Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade JetStack Cert-Manager to v0.15.2 #6389

Closed
wants to merge 107 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
107 commits
Select commit Hold shift + click to select a range
18217cf
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
fd046bb
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
a9fc15e
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
6d3e81f
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 11, 2020
5bdc4cc
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
02b64b2
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
32c3f0f
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
c222294
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
0c4ea5e
Upgrade JetStack Cert-Manager to v0.15.2
floryut Jun 30, 2020
7402d1d
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
7541585
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
6705628
Merge branch 'master' into cert-manager-upgrade
bmelbourne Jul 16, 2020
3359b2d
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
7746fe9
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
3c4c917
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
984d014
Upgrade JetStack Cert-Manager to v0.15.2
floryut Jun 30, 2020
f70046e
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
9c45e84
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
472625b
Upgrade JetStack Cert-Manager to v0.15.2
floryut Jun 30, 2020
504f8a1
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
2491aee
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
740ba8c
Downgrade Cert-Manager to v0.11.1 to identify CI build issues
bmelbourne Jul 16, 2020
1d317c6
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
46f08c9
Upgrade JetStack Cert-Manager to v0.15.2
floryut Jun 30, 2020
6cc9b08
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
78ad7e6
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
21cd7a2
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
1e17439
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
68bb2d6
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
d2615a7
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
7c72d5c
Downgrade Cert-Manager to v0.11.1 to identify CI build issues
bmelbourne Jul 16, 2020
a2fa93a
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
1c73a27
Downgrade Cert-Manager to v0.11.1 to identify CI build issues
bmelbourne Jul 16, 2020
d9b9f2c
Downgrade Cert-Manager to v0.11.1 to identify CI build issues
bmelbourne Jul 16, 2020
809c2be
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
e146d60
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
7a70613
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
e86325d
Upgrade JetStack Cert-Manager to v0.15.2
floryut Jun 30, 2020
8d2850f
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
d073d19
Upgrade JetStack Cert-Manager to v0.15.2
floryut Jun 30, 2020
24541e7
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
940c5c3
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
c1b03e1
Upgrade JetStack Cert-Manager to v0.15.2
floryut Jun 30, 2020
c007adb
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
c9b38a7
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
9f24a6e
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
4b45d52
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
00524b6
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
95d384e
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
a1dfaa7
Downgrade Cert-Manager to v0.11.1 to identify CI build issues
bmelbourne Jul 16, 2020
c69fe53
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
6e15d4a
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
1fb484d
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
3a2129f
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
c0d65a9
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 11, 2020
ff0223c
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
fbe77e4
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
aec4069
Downgrade Cert-Manager to v0.11.1 to identify CI build issues
bmelbourne Jul 16, 2020
9ade15a
Downgrade Cert-Manager to v0.11.1 to identify CI build issues
bmelbourne Jul 16, 2020
6b9140c
Merge branch 'cert-manager-upgrade' of https://github.com/bmelbourne/…
bmelbourne Jul 16, 2020
70eea5c
Revert "Downgrade Cert-Manager to v0.11.1 to identify CI build issues"
bmelbourne Jul 16, 2020
39afd77
Revert "Downgrade Cert-Manager to v0.11.1 to identify CI build issues"
bmelbourne Jul 16, 2020
15b0214
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
8c74d65
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
dba7a62
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
2a9b2d4
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
7f5112e
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
81bd5cd
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
467d50b
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
1c6e5d3
Revert "Downgrade Cert-Manager to v0.11.1 to identify CI build issues"
bmelbourne Jul 16, 2020
7e86694
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
8822806
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
977a1e8
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
662be6e
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
b15cdc6
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
8fe2b58
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
fd1aa8c
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
725faa1
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
ad59019
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
ceb996d
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
dd35437
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
2cc06fc
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
94dfc8b
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
eda40e0
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
d46e829
Revert "Downgrade Cert-Manager to v0.11.1 to identify CI build issues"
bmelbourne Jul 16, 2020
36b197b
Revert "Merge branch 'cert-manager-upgrade' of https://github.com/bme…
bmelbourne Jul 16, 2020
b8dbc5f
Revert "Downgrade Cert-Manager to v0.11.1 to identify CI build issues"
bmelbourne Jul 16, 2020
bcb1d0d
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
47e2e9b
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
24bedd7
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
5754448
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
caffdb1
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
cb69ec6
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
20301e3
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
09029a9
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
fc135cf
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
7219ed7
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
9077c59
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
97b3674
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
fbc4c5a
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
92aef26
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
ba23c15
Revert "Merge branch 'master' into cert-manager-upgrade"
bmelbourne Jul 16, 2020
85a4fe7
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
bda8a24
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
28197d5
Upgrade JetStack Cert-Manager to v0.15.2
bmelbourne Jul 16, 2020
17bc053
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
843417f
Revert "Upgrade JetStack Cert-Manager to v0.15.2"
bmelbourne Jul 16, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Upgrade JetStack Cert-Manager to v0.15.2
  • Loading branch information
bmelbourne committed Jul 16, 2020
commit 78ad7e648c592146a1c6f611bec2964b975c3acf
12 changes: 12 additions & 0 deletions roles/kubernetes-apps/ingress_controller/cert_manager/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,11 @@ Integration with other PKI/Certificate management solutions, such as HashiCorp V

If you're planning to secure your ingress resources using TLS client certificates, you'll need to create and deploy the Kubernetes `ca-key-pair` secret consisting of the Root CA certificate and key to your K8s cluster.

