External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-01 01:28:11 -03:30
Code Issues Packages Projects Releases Wiki Activity

[cert-manager] Upgrade to v1.10.1 (#9512)

Browse Source
This commit is contained in:
rtsp
2022-11-29 22:17:26 +07:00
committed by GitHub
parent 47510899c7
commit 529faeea9e
4 changed files with 1731 additions and 1643 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/download/defaults/main.yml
View File

@@ -1044,7 +1044,7 @@ ingress_nginx_kube_webhook_certgen_imae_repo: "{{ kube_image_repo }}/ingress-ngi
ingress_nginx_kube_webhook_certgen_imae_tag: "v1.3.0"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.9"
cert_manager_version: "v1.9.1"
cert_manager_version: "v1.10.1"
cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller"
cert_manager_controller_image_tag: "{{ cert_manager_version }}"
cert_manager_cainjector_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-cainjector"

3339
roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.crds.yml.j2
View File

File diff suppressed because it is too large Load Diff

31
roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
View File

@@ -1,4 +1,4 @@
# Copyright 2021 The cert-manager Authors.
# Copyright 2022 The cert-manager Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -856,8 +856,10 @@ spec:
serviceAccountName: cert-manager-cainjector
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager
- name: cert-manager-cainjector
image: "{{ cert_manager_cainjector_image_repo }}:{{ cert_manager_cainjector_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
args:
@@ -871,7 +873,8 @@ spec:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
@@ -933,10 +936,11 @@ spec:
spec:
serviceAccountName: cert-manager
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager
- name: cert-manager-controller
image: "{{ cert_manager_controller_image_repo }}:{{ cert_manager_controller_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
args:
@@ -950,7 +954,8 @@ spec:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
@@ -1014,8 +1019,10 @@ spec:
serviceAccountName: cert-manager-webhook
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager
- name: cert-manager-webhook
image: "{{ cert_manager_webhook_image_repo }}:{{ cert_manager_webhook_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
args:
@@ -1023,11 +1030,16 @@ spec:
- --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
- --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.$(POD_NAMESPACE),cert-manager-webhook.$(POD_NAMESPACE).svc
- --dynamic-serving-dns-names=cert-manager-webhook
- --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)
- --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc
ports:
- name: https
protocol: TCP
containerPort: 10250
- name: healthcheck
protocol: TCP
containerPort: 6080
livenessProbe:
httpGet:
path: /livez
@@ -1051,7 +1063,8 @@ spec:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault