go.work is not respected by imports, which means that our test
environment - if it uses go.work - will differ from what'll be used by
third parties which import our core module.
This commit adds a generation target for go.work which will allow users
to opt-in to using it locally without it being enabled by default for
everyone.
See https://github.com/golang/go/issues/53502 for discussion on whether
or not go.work should be checked in.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
I think having a separate file for storing the various kind image
digest isn't necessary. From now on, make/cluster.sh is the "source of
truth" for everything related to kind. If you would like to see the
image that is going to be used for creating the kind cluster, you can
run:
make/cluster.sh --show-image
To self-update the digests with the latest available digests, run:
make/cluster.sh --update-images
Signed-off-by: Maël Valais <mael@vls.dev>
Includes targets for:
- all "server" binaries, for all arches
- all containers for all server binaries for all arches
- all client binaries (kubectl plugin / cmctl) for all arches
- the cert-manager helm chart + signature
- the cert-manager static manifests + CRDs
- tools which bazel would download, with checksum verification
- (commented out) a signed SHA256SUM file for client binaries
Upgrades from the bazel flow include that:
- we use OS-specific base images rather than just using amd64 everywhere
- we easily add support for signing artifacts at build time
- we add ".exe" to the end of windows executables
- we add a zip file for windows executables, for easier consumption
- we concatenate YAML files more robustly
- staging a full release should be much faster
- hopefully, it's easier to change things!
- licenses are trimmed down to reduce bloat in images (the license
bundle was 1.4MB in size alone)
Changes from the bazel flow include:
- containers no longer have a symlink to the binary at an unusual
path, but instead just have the binary at a more predictable path
(e.g. /app/cmd/webhook/webhook instead of
/app/cmd/webhook/webhook.runfiles/com_github_jetstack_cert_manager/cmd/webhook/webhook_/webhook)
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
As discussed in #3847, I went too fast and /lgtm from my bed. That led
to having a piece of code that could potentially break people's
cert-manager deployments.
Our plan is to have the same PR re-opened so that we can have it
released for v1.4 (due on Friday 11 June 2021 as per our timeline).
Signed-off-by: Maël Valais <mael@vls.dev>
* Update Chart.yaml
* Make templates namespaced
* Update config table in README.md
* Apply best practices for RBAC
(see
https://github.com/kubernetes/helm/blob/master/docs/chart_best_practices/rbac.md)
* Add extra args for cert-manager container
* Make list indentation consistent
* Apply standard labels on all resources
* Add some content to NOTES.txt