<<<<<<< HEAD
If these are already available, simply update `templates\secret-cert-manager.yml.j2` with the base64 encoded values of your TLS Root CA certificate and key prior to enabling and deploying cert-manager.
=======
If these are already available, simply update `templates\secret-cert-manager.yml.j2` with the base64 encoded values of your TLS Root CA certificate and key prior to enabling and deploying cert-manager.
>>>>>>> a9fc15ec... Upgrade JetStack Cert-Manager to v0.15.2

e.g.

Expand Down Expand Up @@ -88,7 +92,11 @@ $ sudo apt-get install -y golang-cfssl

#### Create Root Certificate Authority (CA) Configuration File

<<<<<<< HEAD
The default TLS certificate expiry time period is `8760h` which is 5 years from the date the certificate is created.
=======
The default TLS certificate expiry time period is `8760h` which is 5 years from the date the certificate is created.
>>>>>>> a9fc15ec... Upgrade JetStack Cert-Manager to v0.15.2

```shell
$ cat > ca-config.json <<EOF
Expand Down Expand Up @@ -164,7 +172,11 @@ Certificate:
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
<<<<<<< HEAD
X509v3 Subject Key Identifier:
=======
X509v3 Subject Key Identifier:
>>>>>>> a9fc15ec... Upgrade JetStack Cert-Manager to v0.15.2
D4:38:B5:E2:26:49:5E:0D:E3:DC:D9:70:73:3B:C4:19:6A:43:4A:F2
...
```
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,27 @@
when:
- inventory_hostname == groups['kube-master'][0]

<<<<<<< HEAD
- name: Cert Manager | Wait for Webhook pods become ready
command: "{{ bin_dir }}/kubectl wait po --namespace={{ cert_manager_namespace }} --selector app=webhook --for=condition=Ready --timeout=600s"
register: cert_manager_webhook_pods_ready
when: inventory_hostname == groups['kube-master'][0]
=======
- name: Cert Manager | Wait for all Webhook pods become created
command: "kubectl get po --namespace={{ cert_manager_namespace }} --output=jsonpath='{.items[*].metadata.name}'"
with_items:
- cert-manager-webhook
register: cert_manager_webhook_pods_created
until: item in cert_manager_webhook_pods_created.stdout
when: inventory_hostname == groups['kube-master'][0]
retries: 10
delay: 30

- name: Cert Manager | Wait for Webhook pods become ready
shell: "kubectl wait po --namespace={{ cert_manager_namespace }} --selector app=webhook --for=condition=Ready --timeout=600s"
register: cert_manager_webhook_pods_ready
when: inventory_hostname == groups['kube-master'][0] and cert_manager_webhook_pods_created is succeeded
>>>>>>> a9fc15ec... Upgrade JetStack Cert-Manager to v0.15.2

- name: Cert Manager | Create ClusterIssuer manifest
template:
Expand Down
8 changes: 8 additions & 0 deletions roles/upgrade/pre-upgrade/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,15 @@
# Node NotReady: type = ready, status = Unknown
- name: See if node is in ready state
shell: >-
<<<<<<< HEAD
<<<<<<< HEAD
{{ bin_dir }}/kubectl get node {{ kube_override_hostname|default(inventory_hostname) }}
=======
{{ bin_dir }}/kubectl get node {{ inventory_hostname }}
>>>>>>> 32c3f0f5... Upgrade JetStack Cert-Manager to v0.15.2
=======
{{ bin_dir }}/kubectl get node {{ inventory_hostname }}
>>>>>>> a9fc15ec... Upgrade JetStack Cert-Manager to v0.15.2
-o jsonpath='{ range .status.conditions[?(@.type == "Ready")].status }{ @ }{ end }'
register: kubectl_node_ready
delegate_to: "{{ groups['kube-master'][0] }}"
Expand All @@ -18,11 +22,15 @@
# else unschedulable key doesn't exist
- name: See if node is schedulable
shell: >-
<<<<<<< HEAD
<<<<<<< HEAD
{{ bin_dir }}/kubectl get node {{ kube_override_hostname|default(inventory_hostname) }}
=======
{{ bin_dir }}/kubectl get node {{ inventory_hostname }}
>>>>>>> 32c3f0f5... Upgrade JetStack Cert-Manager to v0.15.2
=======
{{ bin_dir }}/kubectl get node {{ inventory_hostname }}
>>>>>>> a9fc15ec... Upgrade JetStack Cert-Manager to v0.15.2
-o jsonpath='{ .spec.unschedulable }'
register: kubectl_node_schedulable
delegate_to: "{{ groups['kube-master'][0] }}"
Expand Down