imfreedom/k8s-cluster

Update cert-manager to v1.1.1

2021-06-16, Gary Kramlich
1769a3c8a706
Parents 6bd3bb454a3c
Children 471affaaddb5
Update cert-manager to v1.1.1
1 files changed, 156 insertions(+), 28 deletions(-)
  • +156 -28
    10-cert-manager/cert-manager.yaml
    • --- a/10-cert-manager/cert-manager.yaml Wed Jun 16 03:18:37 2021 -0500
    +++ b/10-cert-manager/cert-manager.yaml Wed Jun 16 03:20:37 2021 -0500
    @@ -1,4 +1,4 @@
    -# Copyright YEAR The Jetstack cert-manager contributors.
    +# Copyright The Jetstack cert-manager contributors.
    #
    # Licensed under the Apache License, Version 2.0 (the "License");
    # you may not use this file except in compliance with the License.
    @@ -920,6 +920,10 @@
    items:
    type: string
    type: array
    + encodeUsagesInRequest:
    + description: EncodeUsagesInRequest controls whether key usages should
    + be present in the CertificateRequest
    + type: boolean
    ipAddresses:
    description: IPAddresses is a list of IP address subjectAltNames to
    be set on the Certificate.
    @@ -978,8 +982,6 @@
    if not specified. If `keyAlgorithm` is set to `ECDSA`, valid values
    are `256`, `384` or `521`, and will default to `256` if not specified.
    No other values are allowed.
    - maximum: 8192
    - minimum: 0
    type: integer
    keystores:
    description: Keystores configures additional keystore output formats
    @@ -1328,6 +1330,10 @@
    items:
    type: string
    type: array
    + encodeUsagesInRequest:
    + description: EncodeUsagesInRequest controls whether key usages should
    + be present in the CertificateRequest
    + type: boolean
    ipAddresses:
    description: IPAddresses is a list of IP address subjectAltNames to
    be set on the Certificate.
    @@ -1386,8 +1392,6 @@
    if not specified. If `keyAlgorithm` is set to `ECDSA`, valid values
    are `256`, `384` or `521`, and will default to `256` if not specified.
    No other values are allowed.
    - maximum: 8192
    - minimum: 0
    type: integer
    keystores:
    description: Keystores configures additional keystore output formats
    @@ -1735,6 +1739,10 @@
    items:
    type: string
    type: array
    + encodeUsagesInRequest:
    + description: EncodeUsagesInRequest controls whether key usages should
    + be present in the CertificateRequest
    + type: boolean
    ipAddresses:
    description: IPAddresses is a list of IP address subjectAltNames to
    be set on the Certificate.
    @@ -1876,8 +1884,6 @@
    if not specified. If `algorithm` is set to `ECDSA`, valid values
    are `256`, `384` or `521`, and will default to `256` if not
    specified. No other values are allowed.
    - maximum: 8192
    - minimum: 0
    type: integer
    type: object
    renewBefore:
    @@ -2144,6 +2150,10 @@
    items:
    type: string
    type: array
    + encodeUsagesInRequest:
    + description: EncodeUsagesInRequest controls whether key usages should
    + be present in the CertificateRequest
    + type: boolean
    ipAddresses:
    description: IPAddresses is a list of IP address subjectAltNames to
    be set on the Certificate.
    @@ -2285,8 +2295,6 @@
    if not specified. If `algorithm` is set to `ECDSA`, valid values
    are `256`, `384` or `521`, and will default to `256` if not
    specified. No other values are allowed.
    - maximum: 8192
    - minimum: 0
    type: integer
    type: object
    renewBefore:
    @@ -8602,6 +8610,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -10574,6 +10589,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -12546,6 +12568,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -14520,6 +14549,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -16530,6 +16566,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -18501,6 +18544,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -20472,6 +20522,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -22445,6 +22502,13 @@
    notification emails. This field may be updated after the account
    is initially registered.
    type: string
    + enableDurationFeature:
    + description: Enables requesting a Not After date on certificates
    + that matches the duration of the certificate. This is not supported
    + by all ACME servers like Let's Encrypt. If set to true when
    + the ACME server does not support it it will create an error
    + on the Order. Defaults to false.
    + type: boolean
    externalAccountBinding:
    description: ExternalAccountBinding is a reference to a CA external
    account of the ACME server. If set, upon registration cert-manager
    @@ -24439,9 +24503,9 @@
    properties:
    commonName:
    description: CommonName is the common name as specified on the DER
    - encoded CSR. If specified, this value must also be present in `dnsNames`.
    - This field must match the corresponding field on the DER encoded
    - CSR.
    + encoded CSR. If specified, this value must also be present in `dnsNames`
    + or `ipAddresses`. This field must match the corresponding field
    + on the DER encoded CSR.
    type: string
    csr:
    description: Certificate signing request bytes in DER encoding. This
    @@ -24456,6 +24520,18 @@
    items:
    type: string
    type: array
    + duration:
    + description: Duration is the duration for the not after date for the
    + requested certificate. this is set on order creation as pe the ACME
    + spec.
    + type: string
    + ipAddresses:
    + description: IPAddresses is a list of IP addresses that should be
    + included as part of the Order validation process. This field must
    + match the corresponding field on the DER encoded CSR.
    + items:
    + type: string
    + type: array
    issuerRef:
    description: IssuerRef references a properly configured ACME-type
    Issuer which should be used to create this Order. If the Issuer
    @@ -24477,7 +24553,6 @@
    type: object
    required:
    - csr
    - - dnsNames
    - issuerRef
    type: object
    status:
    @@ -24647,9 +24722,9 @@
    properties:
    commonName:
    description: CommonName is the common name as specified on the DER
    - encoded CSR. If specified, this value must also be present in `dnsNames`.
    - This field must match the corresponding field on the DER encoded
    - CSR.
    + encoded CSR. If specified, this value must also be present in `dnsNames`
    + or `ipAddresses`. This field must match the corresponding field
    + on the DER encoded CSR.
    type: string
    csr:
    description: Certificate signing request bytes in DER encoding. This
    @@ -24664,6 +24739,18 @@
    items:
    type: string
    type: array
    + duration:
    + description: Duration is the duration for the not after date for the
    + requested certificate. this is set on order creation as pe the ACME
    + spec.
    + type: string
    + ipAddresses:
    + description: IPAddresses is a list of IP addresses that should be
    + included as part of the Order validation process. This field must
    + match the corresponding field on the DER encoded CSR.
    + items:
    + type: string
    + type: array
    issuerRef:
    description: IssuerRef references a properly configured ACME-type
    Issuer which should be used to create this Order. If the Issuer
    @@ -24685,7 +24772,6 @@
    type: object
    required:
    - csr
    - - dnsNames
    - issuerRef
    type: object
    status:
    @@ -24855,9 +24941,9 @@
    properties:
    commonName:
    description: CommonName is the common name as specified on the DER
    - encoded CSR. If specified, this value must also be present in `dnsNames`.
    - This field must match the corresponding field on the DER encoded
    - CSR.
    + encoded CSR. If specified, this value must also be present in `dnsNames`
    + or `ipAddresses`. This field must match the corresponding field
    + on the DER encoded CSR.
    type: string
    dnsNames:
    description: DNSNames is a list of DNS names that should be included
    @@ -24866,6 +24952,18 @@
    items:
    type: string
    type: array
    + duration:
    + description: Duration is the duration for the not after date for the
    + requested certificate. this is set on order creation as pe the ACME
    + spec.
    + type: string
    + ipAddresses:
    + description: IPAddresses is a list of IP addresses that should be
    + included as part of the Order validation process. This field must
    + match the corresponding field on the DER encoded CSR.
    + items:
    + type: string
    + type: array
    issuerRef:
    description: IssuerRef references a properly configured ACME-type
    Issuer which should be used to create this Order. If the Issuer
    @@ -24892,7 +24990,6 @@
    format: byte
    type: string
    required:
    - - dnsNames
    - issuerRef
    - request
    type: object
    @@ -25064,9 +25161,9 @@
    properties:
    commonName:
    description: CommonName is the common name as specified on the DER
    - encoded CSR. If specified, this value must also be present in `dnsNames`.
    - This field must match the corresponding field on the DER encoded
    - CSR.
    + encoded CSR. If specified, this value must also be present in `dnsNames`
    + or `ipAddresses`. This field must match the corresponding field
    + on the DER encoded CSR.
    type: string
    dnsNames:
    description: DNSNames is a list of DNS names that should be included
    @@ -25075,6 +25172,18 @@
    items:
    type: string
    type: array
    + duration:
    + description: Duration is the duration for the not after date for the
    + requested certificate. this is set on order creation as pe the ACME
    + spec.
    + type: string
    + ipAddresses:
    + description: IPAddresses is a list of IP addresses that should be
    + included as part of the Order validation process. This field must
    + match the corresponding field on the DER encoded CSR.
    + items:
    + type: string
    + type: array
    issuerRef:
    description: IssuerRef references a properly configured ACME-type
    Issuer which should be used to create this Order. If the Issuer
    @@ -25101,7 +25210,6 @@
    format: byte
    type: string
    required:
    - - dnsNames
    - issuerRef
    - request
    type: object
    @@ -25736,6 +25844,15 @@
    - get
    - list
    - watch
    +- apiGroups:
    + - acme.cert-manager.io
    + resources:
    + - challenges
    + - orders
    + verbs:
    + - get
    + - list
    + - watch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    @@ -25761,6 +25878,15 @@
    - deletecollection
    - patch
    - update
    +- apiGroups:
    + - acme.cert-manager.io
    + resources:
    + - challenges
    + - orders
    + verbs:
    + - get
    + - list
    + - watch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    @@ -26109,7 +26235,7 @@
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    - image: quay.io/jetstack/cert-manager-cainjector:v1.0.4
    + image: quay.io/jetstack/cert-manager-cainjector:v1.1.1
    imagePullPolicy: IfNotPresent
    name: cert-manager
    resources: {}
    @@ -26154,7 +26280,7 @@
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    - image: quay.io/jetstack/cert-manager-controller:v1.0.4
    + image: quay.io/jetstack/cert-manager-controller:v1.1.1
    imagePullPolicy: IfNotPresent
    name: cert-manager
    ports:
    @@ -26200,7 +26326,7 @@
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    - image: quay.io/jetstack/cert-manager-webhook:v1.0.4
    + image: quay.io/jetstack/cert-manager-webhook:v1.1.1
    imagePullPolicy: IfNotPresent
    livenessProbe:
    failureThreshold: 3
    @@ -26263,6 +26389,7 @@
    resources:
    - '*/*'
    sideEffects: None
    + timeoutSeconds: 10
    ---
    apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    @@ -26308,4 +26435,5 @@
    resources:
    - '*/*'
    sideEffects: None
    + timeoutSeconds: 10