This change maintains backwards compatibility, but makes the `accessKeyID` and `secretAccessKeySecretRef` fields of the `route53` DNS provider optional.
If not provided, AWS credentials will be loaded from `AWS_*` environment variables or the EC2 metadata service.
This should also work for things that impersonate the EC2 metadata service, such as [kube2iam](https://github.com/jtblin/kube2iam) and [kail](https://github.com/uswitch/kiam).
Signed-off-by: Matt Moyer <moyer@heptio.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clarify ClusterIssuer resource namespace
**What this PR does / why we need it**:
Clarify ClusterIssuer resource namespace in the migrating from kube lego guide
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Document common ingressShim.extraArgs use case in chart
**What this PR does / why we need it**:
Lots of new users don't realize:
(a) They need to create a Issuer/ClusterIssuer themselves
(b) They need to tell `ingress-shim` the name via `extra-args`
This PR adds a comment to the helm chart `values.yaml` to address these issues.
(Ideally the `helm` would create an ClusterIssuer for you by default, and set these options, if you specify and email address to use with LE.)
Release note:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
docs/devel: add 'deploy to minikube' docs
**What this PR does / why we need it**:
I felt that the steps to deploy/run/test cert-manager in minikube were non-trivial enough that it was worth documenting.
Let me know if this should live somewhere else in the repo or if you have suggestions for how to better document this.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Helm Chart: Add support for affinity and tolerations
Adds support for setting the node affinity and tolerations scheduling options
```release-note
Add support for node affinity and tolerations in Helm chart
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Document the minimum necessary permissions for using cert-manager with Route53
**What this PR does / why we need it**: Necessary permissions previously not documented.
**Release note**:
```release-note
Document the minimum necessary permissions for using cert-manager with Route53
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
docs: fix value name that disables rbac
**What this PR does / why we need it**:
Proper documentation for deploying cert-manager for k8s clusters without rbac enabled (happens to be the default for cdk on localhost).
**Which issue this PR fixes**
No issue per se, a follow-up on #256.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Endpoints back into the cert-manager RBAC policy
**What this PR does / why we need it**:
Adds permission to CRUD Endpoints resources back into the cert-manager RBAC role. This is to prevent deployments using the 'master' version of the Helm chart failing when deploying a pre-0.3 (unreleased) release of cert-manager.
We will remove this in 0.4. This is in order to reduce friction for new users if they forget/decide not to use a tagged release of the Helm chart.
**Release note**:
```release-note
NONE
```
/cc @davecheney @mikebryant
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set default cluster resource namespace to current pod namespace
**What this PR does / why we need it**:
Changes the default cluster resource namespace from kube-system to the current namespace of the cert-manager deployment.
**Which issue this PR fixes**: fixes#103
**Release note**:
```release-note
Supporting resources for ClusterIssuer's (e.g. signing CA certificates, or ACME account private keys) will now be stored in the same namespace as cert-manager, instead of kube-system in previous versions. Action required: you will need to ensure to properly manually migrate these referenced resources across into the deployment namespace of cert-manager, else cert-manager may not be able to find account private keys or signing CA certificates.
```
/cc @mikebryant
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add default shortNames to certificates CRD
Defaults to `[cert, certs]` and is configurable with `certificateCRDShortNames` parameter.
**What this PR does / why we need it**:
Simplifies manual certificate management with kubectl.
Fixes#311
<div name="review-notes" />
**Special notes for your reviewer**:
Instead of a boolean switch do/dont include the shortNames, the value defines the aliases. This may be handy if anybody prefers `[crt, crts]` instead.
I'm not too keen on the `certificateCRDShortNames` variable name. It might be better to use `Resource` instead of `CRD` to be consistent with the `createCustomResource` var.
Other CRDs are probably ok without an alias, but other people workflows may differ. Should these also be configurable? In that case, the variables could be `shortNames: {certificates: [], …}`.
**Release note**:
```release-note
Add Certificate CRD shortnames `cert` and `certs`. This is configurable in the Helm Chart with `certificateResourceShortNames`.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Added Azure DNS support for DNS01 challange
**What this PR does / why we need it**:
Adds another provider (Azure DNS) for DNS01 challange
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#230
**Special notes for your reviewer**:
**Release note**:
```release-note
ACME DNS-01 challenge mechanism for Azure DNS
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
provider names in issuer.yml and certificate.yml must match
**What this PR does / why we need it**:
Documentation fix. For further information see #209.
**Which issue this PR fixes**
fixes#209
```release-note
NONE
```
