Update deployment manifests for new API group

Signed-off-by: James Munnelly <james@munnelly.eu>
2019-09-23 12:03:50 +01:00 · 2019-09-23 12:03:50 +01:00 · 75a65de98a
commit 75a65de98a
parent 1e9ea942d5
9 changed files with 39 additions and 39 deletions
--- a/deploy/charts/cert-manager/README.md
+++ b/deploy/charts/cert-manager/README.md
@ -29,10 +29,10 @@ $ oc create \

 ## IMPORTANT: if the cert-manager namespace **already exists**, you MUST ensure
 ## it has an additional label on it in order for the deployment to succeed
-$ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true"
+$ kubectl label namespace cert-manager cert-manager.io/disable-validation="true"

 ## For openshift:
-$ oc label namespace cert-manager certmanager.k8s.io/disable-validation=true
+$ oc label namespace cert-manager cert-manager.io/disable-validation=true

 ## Add the Jetstack Helm repository
 $ helm repo add jetstack https://charts.jetstack.io
--- a/deploy/charts/cert-manager/cainjector/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/cainjector/templates/rbac.yaml
@ -10,7 +10,7 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ include "cainjector.chart" . }}
 rules:
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
--- a/deploy/charts/cert-manager/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/templates/rbac.yaml
@ -30,10 +30,10 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ template "cert-manager.chart" . }}
 rules:
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["issuers", "issuers/status"]
    verbs: ["update"]
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["issuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
@ -57,10 +57,10 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ template "cert-manager.chart" . }}
 rules:
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["clusterissuers", "clusterissuers/status"]
    verbs: ["update"]
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["clusterissuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
@ -84,16 +84,16 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ template "cert-manager.chart" . }}
 rules:
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
    verbs: ["update"]
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
    verbs: ["get", "list", "watch"]
  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
  # admission controller enabled:
  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates/finalizers"]
    verbs: ["update"]
  - apiGroups: ["acme.cert-manager.io"]
@ -126,7 +126,7 @@ rules:
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["orders", "challenges"]
    verbs: ["get", "list", "watch"]
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["clusterissuers", "issuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["acme.cert-manager.io"]
@ -168,7 +168,7 @@ rules:
    resources: ["challenges"]
    verbs: ["get", "list", "watch"]
  # Used to watch challenges, issuer and clusterissuer resources
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["issuers", "clusterissuers"]
    verbs: ["get", "list", "watch"]
  # Need to be able to retrieve ACME account private key to complete challenges
@ -219,10 +219,10 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ template "cert-manager.chart" . }}
 rules:
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests"]
    verbs: ["create", "update", "delete"]
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["extensions"]
@ -401,7 +401,7 @@ metadata:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "issuers"]
    verbs: ["get", "list", "watch"]

@ -420,7 +420,7 @@ metadata:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
-  - apiGroups: ["certmanager.k8s.io"]
+  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "issuers"]
    verbs: ["create", "delete", "deletecollection", "patch", "update"]

