From 613858aa6d7019e7cd2ed413054efa4285c3108d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20R=C3=BCegg?= <simon.ruegg@vshn.ch>
Date: Thu, 24 Jan 2019 08:38:29 +0100
Subject: [PATCH 1/3] Add RBAC rules for finalizers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For the cert-manager to be able to set ownerReferences, the RBAC rules
for finalizers need to be in place.

Fixes #1257

Signed-off-by: Simon Rüegg <simon.ruegg@vshn.ch>
---
 deploy/charts/cert-manager/templates/rbac.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/charts/cert-manager/templates/rbac.yaml b/deploy/charts/cert-manager/templates/rbac.yaml
index 4d3532073..cf4cb0a5d 100644
--- a/deploy/charts/cert-manager/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/templates/rbac.yaml
@@ -10,7 +10,7 @@ metadata:
     heritage: {{ .Release.Service }}
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers", "clusterissuers", "orders", "challenges"]
+    resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"]
     verbs: ["*"]
   - apiGroups: [""]
     resources: ["configmaps", "secrets", "events", "services", "pods"]

From 30b39fa0f20c572f2f378f4663266c4f7702384a Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Mon, 28 Jan 2019 10:05:32 +0000
Subject: [PATCH 2/3] Run 'bazel run //hack:update-deploy-gen'

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 deploy/manifests/cert-manager-no-webhook.yaml | 2 +-
 deploy/manifests/cert-manager.yaml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/manifests/cert-manager-no-webhook.yaml b/deploy/manifests/cert-manager-no-webhook.yaml
index 0c70ec82b..e876cf692 100644
--- a/deploy/manifests/cert-manager-no-webhook.yaml
+++ b/deploy/manifests/cert-manager-no-webhook.yaml
@@ -171,7 +171,7 @@ metadata:
     heritage: Tiller
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers", "clusterissuers", "orders", "challenges"]
+    resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"]
     verbs: ["*"]
   - apiGroups: [""]
     resources: ["configmaps", "secrets", "events", "services", "pods"]
diff --git a/deploy/manifests/cert-manager.yaml b/deploy/manifests/cert-manager.yaml
index a1c4b414e..8657167e4 100644
--- a/deploy/manifests/cert-manager.yaml
+++ b/deploy/manifests/cert-manager.yaml
@@ -184,7 +184,7 @@ metadata:
     heritage: Tiller
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers", "clusterissuers", "orders", "challenges"]
+    resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"]
     verbs: ["*"]
   - apiGroups: [""]
     resources: ["configmaps", "secrets", "events", "services", "pods"]

From a8e32ed1a7c3f9fe4f6126b028f1e1e1443ebca4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20R=C3=BCegg?= <simon@rueggs.ch>
Date: Tue, 29 Jan 2019 20:35:02 +0100
Subject: [PATCH 3/3] Bump chart version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Simon Rüegg <simon@rueggs.ch>
---
 deploy/charts/cert-manager/Chart.yaml         |  2 +-
 deploy/manifests/cert-manager-no-webhook.yaml | 12 ++++++------
 deploy/manifests/cert-manager.yaml            | 12 ++++++------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/deploy/charts/cert-manager/Chart.yaml b/deploy/charts/cert-manager/Chart.yaml
index c29fbdd24..8240f52da 100644
--- a/deploy/charts/cert-manager/Chart.yaml
+++ b/deploy/charts/cert-manager/Chart.yaml
@@ -1,5 +1,5 @@
 name: cert-manager
-version: v0.6.2
+version: v0.6.3
 appVersion: v0.6.0
 description: A Helm chart for cert-manager
 home: https://github.com/jetstack/cert-manager
diff --git a/deploy/manifests/cert-manager-no-webhook.yaml b/deploy/manifests/cert-manager-no-webhook.yaml
index e876cf692..b881a13bf 100644
--- a/deploy/manifests/cert-manager-no-webhook.yaml
+++ b/deploy/manifests/cert-manager-no-webhook.yaml
@@ -155,7 +155,7 @@ metadata:
   namespace: "cert-manager"
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 ---
@@ -166,7 +166,7 @@ metadata:
   name: cert-manager
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 rules:
@@ -186,7 +186,7 @@ metadata:
   name: cert-manager
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 roleRef:
@@ -204,7 +204,7 @@ metadata:
   name: cert-manager-view
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
     rbac.authorization.k8s.io/aggregate-to-view: "true"
@@ -221,7 +221,7 @@ metadata:
   name: cert-manager-edit
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -239,7 +239,7 @@ metadata:
   namespace: "cert-manager"
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 spec:
diff --git a/deploy/manifests/cert-manager.yaml b/deploy/manifests/cert-manager.yaml
index 8657167e4..d71271f8b 100644
--- a/deploy/manifests/cert-manager.yaml
+++ b/deploy/manifests/cert-manager.yaml
@@ -168,7 +168,7 @@ metadata:
   namespace: "cert-manager"
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 ---
@@ -179,7 +179,7 @@ metadata:
   name: cert-manager
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 rules:
@@ -199,7 +199,7 @@ metadata:
   name: cert-manager
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 roleRef:
@@ -217,7 +217,7 @@ metadata:
   name: cert-manager-view
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
     rbac.authorization.k8s.io/aggregate-to-view: "true"
@@ -234,7 +234,7 @@ metadata:
   name: cert-manager-edit
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -397,7 +397,7 @@ metadata:
   namespace: "cert-manager"
   labels:
     app: cert-manager
-    chart: cert-manager-v0.6.2
+    chart: cert-manager-v0.6.3
     release: cert-manager
     heritage: Tiller
 spec: