From 75a65de98a5c56fbf764ef7fffcff8817921a4b2 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Mon, 23 Sep 2019 12:03:50 +0100 Subject: [PATCH] Update deployment manifests for new API group Signed-off-by: James Munnelly --- deploy/charts/cert-manager/README.md | 4 +-- .../cainjector/templates/rbac.yaml | 2 +- .../charts/cert-manager/templates/rbac.yaml | 26 +++++++++---------- .../templates/webhook-apiservice.yaml | 6 ++--- .../templates/webhook-mutating-webhook.yaml | 8 +++--- .../cert-manager/templates/webhook-rbac.yaml | 2 +- .../templates/webhook-validating-webhook.yaml | 10 +++---- deploy/manifests/00-crds.yaml | 18 ++++++------- deploy/manifests/01-namespace.yaml | 2 +- 9 files changed, 39 insertions(+), 39 deletions(-) diff --git a/deploy/charts/cert-manager/README.md b/deploy/charts/cert-manager/README.md index 10ff70ed0..4f6b9f8de 100644 --- a/deploy/charts/cert-manager/README.md +++ b/deploy/charts/cert-manager/README.md @@ -29,10 +29,10 @@ $ oc create \ ## IMPORTANT: if the cert-manager namespace **already exists**, you MUST ensure ## it has an additional label on it in order for the deployment to succeed -$ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true" +$ kubectl label namespace cert-manager cert-manager.io/disable-validation="true" ## For openshift: -$ oc label namespace cert-manager certmanager.k8s.io/disable-validation=true +$ oc label namespace cert-manager cert-manager.io/disable-validation=true ## Add the Jetstack Helm repository $ helm repo add jetstack https://charts.jetstack.io diff --git a/deploy/charts/cert-manager/cainjector/templates/rbac.yaml b/deploy/charts/cert-manager/cainjector/templates/rbac.yaml index 64874043d..b2a95ff95 100644 --- a/deploy/charts/cert-manager/cainjector/templates/rbac.yaml +++ b/deploy/charts/cert-manager/cainjector/templates/rbac.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "cainjector.chart" . }} rules: - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates"] verbs: ["get", "list", "watch"] - apiGroups: [""] diff --git a/deploy/charts/cert-manager/templates/rbac.yaml b/deploy/charts/cert-manager/templates/rbac.yaml index cebd73d7f..0cb21bf70 100644 --- a/deploy/charts/cert-manager/templates/rbac.yaml +++ b/deploy/charts/cert-manager/templates/rbac.yaml @@ -30,10 +30,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ template "cert-manager.chart" . }} rules: - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["issuers", "issuers/status"] verbs: ["update"] - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["issuers"] verbs: ["get", "list", "watch"] - apiGroups: [""] @@ -57,10 +57,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ template "cert-manager.chart" . }} rules: - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["clusterissuers", "clusterissuers/status"] verbs: ["update"] - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: [""] @@ -84,16 +84,16 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ template "cert-manager.chart" . }} rules: - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates/finalizers"] verbs: ["update"] - apiGroups: ["acme.cert-manager.io"] @@ -126,7 +126,7 @@ rules: - apiGroups: ["acme.cert-manager.io"] resources: ["orders", "challenges"] verbs: ["get", "list", "watch"] - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["clusterissuers", "issuers"] verbs: ["get", "list", "watch"] - apiGroups: ["acme.cert-manager.io"] @@ -168,7 +168,7 @@ rules: resources: ["challenges"] verbs: ["get", "list", "watch"] # Used to watch challenges, issuer and clusterissuer resources - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["issuers", "clusterissuers"] verbs: ["get", "list", "watch"] # Need to be able to retrieve ACME account private key to complete challenges @@ -219,10 +219,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ template "cert-manager.chart" . }} rules: - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] @@ -401,7 +401,7 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests", "issuers"] verbs: ["get", "list", "watch"] @@ -420,7 +420,7 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - - apiGroups: ["certmanager.k8s.io"] + - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests", "issuers"] verbs: ["create", "delete", "deletecollection", "patch", "update"] diff --git a/deploy/charts/cert-manager/templates/webhook-apiservice.yaml b/deploy/charts/cert-manager/templates/webhook-apiservice.yaml index ed46424cc..f64e2d43b 100644 --- a/deploy/charts/cert-manager/templates/webhook-apiservice.yaml +++ b/deploy/charts/cert-manager/templates/webhook-apiservice.yaml @@ -2,7 +2,7 @@ apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: - name: v1beta1.webhook.certmanager.k8s.io + name: v1beta1.webhook.cert-manager.io labels: app: {{ include "webhook.name" . }} app.kubernetes.io/name: {{ include "webhook.name" . }} @@ -10,9 +10,9 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "webhook.chart" . }} annotations: - certmanager.k8s.