From d09a194b1c3dfd34c9b399edb83aa1cf3284603c Mon Sep 17 00:00:00 2001 From: Mikhail Goncharov Date: Mon, 27 Apr 2020 15:53:18 +0200 Subject: [PATCH] Update specs to match cert-manager 0.15 Certificates are created automatically and not needed --- kubernetes/reverse-proxy/Certificates.yaml | 63 ---------------------- kubernetes/reverse-proxy/Ingress.yaml | 8 +-- kubernetes/reverse-proxy/Issuer.yaml | 12 ++--- kubernetes/reverse-proxy/basic.sh | 4 +- 4 files changed, 10 insertions(+), 77 deletions(-) delete mode 100644 kubernetes/reverse-proxy/Certificates.yaml diff --git a/kubernetes/reverse-proxy/Certificates.yaml b/kubernetes/reverse-proxy/Certificates.yaml deleted file mode 100644 index b4912fd..0000000 --- a/kubernetes/reverse-proxy/Certificates.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the the Apache License v2.0 with LLVM Exceptions (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://llvm.org/LICENSE.txt -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -- staging --------------- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: results-staging-tls-cert - namespace: cert-manager -spec: - commonName: results.staging.llvm-merge-guard.org - secretName: results-staging-tls - issuerRef: - name: letsencrypt-staging - ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: jenkins-staging-tls-cert - namespace: cert-manager -spec: - commonName: jenkins.staging.llvm-merge-guard.org - secretName: jenkins-staging-tls - issuerRef: - name: letsencrypt-staging - ---- -# -- prod --------------- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: results-prod-tls-cert - namespace: cert-manager -spec: - commonName: results.llvm-merge-guard.org - secretName: results-prod-tls - issuerRef: - name: letsencrypt-prod - ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: jenkins-prod-tls-cert - namespace: cert-manager -spec: - commonName: jenkins.llvm-merge-guard.org - secretName: jenkins-prod-tls - issuerRef: - name: letsencrypt-prod ---- \ No newline at end of file diff --git a/kubernetes/reverse-proxy/Ingress.yaml b/kubernetes/reverse-proxy/Ingress.yaml index 95bc1d1..40739dd 100644 --- a/kubernetes/reverse-proxy/Ingress.yaml +++ b/kubernetes/reverse-proxy/Ingress.yaml @@ -21,7 +21,7 @@ metadata: # static IP assignment not working. Not sure why. kubernetes.io/ingress.global-static-ip-name: "web-static-ip" kubernetes.io/ingress.class: "nginx" - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/auth-secret: proxy-auth nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks" @@ -51,7 +51,7 @@ metadata: # static IP assignment not working. Not sure why. kubernetes.io/ingress.global-static-ip-name: "web-static-ip" kubernetes.io/ingress.class: "nginx" - cert-manager.io/issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: tls: - secretName: results-prod-tls @@ -74,7 +74,7 @@ spec: # # static IP assignment not working. Not sure why. # kubernetes.io/ingress.global-static-ip-name: "web-static-ip" # kubernetes.io/ingress.class: "nginx" -# cert-manager.io/issuer: "letsencrypt-staging" +# cert-manager.io/cluster-issuer: "letsencrypt-staging" # nginx.ingress.kubernetes.io/auth-type: basic # nginx.ingress.kubernetes.io/auth-secret: proxy-auth # nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks" @@ -104,7 +104,7 @@ spec: # # static IP assignment not working. Not sure why. # kubernetes.io/ingress.global-static-ip-name: "web-static-ip" # kubernetes.io/ingress.class: "nginx" -# cert-manager.io/issuer: "letsencrypt-staging" +# cert-manager.io/cluster-issuer: "letsencrypt-staging" # spec: # tls: # - secretName: results-staging-tls diff --git a/kubernetes/reverse-proxy/Issuer.yaml b/kubernetes/reverse-proxy/Issuer.yaml index 75e934c..d247f79 100644 --- a/kubernetes/reverse-proxy/Issuer.yaml +++ b/kubernetes/reverse-proxy/Issuer.yaml @@ -15,8 +15,8 @@ # based on documentation on # https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Issuer +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer metadata: name: letsencrypt-staging spec: @@ -28,12 +28,10 @@ spec: solvers: - http01: ingress: - class: nginx - - + class: nginx --- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Issuer +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer metadata: name: letsencrypt-prod spec: diff --git a/kubernetes/reverse-proxy/basic.sh b/kubernetes/reverse-proxy/basic.sh index 80205a2..a82306c 100755 --- a/kubernetes/reverse-proxy/basic.sh +++ b/kubernetes/reverse-proxy/basic.sh @@ -23,10 +23,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/mast # install certmanager based on # http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html -kubectl create namespace cert-manager -kubectl label namespace kube-system certmanager.k8s.io/disable-validation="true" +kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml kubectl create clusterrolebinding cluster-admin-binding \ --clusterrole=cluster-admin \ --user=$(gcloud config get-value core/account) -kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.10.1/cert-manager.yaml