epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 11:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

[cert-manager] update cert-manager to v1.11.0 (#9661)

Browse Source
This commit is contained in:
Mohamed Zaian
2023-01-16 11:36:51 +01:00
committed by GitHub
parent 6f61f3d9cb
commit c7cffb14a7
4 changed files with 80 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
View File

@@ -18,7 +18,7 @@ kind: Namespace
metadata:
name: {{ cert_manager_namespace }}
---
# Source: cert-manager/templates/cainjector-serviceaccount.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/cainjector-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
@@ -32,7 +32,7 @@ metadata:
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "{{ cert_manager_version }}"
---
# Source: cert-manager/templates/serviceaccount.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
@@ -46,7 +46,7 @@ metadata:
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "{{ cert_manager_version }}"
---
# Source: cert-manager/templates/webhook-serviceaccount.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
@@ -60,7 +60,7 @@ metadata:
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "{{ cert_manager_version }}"
---
# Source: cert-manager/templates/webhook-config.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
@@ -73,7 +73,7 @@ metadata:
app.kubernetes.io/component: "webhook"
data:
---
# Source: cert-manager/templates/cainjector-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/cainjector-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -104,7 +104,7 @@ rules:
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch", "update"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# Issuer controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -130,7 +130,7 @@ rules:
resources: ["events"]
verbs: ["create", "patch"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# ClusterIssuer controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -156,7 +156,7 @@ rules:
resources: ["events"]
verbs: ["create", "patch"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# Certificates controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -191,7 +191,7 @@ rules:
resources: ["events"]
verbs: ["create", "patch"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# Orders controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -229,7 +229,7 @@ rules:
resources: ["events"]
verbs: ["create", "patch"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# Challenges controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -289,7 +289,7 @@ rules:
resources: ["secrets"]
verbs: ["get", "list", "watch"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# ingress-shim controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -327,7 +327,7 @@ rules:
resources: ["events"]
verbs: ["create", "patch"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -349,7 +349,7 @@ rules:
resources: ["challenges", "orders"]
verbs: ["get", "list", "watch"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -373,7 +373,7 @@ rules:
resources: ["challenges", "orders"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -391,7 +391,7 @@ rules:
verbs: ["approve"]
resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# Permission to:
# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers
# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
@@ -420,7 +420,7 @@ rules:
resources: ["subjectaccessreviews"]
verbs: ["create"]
---
# Source: cert-manager/templates/webhook-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -436,7 +436,7 @@ rules:
resources: ["subjectaccessreviews"]
verbs: ["create"]
---
# Source: cert-manager/templates/cainjector-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/cainjector-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -456,7 +456,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -476,7 +476,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates//rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -496,7 +496,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -516,7 +516,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -536,7 +536,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -556,7 +556,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -576,7 +576,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -596,7 +596,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -616,7 +616,7 @@ subjects:
namespace: {{ cert_manager_namespace }}
kind: ServiceAccount
---
# Source: cert-manager/templates/webhook-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -637,7 +637,7 @@ subjects:
name: cert-manager-webhook
namespace: {{ cert_manager_namespace }}
---
# Source: cert-manager/templates/cainjector-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/cainjector-rbac.yaml
# leader election rules
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@@ -664,7 +664,7 @@ rules:
resources: ["leases"]
verbs: ["create"]
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -685,7 +685,7 @@ rules:
resources: ["leases"]
verbs: ["create"]
---
# Source: cert-manager/templates/webhook-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -708,7 +708,7 @@ rules:
resources: ["secrets"]
verbs: ["create"]
---
# Source: cert-manager/templates/cainjector-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/cainjector-rbac.yaml
# grant cert-manager permission to manage the leaderelection configmap in the
# leader election namespace
apiVersion: rbac.authorization.k8s.io/v1
@@ -731,7 +731,7 @@ subjects:
name: cert-manager-cainjector
namespace: {{ cert_manager_namespace }}
---
# Source: cert-manager/templates/rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/rbac.yaml
# grant cert-manager permission to manage the leaderelection configmap in the
# leader election namespace
apiVersion: rbac.authorization.k8s.io/v1
@@ -755,7 +755,7 @@ subjects:
name: cert-manager
namespace: {{ cert_manager_namespace }}
---
# Source: cert-manager/templates/webhook-rbac.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
@@ -777,7 +777,7 @@ subjects:
name: cert-manager-webhook
namespace: {{ cert_manager_namespace }}
---
# Source: cert-manager/templates/service.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
@@ -801,7 +801,7 @@ spec:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
---
# Source: cert-manager/templates/webhook-service.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-service.yaml
apiVersion: v1
kind: Service
metadata:
@@ -825,7 +825,7 @@ spec:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
---
# Source: cert-manager/templates/cainjector-deployment.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/cainjector-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -902,7 +902,7 @@ metadata:
namespace: {{ cert_manager_namespace }}
---
{% endif %}
# Source: cert-manager/templates/deployment.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -988,7 +988,7 @@ spec:
name: ca-internal-truststore
{% endif %}
---
# Source: cert-manager/templates/webhook-deployment.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -1086,7 +1086,7 @@ spec:
{{ cert_manager_affinity | to_nice_yaml | indent(width=8) }}
{% endif %}
---
# Source: cert-manager/templates/webhook-mutating-webhook.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
@@ -1127,7 +1127,7 @@ webhooks:
namespace: {{ cert_manager_namespace }}
path: /mutate
---
# Source: cert-manager/templates/webhook-validating-webhook.yaml
# Source: cert-manager/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata: