diff --git a/README.md b/README.md index 4d3c020b8..7303d9db8 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,33 @@ namespaces. ### 0. Pre-requisites -* Kubernetes cluster with CustomResourceDefinitions enabled (1.7+) (see [#49](https://github.com/jetstack-experimental/cert-manager/issues/49)) +* Kubernetes cluster with CustomResourceDefinitions or ThirdPartyResource +support + +cert-manager uses custom resources/third party resources to represent +Certificates and Issuers. In order for cert-manager to do this, we must +register our custom API types with the Kubernetes API server. How we do this +varies slightly from Kubernetes 1.7 onwards: + +#### Kubernetes 1.7 and later + +Kubernetes 1.7 introduced [CustomResourceDefinitions](https://kubernetes.io/docs/concepts/api-extension/custom-resources/). +A pre-made CRD for cert-manager is in `docs/crd.yaml`. We can install it with: + +``` +$ kubectl create -f https://raw.githubusercontent.com/jetstack-experimental/cert-manager/master/docs/crd.yaml +``` + +#### Kubernetes 1.6 and below + +As Kubernetes 1.6 does not support CustomResourceDefinitions, we must instead +use ThirdPartyResources, the older, now deprecated version of +CustomResourceDefinition. A pre-made TPR for cert-manager is in +`docs/tpr.yaml`. We can install it with: + +``` +$ kubectl create -f https://raw.githubusercontent.com/jetstack-experimental/cert-manager/master/docs/tpr.yaml +``` ### 1. Deploy cert-manager diff --git a/cmd/controller/crd.go b/cmd/controller/crd.go deleted file mode 100644 index abfbfc58f..000000000 --- a/cmd/controller/crd.go +++ /dev/null @@ -1,70 +0,0 @@ -package main - -import ( - "fmt" - "log" - "time" - - apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" - apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" - apiErrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/wait" -) - -func CreateCustomResourceDefinition(clientset apiextensionsclient.Interface, name, groupName, version, plural, kind string) (*apiextensionsv1beta1.CustomResourceDefinition, error) { - crd := &apiextensionsv1beta1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - }, - Spec: apiextensionsv1beta1.CustomResourceDefinitionSpec{ - Group: groupName, - Version: version, - Scope: apiextensionsv1beta1.NamespaceScoped, - Names: apiextensionsv1beta1.CustomResourceDefinitionNames{ - Plural: plural, - Kind: kind, - }, - }, - } - crd, err := clientset.ApiextensionsV1beta1().CustomResourceDefinitions().Create(crd) - if err != nil { - if apiErrors.IsAlreadyExists(err) { - return crd, nil - } - return nil, err - } - - // wait for CRD being established - err = wait.Poll(500*time.Millisecond, 60*time.Second, func() (bool, error) { - crd, err = clientset.ApiextensionsV1beta1().CustomResourceDefinitions().Get(name, metav1.GetOptions{}) - if err != nil { - return false, err - } - for _, cond := range crd.Status.Conditions { - switch cond.Type { - case apiextensionsv1beta1.Established: - if cond.Status == apiextensionsv1beta1.ConditionTrue { - return true, err - } - case apiextensionsv1beta1.NamesAccepted: - if cond.Status == apiextensionsv1beta1.ConditionFalse { - fmt.Printf("Name conflict: %v\n", cond.Reason) - } - } - } - return false, err - }) - - if err != nil { - deleteErr := clientset.ApiextensionsV1beta1().CustomResourceDefinitions().Delete(name, nil) - if deleteErr != nil { - return nil, errors.NewAggregate([]error{err, deleteErr}) - } - return nil, err - } - - log.Printf("Registered CustomResourceDefinition for apiVersion=%s/%s kind=%s", groupName, version, kind) - return crd, nil -} diff --git a/cmd/controller/main.go b/cmd/controller/main.go index c7fe3443b..7c165af11 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -21,7 +21,6 @@ import ( "fmt" "time" - apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" _ "k8s.io/client-go/plugin/pkg/client/auth" @@ -54,10 +53,6 @@ func main() { log.Fatalf("error getting in-cluster config: %s", err.Error()) } - if err := registerCRDResources(cfg); err != nil { - log.Fatalf("error registering custom resource definition with API server: %s", err.Error()) - } - cl, err := kubernetes.NewForConfig(cfg) if err != nil { @@ -123,20 +118,3 @@ func kubeConfig(apiServerHost string) (*rest.Config, error) { return cfg, nil } - -func registerCRDResources(config *rest.Config) error { - apiextensionsclientset, err := apiextensionsclient.NewForConfig(config) - if err != nil { - return err - } - - if _, err := CreateCustomResourceDefinition(apiextensionsclientset, "certificates.certmanager.k8s.io", "certmanager.k8s.io", "v1alpha1", "certificates", "Certificate"); err != nil { - return err - } - - if _, err := CreateCustomResourceDefinition(apiextensionsclientset, "issuers.certmanager.k8s.io", "certmanager.k8s.io", "v1alpha1", "issuers", "Issuer"); err != nil { - return err - } - - return nil -} diff --git a/docs/tpr.yaml b/docs/tpr.yaml new file mode 100644 index 000000000..3cc2dd650 --- /dev/null +++ b/docs/tpr.yaml @@ -0,0 +1,15 @@ +apiVersion: extensions/v1beta1 +kind: ThirdPartyResource +metadata: + name: certificate.certmanager.k8s.io +description: "A specification for a cert-manager certificate" +versions: +- name: v1alpha1 +--- +apiVersion: extensions/v1beta1 +kind: ThirdPartyResource +metadata: + name: issuer.certmanager.k8s.io +description: "A specification for a cert-manager issuer" +versions: +- name: v1alpha1