Lots of new users don't realize:
(a) They need to create a Issuer/ClusterIssuer themselves
(b) They need to tell `ingress-shim` the name via `extra-args`
(Ideally the `helm` would create an ClusterIssuer for you by default, and set these options, if you specify and email address to use with LE.)
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add Endpoints back into the cert-manager RBAC policy
**What this PR does / why we need it**:
Adds permission to CRUD Endpoints resources back into the cert-manager RBAC role. This is to prevent deployments using the 'master' version of the Helm chart failing when deploying a pre-0.3 (unreleased) release of cert-manager.
We will remove this in 0.4. This is in order to reduce friction for new users if they forget/decide not to use a tagged release of the Helm chart.
**Release note**:
```release-note
NONE
```
/cc @davecheney @mikebryant
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set default cluster resource namespace to current pod namespace
**What this PR does / why we need it**:
Changes the default cluster resource namespace from kube-system to the current namespace of the cert-manager deployment.
**Which issue this PR fixes**: fixes#103
**Release note**:
```release-note
Supporting resources for ClusterIssuer's (e.g. signing CA certificates, or ACME account private keys) will now be stored in the same namespace as cert-manager, instead of kube-system in previous versions. Action required: you will need to ensure to properly manually migrate these referenced resources across into the deployment namespace of cert-manager, else cert-manager may not be able to find account private keys or signing CA certificates.
```
/cc @mikebryant
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add default shortNames to certificates CRD
Defaults to `[cert, certs]` and is configurable with `certificateCRDShortNames` parameter.
**What this PR does / why we need it**:
Simplifies manual certificate management with kubectl.
Fixes#311
<div name="review-notes" />
**Special notes for your reviewer**:
Instead of a boolean switch do/dont include the shortNames, the value defines the aliases. This may be handy if anybody prefers `[crt, crts]` instead.
I'm not too keen on the `certificateCRDShortNames` variable name. It might be better to use `Resource` instead of `CRD` to be consistent with the `createCustomResource` var.
Other CRDs are probably ok without an alias, but other people workflows may differ. Should these also be configurable? In that case, the variables could be `shortNames: {certificates: [], …}`.
**Release note**:
```release-note
Add Certificate CRD shortnames `cert` and `certs`. This is configurable in the Helm Chart with `certificateResourceShortNames`.
```
* Update Chart.yaml
* Make templates namespaced
* Update config table in README.md
* Apply best practices for RBAC
(see
https://github.com/kubernetes/helm/blob/master/docs/chart_best_practices/rbac.md)
* Add extra args for cert-manager container
* Make list indentation consistent
* Apply standard labels on all resources
* Add some content to NOTES.txt
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use cert-manager & boulder installed via helm in e2e tests. Run tests with Prow.
**What this PR does / why we need it**:
This switches our e2e tests to use cert-manager installed via helm instead of created as static pods.
This will allow us to test RBAC policies specified in the chart, as well as give a more realistic test environment for a normal use case.
**Release note**:
```release-note
End-to-end testing now covers the helm chart for cert-manager on Kubernetes 1.7-1.9
```