--- a/deploy/charts/cert-manager/templates/webhook-apiservice.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-apiservice.yaml
@ -2,7 +2,7 @@
 apiVersion: apiregistration.k8s.io/v1beta1
 kind: APIService
 metadata:
-  name: v1beta1.webhook.certmanager.k8s.io
+  name: v1beta1.webhook.cert-manager.io
  labels:
    app: {{ include "webhook.name" . }}
    app.kubernetes.io/name: {{ include "webhook.name" . }}
@ -10,9 +10,9 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ include "webhook.chart" . }}
  annotations:
-    certmanager.k8s.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ include "webhook.servingCertificate" . }}"
+    cert-manager.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ include "webhook.servingCertificate" . }}"
 spec:
-  group: webhook.certmanager.k8s.io
+  group: webhook.cert-manager.io
  groupPriorityMinimum: 1000
  versionPriority: 15
  service:
--- a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
@ -11,13 +11,13 @@ metadata:
    helm.sh/chart: {{ include "webhook.chart" . }}
  annotations:
 {{- if .Values.webhook.injectAPIServerCA }}
-    certmanager.k8s.io/inject-apiserver-ca: "true"
+    cert-manager.io/inject-apiserver-ca: "true"
 {{- end }}
 webhooks:
-  - name: webhook.certmanager.k8s.io
+  - name: webhook.cert-manager.io
    rules:
      - apiGroups:
-          - "certmanager.k8s.io"
+          - "cert-manager.io"
        apiVersions:
          - v1alpha2
        operations:
@ -35,5 +35,5 @@ webhooks:
      service:
        name: kubernetes
        namespace: default
-        path: /apis/webhook.certmanager.k8s.io/v1beta1/mutations
+        path: /apis/webhook.cert-manager.io/v1beta1/mutations
 {{- end -}}
--- a/deploy/charts/cert-manager/templates/webhook-rbac.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-rbac.yaml
@ -64,7 +64,7 @@ metadata:
    helm.sh/chart: {{ include "webhook.chart" . }}
 rules:
 - apiGroups:
-  - admission.certmanager.k8s.io
+  - admission.cert-manager.io
  resources:
  - certificates
  - certificaterequests
--- a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
@ -11,13 +11,13 @@ metadata:
    helm.sh/chart: {{ include "webhook.chart" . }}
  annotations:
 {{- if .Values.webhook.injectAPIServerCA }}
-    certmanager.k8s.io/inject-apiserver-ca: "true"
+    cert-manager.io/inject-apiserver-ca: "true"
 {{- end }}
 webhooks:
-  - name: webhook.certmanager.k8s.io
+  - name: webhook.cert-manager.io
    namespaceSelector:
      matchExpressions:
-      - key: "certmanager.k8s.io/disable-validation"
+      - key: "cert-manager.io/disable-validation"
        operator: "NotIn"
        values:
        - "true"
@ -27,7 +27,7 @@ webhooks:
        - {{ .Release.Namespace }}
    rules:
      - apiGroups:
-          - "certmanager.k8s.io"
+          - "cert-manager.io"
        apiVersions:
          - v1alpha2
        operations:
@ -44,5 +44,5 @@ webhooks:
      service:
        name: kubernetes
        namespace: default
-        path: /apis/webhook.certmanager.k8s.io/v1beta1/validations
+        path: /apis/webhook.cert-manager.io/v1beta1/validations
 {{- end -}}
--- a/deploy/manifests/00-crds.yaml
+++ b/deploy/manifests/00-crds.yaml
@ -1584,7 +1584,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  creationTimestamp: null
-  name: certificaterequests.certmanager.k8s.io
+  name: certificaterequests.cert-manager.io
 spec:
  additionalPrinterColumns:
  - JSONPath: .status.conditions[?(@.type=="Ready")].status
@ -1605,7 +1605,7 @@ spec:
      in RFC3339 form and is in UTC.
    name: Age
    type: date
-  group: certmanager.k8s.io
+  group: cert-manager.io
  names:
    kind: CertificateRequest
    plural: certificaterequests
@ -1652,7 +1652,7 @@ spec:
                will be used.  If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
                with the provided name will be used. The 'name' field in this stanza
                is required at all times. The group field refers to the API group
-                of the issuer which defaults to 'certmanager.k8s.io' if empty.
+                of the issuer which defaults to 'cert-manager.io' if empty.
              properties:
                group:
                  type: string
@ -1771,7 +1771,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  creationTimestamp: null
-  name: certificates.certmanager.k8s.io
+  name: certificates.cert-manager.io
 spec:
  additionalPrinterColumns:
  - JSONPath: .status.conditions[?(@.type=="Ready")].status
@ -1795,7 +1795,7 @@ spec:
      in RFC3339 form and is in UTC.
    name: Age
    type: date
-  group: certmanager.k8s.io
+  group: cert-manager.io
  names:
    kind: Certificate
    plural: certificates
@ -2009,9 +2009,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  creationTimestamp: null
-  name: clusterissuers.certmanager.k8s.io
+  name: clusterissuers.cert-manager.io
 spec:
-  group: certmanager.k8s.io
+  group: cert-manager.io
  names:
    kind: ClusterIssuer
    plural: clusterissuers
@ -3633,9 +3633,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  creationTimestamp: null
-  name: issuers.certmanager.k8s.io
+  name: issuers.cert-manager.io
 spec:
-  group: certmanager.k8s.io
+  group: cert-manager.io
  names:
    kind: Issuer
    plural: issuers
--- a/deploy/manifests/01-namespace.yaml
+++ b/deploy/manifests/01-namespace.yaml
@ -3,6 +3,6 @@ kind: Namespace
 metadata:
  name: cert-manager
  labels:
-    certmanager.k8s.io/disable-validation: "true"
+    cert-manager.io/disable-validation: "true"

 ---