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ include "webhook.servingCertificate" . }}" + cert-manager.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ include "webhook.servingCertificate" . }}" spec: - group: webhook.certmanager.k8s.io + group: webhook.cert-manager.io groupPriorityMinimum: 1000 versionPriority: 15 service: diff --git a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml index e0dd65d48..a10aeb688 100644 --- a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml +++ b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml @@ -11,13 +11,13 @@ metadata: helm.sh/chart: {{ include "webhook.chart" . }} annotations: {{- if .Values.webhook.injectAPIServerCA }} - certmanager.k8s.io/inject-apiserver-ca: "true" + cert-manager.io/inject-apiserver-ca: "true" {{- end }} webhooks: - - name: webhook.certmanager.k8s.io + - name: webhook.cert-manager.io rules: - apiGroups: - - "certmanager.k8s.io" + - "cert-manager.io" apiVersions: - v1alpha2 operations: @@ -35,5 +35,5 @@ webhooks: service: name: kubernetes namespace: default - path: /apis/webhook.certmanager.k8s.io/v1beta1/mutations + path: /apis/webhook.cert-manager.io/v1beta1/mutations {{- end -}} diff --git a/deploy/charts/cert-manager/templates/webhook-rbac.yaml b/deploy/charts/cert-manager/templates/webhook-rbac.yaml index 428882d58..86113f7aa 100644 --- a/deploy/charts/cert-manager/templates/webhook-rbac.yaml +++ b/deploy/charts/cert-manager/templates/webhook-rbac.yaml @@ -64,7 +64,7 @@ metadata: helm.sh/chart: {{ include "webhook.chart" . }} rules: - apiGroups: - - admission.certmanager.k8s.io + - admission.cert-manager.io resources: - certificates - certificaterequests diff --git a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml index 183653623..780aa1ce4 100644 --- a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml +++ b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml @@ -11,13 +11,13 @@ metadata: helm.sh/chart: {{ include "webhook.chart" . }} annotations: {{- if .Values.webhook.injectAPIServerCA }} - certmanager.k8s.io/inject-apiserver-ca: "true" + cert-manager.io/inject-apiserver-ca: "true" {{- end }} webhooks: - - name: webhook.certmanager.k8s.io + - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "certmanager.k8s.io/disable-validation" + - key: "cert-manager.io/disable-validation" operator: "NotIn" values: - "true" @@ -27,7 +27,7 @@ webhooks: - {{ .Release.Namespace }} rules: - apiGroups: - - "certmanager.k8s.io" + - "cert-manager.io" apiVersions: - v1alpha2 operations: @@ -44,5 +44,5 @@ webhooks: service: name: kubernetes namespace: default - path: /apis/webhook.certmanager.k8s.io/v1beta1/validations + path: /apis/webhook.cert-manager.io/v1beta1/validations {{- end -}} diff --git a/deploy/manifests/00-crds.yaml b/deploy/manifests/00-crds.yaml index 210a40eb0..bbaf0829b 100644 --- a/deploy/manifests/00-crds.yaml +++ b/deploy/manifests/00-crds.yaml @@ -1584,7 +1584,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null - name: certificaterequests.certmanager.k8s.io + name: certificaterequests.cert-manager.io spec: additionalPrinterColumns: - JSONPath: .status.conditions[?(@.type=="Ready")].status @@ -1605,7 +1605,7 @@ spec: in RFC3339 form and is in UTC. name: Age type: date - group: certmanager.k8s.io + group: cert-manager.io names: kind: CertificateRequest plural: certificaterequests @@ -1652,7 +1652,7 @@ spec: will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with the provided name will be used. The 'name' field in this stanza is required at all times. The group field refers to the API group - of the issuer which defaults to 'certmanager.k8s.io' if empty. + of the issuer which defaults to 'cert-manager.io' if empty. properties: group: type: string @@ -1771,7 +1771,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null - name: certificates.certmanager.k8s.io + name: certificates.cert-manager.io spec: additionalPrinterColumns: - JSONPath: .status.conditions[?(@.type=="Ready")].status @@ -1795,7 +1795,7 @@ spec: in RFC3339 form and is in UTC. name: Age type: date - group: certmanager.k8s.io + group: cert-manager.io names: kind: Certificate plural: certificates @@ -2009,9 +2009,9 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null - name: clusterissuers.certmanager.k8s.io + name: clusterissuers.cert-manager.io spec: - group: certmanager.k8s.io + group: cert-manager.io names: kind: ClusterIssuer plural: clusterissuers @@ -3633,9 +3633,9 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null - name: issuers.certmanager.k8s.io + name: issuers.cert-manager.io spec: - group: certmanager.k8s.io + group: cert-manager.io names: kind: Issuer plural: issuers diff --git a/deploy/manifests/01-namespace.yaml b/deploy/manifests/01-namespace.yaml index 8148424bf..4d738beb8 100644 --- a/deploy/manifests/01-namespace.yaml +++ b/deploy/manifests/01-namespace.yaml @@ -3,6 +3,6 @@ kind: Namespace metadata: name: cert-manager labels: - certmanager.k8s.io/disable-validation: "true" + cert-manager.io/disable-validation: "true" ---