e35efbddb66a73fd8723be5334477e76f21fbd19",
"version": "e2a10119aaf7777fa523d216e05897c5b719134c",
"sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
"name": "alertmanager"
},
@ -130,8 +130,8 @@
"subdir": "docs/node-mixin"
}
},
"version": "0e6b23c338e98809c9872c70a2f5dfa8d6d370d4",
"sum": "MnfAA4+l2BkgJncnYfV8uHC7CxHZut8+ap8KkEqyB5Y="
"version": "7dbf35891570f9ce3bccb25a55176ea4923b35dd",
"sum": "MlWDAKGZ+JArozRKdKEvewHeWn8j2DNBzesJfLVd0dk="
},
{
"source": {
@ -140,8 +140,8 @@
"subdir": "documentation/prometheus-mixin"
}
},
"version": "a05b510fc32c3ecc2fc369002576179ae1cbcc23",
"sum": "m4VHwft4fUcxzL4+52lLZG/V5aH5ZEdjaweb88vISL0=",
"version": "c965a7555b7ffcee1a127d782abd5bb478a16750",
"sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=",
"name": "prometheus"
},
{
@ -151,8 +151,8 @@
"subdir": "mixin"
}
},
"version": "360b39e1c6ab3ac8dcefa225a6205142f9362c68",
"sum": "Og+wEHfgzXBvBLAeeQvGNoiCw3FY4LQHlJdpsG/owj8=",
"version": "d1acaea2a11a3e4db6bb435c98dea63c517e3530",
"sum": "1Y1cPIeoPg2nCAEhKPCt8bAGuwuOP2eZ3kVF432mlMA=",
"name": "thanos-mixin"
},
{

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero
description: KubeZero - Root App of Apps chart
type: application
version: 1.21.7-6
version: 1.21.7-7
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -18,7 +18,7 @@ network:
cert-manager:
enabled: false
namespace: cert-manager
targetRevision: 0.7.3
targetRevision: 0.8.0
# deprecated - removed with 1.22
kiam:

View File

@ -20,25 +20,30 @@ Kubernetes: `>= 1.20.0`
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| addons.aws-node-termination-handler.enabled | bool | `false` | |
| addons.aws-node-termination-handler.queueURL | string | `""` | arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTERNAME}_Nth |
| addons.clusterBackup.enabled | bool | `false` | |
| addons.clusterBackup.passwordFile | string | `""` | /etc/cloudbender/clusterBackup.passphrase |
| addons.clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup |
| api.allEtcdEndpoints | string | `""` | |
| api.apiAudiences | string | `"istio-ca"` | |
| api.awsIamAuth.enabled | bool | `false` | |
| api.awsIamAuth.kubeAdminRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| api.awsIamAuth.workerNodeRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| api.endpoint | string | `"kube-api.changeme.org:6443"` | |
| api.extraArgs | object | `{}` | |
| api.listenPort | int | `6443` | |
| api.oidcEndpoint | string | `""` | s3://${CFN[ConfigBucket]}/k8s/$CLUSTERNAME |
| api.serviceAccountIssuer | string | `""` | https://s3.${REGION}.amazonaws.com/${CFN[ConfigBucket]}/k8s/$CLUSTERNAME |
| awsIamAuth.enabled | bool | `false` | |
| awsIamAuth.kubeAdminRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| awsIamAuth.workerNodeRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | |
| backup.passwordFile | string | `""` | /etc/cloudbender/clusterBackup.passphrase |
| backup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup |
| clusterName | string | `"pleasechangeme"` | |
| domain | string | `"changeme.org"` | |
| etcd.extraArgs | object | `{}` | |
| etcd.nodeName | string | `"set_via_cmdline"` | |
| highAvailable | bool | `false` | |
| listenAddress | string | `"0.0.0.0"` | Needs to be set to primary node IP |
| network.multus.enabled | bool | `true` | |
| network.calico.enabled | bool | `false` | |
| network.cilium.enabled | bool | `false` | |
| network.multus.enabled | bool | `false` | |
| network.multus.tag | string | `"v3.8"` | |
| nodeName | string | `"localhost"` | set to $HOSTNAME |
| protectKernelDefaults | bool | `true` | |

View File

@ -14,3 +14,6 @@ kubectl delete statefulset ebs-snapshot-controller -n kube-system
kubectl delete deployment efs-csi-controller -n kube-system
kubectl delete daemonSet efs-csi-node -n kube-system
# Remove calico Servicemonitor in case still around
# kubectl delete servicemonitor calico-node -n kube-system