diff --git a/pkg/controller/cainjector/sources.go b/pkg/controller/cainjector/sources.go index d0647f500..08ef57039 100644 --- a/pkg/controller/cainjector/sources.go +++ b/pkg/controller/cainjector/sources.go @@ -55,7 +55,7 @@ type caDataSource interface { } // kubeconfigDataSource reads the ca bundle provided as part of the struct -// instantiation if it has the 'certmanager.k8s.io/inject-apiserver-ca' +// instantiation if it has the 'cert-manager.io/inject-apiserver-ca' // annotation. type kubeconfigDataSource struct { apiserverCABundle []byte @@ -80,7 +80,7 @@ func (c *kubeconfigDataSource) ApplyTo(mgr ctrl.Manager, setup injectorSetup, bu } // certificateDataSource reads a CA bundle by fetching the Certificate named in -// the 'certmanager.k8s.io/inject-ca-from' annotation in the form +// the 'cert-manager.io/inject-ca-from' annotation in the form // 'namespace/name'. type certificateDataSource struct { client client.Client @@ -162,7 +162,7 @@ func (c *certificateDataSource) ApplyTo(mgr ctrl.Manager, setup injectorSetup, b } // secretDataSource reads a CA bundle from a Secret resource named using the -// 'certmanager.k8s.io/inject-ca-from-secret' annotation in the form +// 'cert-manager.io/inject-ca-from-secret' annotation in the form // 'namespace/name'. type secretDataSource struct { client client.Client diff --git a/pkg/controller/certificaterequests/selfsigned/selfsigned_test.go b/pkg/controller/certificaterequests/selfsigned/selfsigned_test.go index 575bfe6bd..53da69b7f 100644 --- a/pkg/controller/certificaterequests/selfsigned/selfsigned_test.go +++ b/pkg/controller/certificaterequests/selfsigned/selfsigned_test.go @@ -165,7 +165,7 @@ func TestSign(t *testing.T) { } tests := map[string]testT{ - "a CertificateRequest with no certmanager.k8s.io/selfsigned-private-key annotation should fail": { + "a CertificateRequest with no cert-manager.io/selfsigned-private-key annotation should fail": { certificateRequest: gen.CertificateRequestFrom(baseCR, // no annotation gen.SetCertificateRequestAnnotations(map[string]string{}), @@ -177,7 +177,7 @@ func TestSign(t *testing.T) { gen.SetCertificateRequestAnnotations(map[string]string{}), ), baseIssuer}, ExpectedEvents: []string{ - `Warning MissingAnnotation Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`, + `Warning MissingAnnotation Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`, }, ExpectedActions: []testpkg.Action{ testpkg.NewAction(coretesting.NewUpdateAction( @@ -189,7 +189,7 @@ func TestSign(t *testing.T) { Type: cmapi.CertificateRequestConditionReady, Status: cmmeta.ConditionFalse, Reason: cmapi.CertificateRequestReasonFailed, - Message: `Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`, + Message: `Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`, LastTransitionTime: &metaFixedClockStart, }), gen.SetCertificateRequestFailureTime(metaFixedClockStart), @@ -198,7 +198,7 @@ func TestSign(t *testing.T) { }, }, }, - "a CertificateRequest with a certmanager.k8s.io/private-key-secret-name annotation but empty string should fail": { + "a CertificateRequest with a cert-manager.io/private-key-secret-name annotation but empty string should fail": { certificateRequest: gen.CertificateRequestFrom(baseCR, // no data in annotation gen.SetCertificateRequestAnnotations(map[string]string{cmapi.CRPrivateKeyAnnotationKey: ""}), @@ -210,7 +210,7 @@ func TestSign(t *testing.T) { gen.SetCertificateRequestAnnotations(map[string]string{cmapi.CRPrivateKeyAnnotationKey: ""}), ), baseIssuer}, ExpectedEvents: []string{ - `Warning MissingAnnotation Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`, + `Warning MissingAnnotation Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`, }, ExpectedActions: []testpkg.Action{ testpkg.NewAction(coretesting.NewUpdateAction( @@ -222,7 +222,7 @@ func TestSign(t *testing.T) { Type: cmapi.CertificateRequestConditionReady, Status: cmmeta.ConditionFalse, Reason: