kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13567 from HealthEngineAU/cert-manager-nameservers 

Add a nameservers parameter for cert-manager.
This commit is contained in:
Kubernetes Prow Robot 2022-05-18 00:28:53 -07:00 committed by GitHub
parent 0b9955f430 0fa178106a
commit 7a90131d54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/addons.md
View File

@ -119,6 +119,22 @@ spec:
managed: false
```
##### DNS nameserver configuration for cert-manager pod
{{ kops_feature_table(kops_added_default='1.23.3', k8s_min='1.16') }}
Optional list of DNS nameserver IP addresses for the cert-manager pod to use.
This is useful if you have a public and private DNS zone for the same domain to ensure that cert-manager can access ingress, or DNS01 challenge TXT records at all times.
You can set pod DNS nameserver configuration for cert-manager like so:
```yaml
spec:
certManager:
enabled: true
nameservers:
- 1.1.1.1
- 8.8.8.8
```
Read more about cert-manager in the [official documentation](https://cert-manager.io/docs/)

6
k8s/crds/kops.k8s.io_clusters.yaml
View File

@ -297,6 +297,12 @@ spec:
by kOps. The deployment of cert-manager is skipped if this is
set to false.
type: boolean
nameservers:
description: 'nameservers is a list of nameserver IP addresses
to use instead of the pod defaults. Default: none'
items:
type: string
type: array
type: object
channel:
description: The Channel we are following

4
pkg/apis/kops/componentconfig.go
View File

@ -1050,6 +1050,10 @@ type CertManagerConfig struct {
// defaultIssuer sets a default clusterIssuer
// Default: none
DefaultIssuer *string `json:"defaultIssuer,omitempty"`
// nameservers is a list of nameserver IP addresses to use instead of the pod defaults.
// Default: none
Nameservers []string `json:"nameservers,omitempty"`
}
// AWSLoadBalancerControllerConfig determines the AWS LB controller configuration.

4
pkg/apis/kops/v1alpha2/componentconfig.go
View File

@ -1076,6 +1076,10 @@ type CertManagerConfig struct {
// defaultIssuer sets a default clusterIssuer
// Default: none
DefaultIssuer *string `json:"defaultIssuer,omitempty"`
// nameservers is a list of nameserver IP addresses to use instead of the pod defaults.
// Default: none
Nameservers []string `json:"nameservers,omitempty"`
}
// AWSLoadBalancerControllerConfig determines the AWS LB controller configuration.

2
pkg/apis/kops/v1alpha2/zz_generated.conversion.go generated
View File

@ -1886,6 +1886,7 @@ func autoConvert_v1alpha2_CertManagerConfig_To_kops_CertManagerConfig(in *CertMa
out.Managed = in.Managed
out.Image = in.Image
out.DefaultIssuer = in.DefaultIssuer
out.Nameservers = in.Nameservers
return nil
}
@ -1899,6 +1900,7 @@ func autoConvert_kops_CertManagerConfig_To_v1alpha2_CertManagerConfig(in *kops.C
out.Managed = in.Managed
out.Image = in.Image
out.DefaultIssuer = in.DefaultIssuer
out.Nameservers = in.Nameservers
return nil
}

5
pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go generated
View File

@ -519,6 +519,11 @@ func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) {
*out = new(string)
**out = **in
}
if in.Nameservers != nil {
in, out := &in.Nameservers, &out.Nameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

4
pkg/apis/kops/v1alpha3/componentconfig.go
View File

@ -1047,6 +1047,10 @@ type CertManagerConfig struct {
// defaultIssuer sets a default clusterIssuer
// Default: none
DefaultIssuer *string `json:"defaultIssuer,omitempty"`
// nameservers is a list of nameserver IP addresses to use instead of the pod defaults.
// Default: none
Nameservers []string `json:"nameservers,omitempty"`
}
// AWSLoadBalancerControllerConfig determines the AWS LB controller configuration.

2
pkg/apis/kops/v1alpha3/zz_generated.conversion.go generated
View File

@ -1912,6 +1912,7 @@ func autoConvert_v1alpha3_CertManagerConfig_To_kops_CertManagerConfig(in *CertMa
out.Managed = in.Managed
out.Image = in.Image
out.DefaultIssuer = in.DefaultIssuer
out.Nameservers = in.Nameservers
return nil
}
@ -1925,6 +1926,7 @@ func autoConvert_kops_CertManagerConfig_To_v1alpha3_CertManagerConfig(in *kops.C
out.Managed = in.Managed
out.Image = in.Image
out.DefaultIssuer = in.DefaultIssuer
out.Nameservers = in.Nameservers
return nil
}

5
pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go generated
View File

@ -536,6 +536,11 @@ func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) {
*out = new(string)
**out = **in
}
if in.Nameservers != nil {
in, out := &in.Nameservers, &out.Nameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

5
pkg/apis/kops/zz_generated.deepcopy.go generated
View File

@ -535,6 +535,11 @@ func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) {
*out = new(string)
**out = **in
}
if in.Nameservers != nil {
in, out := &in.Nameservers, &out.Nameservers
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

8
upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template
View File

@ -5217,6 +5217,14 @@ spec:
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
{{ if .CertManager.Nameservers }}
dnsConfig:
nameservers:
{{ range $nameserver := .CertManager.Nameservers }}
- "{{ $nameserver }}"
{{ end }}
dnsPolicy: None
{{ end }}
priorityClassName: system-cluster-critical
serviceAccountName: cert-manager
securityContext: