Update specs to match cert-manager 0.15

Certificates are created automatically and not needed
2020-04-27 15:53:18 +02:00 · 2020-04-27 15:53:18 +02:00 · d09a194b1c
commit d09a194b1c
parent b22cb43579
4 changed files with 10 additions and 77 deletions
--- a/kubernetes/reverse-proxy/Certificates.yaml
+++ b/kubernetes/reverse-proxy/Certificates.yaml
@ -1,63 +0,0 @@
 # Copyright 2019 Google LLC
 #
 # Licensed under the the Apache License v2.0 with LLVM Exceptions (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     https://llvm.org/LICENSE.txt
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # -- staging ---------------
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
 metadata:
  name: results-staging-tls-cert
  namespace: cert-manager
 spec:
  commonName: results.staging.llvm-merge-guard.org
  secretName: results-staging-tls
  issuerRef:
    name: letsencrypt-staging
 ---
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
 metadata:
  name: jenkins-staging-tls-cert
  namespace: cert-manager
 spec:
  commonName: jenkins.staging.llvm-merge-guard.org
  secretName: jenkins-staging-tls
  issuerRef:
    name: letsencrypt-staging
 ---
 # -- prod ---------------
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
 metadata:
  name: results-prod-tls-cert
  namespace: cert-manager
 spec:
  commonName: results.llvm-merge-guard.org
  secretName: results-prod-tls
  issuerRef:
    name: letsencrypt-prod
 ---
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
 metadata:
  name: jenkins-prod-tls-cert
  namespace: cert-manager
 spec:
  commonName: jenkins.llvm-merge-guard.org
  secretName: jenkins-prod-tls
  issuerRef:
    name: letsencrypt-prod
 ---
--- a/kubernetes/reverse-proxy/Ingress.yaml
+++ b/kubernetes/reverse-proxy/Ingress.yaml
@ -21,7 +21,7 @@ metadata:
    # static IP assignment not working. Not sure why.
    kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
    kubernetes.io/ingress.class: "nginx"    
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: proxy-auth
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
@ -51,7 +51,7 @@ metadata:
    # static IP assignment not working. Not sure why.
    kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
    kubernetes.io/ingress.class: "nginx"    
-    cert-manager.io/issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  tls:
  - secretName: results-prod-tls
@ -74,7 +74,7 @@ spec:
 #     # static IP assignment not working. Not sure why.
 #     kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
 #     kubernetes.io/ingress.class: "nginx"    
-#     cert-manager.io/issuer: "letsencrypt-staging"
+#     cert-manager.io/cluster-issuer: "letsencrypt-staging"
 #     nginx.ingress.kubernetes.io/auth-type: basic
 #     nginx.ingress.kubernetes.io/auth-secret: proxy-auth
 #     nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
@ -104,7 +104,7 @@ spec:
 #     # static IP assignment not working. Not sure why.
 #     kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
 #     kubernetes.io/ingress.class: "nginx"    
-#     cert-manager.io/issuer: "letsencrypt-staging"
+#     cert-manager.io/cluster-issuer: "letsencrypt-staging"
 # spec:
 #   tls:
 #   - secretName: results-staging-tls
--- a/kubernetes/reverse-proxy/Issuer.yaml
+++ b/kubernetes/reverse-proxy/Issuer.yaml
@ -15,8 +15,8 @@
 # based on documentation on
 # https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1alpha2
-kind: Issuer
+kind: ClusterIssuer
 metadata:
  name: letsencrypt-staging
 spec:
@ -28,12 +28,10 @@ spec:
    solvers:
    - http01:
        ingress:
-          class:  nginx
+          class: nginx
 ---
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1alpha2
-kind: Issuer
+kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
--- a/kubernetes/reverse-proxy/basic.sh
+++ b/kubernetes/reverse-proxy/basic.sh
@ -23,10 +23,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/mast
 # install certmanager based on
 # http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html
-kubectl create namespace cert-manager
+kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml
 kubectl label namespace kube-system certmanager.k8s.io/disable-validation="true"
 kubectl create clusterrolebinding cluster-admin-binding \
  --clusterrole=cluster-admin \
  --user=$(gcloud config get-value core/account)
 kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.10.1/cert-manager.yaml