cmapi.CertificateRequestReasonFailed, - Message: `Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`, + Message: `Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`, LastTransitionTime: &metaFixedClockStart, }), gen.SetCertificateRequestFailureTime(metaFixedClockStart), @@ -262,7 +262,7 @@ func TestSign(t *testing.T) { KubeObjects: []runtime.Object{invalidKeySecret}, CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer}, ExpectedEvents: []string{ - `Normal ErrorParsingKey Failed to get key "test-rsa-key" referenced in annotation "certmanager.k8s.io/private-key-secret-name": error decoding private key PEM block`, + `Normal ErrorParsingKey Failed to get key "test-rsa-key" referenced in annotation "cert-manager.io/private-key-secret-name": error decoding private key PEM block`, }, ExpectedActions: []testpkg.Action{ testpkg.NewAction(coretesting.NewUpdateAction( @@ -273,7 +273,7 @@ func TestSign(t *testing.T) { Type: cmapi.CertificateRequestConditionReady, Status: cmmeta.ConditionFalse, Reason: cmapi.CertificateRequestReasonPending, - Message: `Failed to get key "test-rsa-key" referenced in annotation "certmanager.k8s.io/private-key-secret-name": error decoding private key PEM block`, + Message: `Failed to get key "test-rsa-key" referenced in annotation "cert-manager.io/private-key-secret-name": error decoding private key PEM block`, LastTransitionTime: &metaFixedClockStart, }), ), diff --git a/pkg/controller/certificaterequests/sync_test.go b/pkg/controller/certificaterequests/sync_test.go index f2262fe4d..5af96beac 100644 --- a/pkg/controller/certificaterequests/sync_test.go +++ b/pkg/controller/certificaterequests/sync_test.go @@ -136,10 +136,10 @@ func TestSync(t *testing.T) { certECPEMExpired := generateSelfSignedCert(t, baseCR, skEC, fixedClockStart.Add(-time.Hour*13), fixedClockStart.Add(-time.Hour*12)) tests := map[string]testT{ - "should return nil (no action) if group name if not 'certmanager.k8s.io' or ''": { + "should return nil (no action) if group name if not 'cert-manager.io' or ''": { certificateRequest: gen.CertificateRequestFrom(baseCR, gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{ - Group: "not-certmanager.k8s.io", + Group: "not-cert-manager.io", }), ), builder: &testpkg.Builder{ @@ -185,7 +185,7 @@ func TestSync(t *testing.T) { builder: &testpkg.Builder{ CertManagerObjects: []runtime.Object{baseCR}, ExpectedEvents: []string{ - `Normal IssuerNotFound Referenced "Issuer" not found: issuer.certmanager.k8s.io "test-issuer" not found`, + `Normal IssuerNotFound Referenced "Issuer" not found: issuer.cert-manager.io "test-issuer" not found`, }, ExpectedActions: []testpkg.Action{ testpkg.NewAction(coretesting.NewUpdateAction( @@ -196,7 +196,7 @@ func TestSync(t *testing.T) { Type: cmapi.CertificateRequestConditionReady, Status: cmmeta.ConditionFalse, Reason: "Pending", - Message: `Referenced "Issuer" not found: issuer.certmanager.k8s.io "test-issuer" not found`, + Message: `Referenced "Issuer" not found: issuer.cert-manager.io "test-issuer" not found`, LastTransitionTime: &nowMetaTime, }), ), diff --git a/pkg/controller/ingress-shim/sync.go b/pkg/controller/ingress-shim/sync.go index 3d19e4b76..a5638a7b2 100644 --- a/pkg/controller/ingress-shim/sync.go +++ b/pkg/controller/ingress-shim/sync.go @@ -40,17 +40,17 @@ import ( const ( // editInPlaceAnnotation is used to toggle the use of ingressClass instead // of ingress on the created Certificate resource - editInPlaceAnnotation = "certmanager.k8s.io/acme-http01-edit-in-place" + editInPlaceAnnotation = "acme.cert-manager.io/http01-edit-in-place" // issuerNameAnnotation can be used to override the issuer specified on the // created Certificate resource. - issuerNameAnnotation = "certmanager.k8s.io/issuer" + issuerNameAnnotation = "cert-manager.io/issuer" // clusterIssuerNameAnnotation can be used to override the issuer specified on the // created Certificate resource. The Certificate will reference the // specified *ClusterIssuer* instead of normal issuer. - clusterIssuerNameAnnotation = "certmanager.k8s.io/cluster-issuer" + clusterIssuerNameAnnotation = "cert-manager.io/cluster-issuer" // acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass // if the challenge type is set to http01 - acmeIssuerHTTP01IngressClassAnnotation = "certmanager.k8s.io/acme-http01-ingress-class" + acmeIssuerHTTP01IngressClassAnnotation = "acme.cert-manager.io/http01-ingress-class" ingressClassAnnotation = util.IngressKey ) diff --git a/pkg/issuer/acme/http/http.go b/pkg/issuer/acme/http/http.go index ad71cba7f..a6173709e 100644 --- a/pkg/issuer/acme/http/http.go +++ b/pkg/issuer/acme/http/http.go @@ -43,9 +43,9 @@ const ( // acmeSolverListenPort is the port acmesolver should listen on acmeSolverListenPort = 8089 - domainLabelKey = "certmanager.k8s.io/acme-http-domain" - tokenLabelKey = "certmanager.k8s.io/acme-http-token" - solverIdentificationLabelKey = "certmanager.k8s.io/acme-http01-solver" + domainLabelKey = "acme.cert-manager.io/http-domain" + tokenLabelKey = "acme.cert-manager.io/http-token" + solverIdentificationLabelKey = "acme.cert-manager.io/http01-solver" ) var ( diff --git a/pkg/issuer/acme/http/pod_test.go b/pkg/issuer/acme/http/pod_test.go index 04e75d82f..91f09408d 100644 --- a/pkg/issuer/acme/http/pod_test.go +++ b/pkg/issuer/acme/http/pod_test.go @@ -277,8 +277,8 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) { PodTemplate: &cmacme.ACMEChallengeSolverHTTP01IngressPodTemplate{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ - "this is a": "label", - "certmanager.k8s.io/acme-http-domain": "44655555555", + "this is a": "label", + "acme.cert-manager.io/http-domain": "44655555555", }, Annotations: map[string]string{ "sidecar.istio.io/inject": "true", @@ -306,10 +306,10 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) { PreFn: func(t *testing.T, s *solverFixture) { resultingPod := s.Solver.buildDefaultPod(s.Challenge) resultingPod.Labels = map[string]string{ - "this is a": "label", - "certmanager.k8s.io/acme-http-domain": "44655555555", - "certmanager.k8s.io/acme-http-token": "1", - "certmanager.k8s.io/acme-http01-solver": "true", + "this is a": "label", + "acme.cert-manager.io/http-domain": "44655555555", + "acme.cert-manager.io/http-token": "1", + "acme.cert-manager.io/http01-solver": "true", } resultingPod.Annotations = map[string]string{ "sidecar.istio.io/inject": "true", diff --git a/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/apiservice.yaml b/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/apiservice.yaml index 504ab914b..5b67d2a1f 100644 --- a/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/apiservice.yaml +++ b/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/apiservice.yaml @@ -8,7 +8,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: - certmanager.k8s.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}" + cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}" spec: group: {{ .Values.groupName }} groupPriorityMinimum: 1000 diff --git a/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/pki.yaml b/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/pki.yaml index 35de282d0..2a62da595 100644 --- a/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/pki.yaml +++ b/test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/pki.yaml @@ -1,7 +1,7 @@ --- # Create a selfsigned Issuer, in order to create a root CA certificate for # signing webhook serving certificates -apiVersion: certmanager.k8s.io/v1alpha2 +apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: {{ include "example-webhook.selfSignedIssuer" . }} @@ -17,7 +17,7 @@ spec: --- # Generate a CA Certificate used to sign certificates for the webhook -apiVersion: certmanager.k8s.io/v1alpha2 +apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: {{ include "example-webhook.rootCACertificate" . }} @@ -38,7 +38,7 @@ spec: --- # Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: certmanager.k8s.io/v1alpha2 +apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: {{ include "example-webhook.rootCAIssuer" . }} @@ -55,7 +55,7 @@ spec: --- # Finally, generate a serving certificate for the webhook to use -apiVersion: certmanager.k8s.io/v1alpha2 +apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: {{ include "example-webhook.servingCertificate" . }} diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index bc57e011c..2fea47d7d 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -98,7 +98,7 @@ func RbacClusterRoleHasAccessToResource(f *Framework, clusterRole string, verb s ResourceAttributes: &authorizationv1.ResourceAttributes{ Namespace: f.Namespace.Name, Verb: verb, - Group: "certmanager.k8s.io", + Group: "cert-manager.io", Resource: resource, }, }, diff --git a/test/e2e/suite/conformance/certificates/acme/acme.go b/test/e2e/suite/conformance/certificates/acme/acme.go index 5589c4a8c..96e0e4ded 100644 --- a/test/e2e/suite/conformance/certificates/acme/acme.go +++ b/test/e2e/suite/conformance/certificates/acme/acme.go @@ -60,7 +60,7 @@ type acmeIssuerProvisioner struct { tiller *tiller.Tiller pebble *pebble.Pebble // if setGroupName is true, the 'group name' field on the IssuerRef will be - // set the 'certmanager.k8s.io'. + // set the 'cert-manager.io'. // Setting the group name will cause the new 'certificate requests' based // implementation to be used, however this is not implemented for ACME yet // See: https://github.com/jetstack/cert-manager/pull/1943 diff --git a/test/e2e/suite/issuers/acme/certificate/http01.go b/test/e2e/suite/issuers/acme/certificate/http01.go index c57b3c27b..1df90495d 100644 --- a/test/e2e/suite/issuers/acme/certificate/http01.go +++ b/test/e2e/suite/issuers/acme/certificate/http01.go @@ -288,7 +288,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { By("Creating an Ingress with the issuer name annotation set") _, err := ingClient.Create(util.NewIngress(certificateSecretName, certificateSecretName, map[string]string{ - "certmanager.k8s.io/issuer": issuerName, + "cert-manager.io/issuer": issuerName, }, acmeIngressDomain)) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/suite/serving/cainjector.go b/test/e2e/suite/serving/cainjector.go index b57b5c575..7edeae12f 100644 --- a/test/e2e/suite/serving/cainjector.go +++ b/test/e2e/suite/serving/cainjector.go @@ -390,13 +390,13 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { someURL := "https://localhost:8675" return &apiext.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ - Name: "objs." + namePrefix + ".testing.certmanager.k8s.io", + Name: "objs." + namePrefix + ".testing.cert-manager.io", Annotations: map[string]string{ certmanager.WantInjectAnnotation: types.NamespacedName{Name: "serving-certs", Namespace: f.Namespace.Name}.String(), }, }, Spec: apiext.CustomResourceDefinitionSpec{ - Group: namePrefix + ".testing.certmanager.k8s.io", + Group: namePrefix + ".testing.cert-manager.io", Version: "v1", Conversion: &apiext.CustomResourceConversion{ Strategy: apiext.WebhookConverter, @@ -425,7 +425,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { makeInjectable: func(namePrefix string) runtime.Object { return &apireg.APIService{ ObjectMeta: metav1.ObjectMeta{ - Name: "v1." + namePrefix + ".testing.certmanager.k8s.io", + Name: "v1." + namePrefix + ".testing.cert-manager.io", Annotations: map[string]string{ certmanager.WantInjectAnnotation: types.NamespacedName{Name: "serving-certs", Namespace: f.Namespace.Name}.String(), }, @@ -435,7 +435,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { Name: "does-not-exit", Namespace: "default", }, - Group: namePrefix + ".testing.certmanager.k8s.io", + Group: namePrefix + ".testing.cert-manager.io", Version: "v1", GroupPriorityMinimum: 1, VersionPriority: 1,