diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index fb8518651e..ef9320c1db 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 628cd14a55..23f07f93fc 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 9e5926962a..a14c874ec7 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 95a467762c..2d8d497ab7 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index e64c6bfddd..0c164f2747 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 4ea8ffb6a0..f2430cbc5d 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 9df1399101..b1d16874c5 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index b325caed66..54c84f3e5b 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 1b19863fda..71e9bef0f5 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index 94b67800f4..c1b04b64d8 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0 diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-certmanager.io-k8s-1.16_content index 7e0479dbae..3d5df95330 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-certmanager.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-certmanager.io-k8s-1.16_content @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificaterequests.cert-manager.io spec: conversion: @@ -152,7 +152,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -279,7 +279,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: certificates.cert-manager.io spec: conversion: @@ -511,6 +511,17 @@ spec: - passwordSecretRef type: object type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents + the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). + Use this *instead* of the Subject field if you need to ensure the + correct ordering of the RDN sequence, such as when issuing certs + for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, + https://github.com/cert-manager/cert-manager/issues/4424. This field + is alpha level and is only supported by cert-manager installations + where LiteralCertificateSubject feature gate is enabled on both + cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. properties: @@ -658,7 +669,7 @@ spec: if not specified. items: description: 'KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher @@ -816,7 +827,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: challenges.acme.cert-manager.io spec: conversion: @@ -1233,9 +1244,29 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared credentials - file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If neither + the Access Key nor Key ID are set, we fall-back to using + env vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back + to using env vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret resource's + `data` field to be used. Some instances of this + field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the @@ -1868,10 +1899,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -1949,7 +1977,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2084,9 +2112,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2157,7 +2182,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2295,10 +2320,7 @@ spec: namespaces list means "this pod's namespace". An empty selector ({}) matches all - namespaces. This field is - beta-level and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + namespaces. properties: matchExpressions: description: matchExpressions @@ -2376,7 +2398,7 @@ spec: ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2511,9 +2533,6 @@ spec: or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is - only honored when PodAffinityNamespaceSelector - feature is enabled. properties: matchExpressions: description: matchExpressions @@ -2584,7 +2603,7 @@ spec: field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -2802,7 +2821,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: clusterissuers.cert-manager.io spec: conversion: @@ -4045,11 +4064,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4144,7 +4159,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4299,10 +4314,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4384,7 +4396,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4546,11 +4558,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4645,7 +4653,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -4800,10 +4808,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -4885,7 +4890,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -5359,8 +5364,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -5368,7 +5371,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: issuers.cert-manager.io spec: conversion: @@ -5884,10 +5887,33 @@ spec: properties: accessKeyID: description: 'The AccessKeyID is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata see: - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + Cannot be set when SecretAccessKeyID is set. If + neither the Access Key nor Key ID are set, we + fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. + If set, pull the AWS access key ID from a key + within a Kubernetes Secret. Cannot be set when + AccessKeyID is set. If neither the Access Key + nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance + metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others + it may be required. + type: string + name: + description: 'Name of the resource being referred + to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - name + type: object hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup @@ -5905,9 +5931,10 @@ spec: shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. - If not set we fall-back to using env vars, shared - credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, + we fall-back to using env vars, shared credentials + file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' properties: key: description: The key of the entry in the Secret @@ -6610,11 +6637,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6709,7 +6732,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -6864,10 +6887,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -6949,7 +6969,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7111,11 +7131,7 @@ spec: list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This - field is beta-level - and is only honored - when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7210,7 +7226,7 @@ spec: selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7365,10 +7381,7 @@ spec: null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches - all namespaces. This field - is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. + all namespaces. properties: matchExpressions: description: matchExpressions @@ -7450,7 +7463,7 @@ spec: the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector - means "this pod's namespace" + means "this pod's namespace". items: type: string type: array @@ -7924,8 +7937,6 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca creationTimestamp: null labels: addon.kops.k8s.io/name: certmanager.io @@ -7933,7 +7944,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: orders.acme.cert-manager.io spec: conversion: @@ -8194,7 +8205,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system @@ -8212,7 +8223,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system @@ -8230,7 +8241,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system @@ -8264,7 +8275,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector rules: - apiGroups: @@ -8334,7 +8345,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers rules: - apiGroups: @@ -8385,7 +8396,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -8436,7 +8447,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates rules: - apiGroups: @@ -8510,7 +8521,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders rules: - apiGroups: @@ -8581,7 +8592,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges rules: - apiGroups: @@ -8691,7 +8702,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -8765,7 +8776,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -8804,7 +8815,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -8852,7 +8863,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -8878,7 +8889,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -8926,7 +8937,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -8949,7 +8960,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -8973,7 +8984,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -8997,7 +9008,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -9021,7 +9032,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -9045,7 +9056,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -9069,7 +9080,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -9093,7 +9104,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -9117,7 +9128,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -9141,7 +9152,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -9165,7 +9176,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -9190,7 +9201,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system rules: @@ -9225,7 +9236,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system rules: @@ -9259,7 +9270,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system rules: @@ -9294,7 +9305,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: @@ -9319,7 +9330,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager:leaderelection namespace: kube-system roleRef: @@ -9345,7 +9356,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook:dynamic-serving namespace: kube-system roleRef: @@ -9371,7 +9382,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9399,7 +9410,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9427,7 +9438,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-cainjector namespace: kube-system spec: @@ -9445,7 +9456,7 @@ spec: app.kubernetes.io/component: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9467,7 +9478,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 + image: quay.io/jetstack/cert-manager-cainjector:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager securityContext: @@ -9496,7 +9507,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager namespace: kube-system spec: @@ -9518,7 +9529,7 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9542,7 +9553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.8.0 + image: quay.io/jetstack/cert-manager-controller:v1.9.1 imagePullPolicy: IfNotPresent name: cert-manager ports: @@ -9576,7 +9587,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook namespace: kube-system spec: @@ -9594,7 +9605,7 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 kops.k8s.io/managed-by: kops spec: affinity: @@ -9619,7 +9630,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.8.0 + image: quay.io/jetstack/cert-manager-webhook:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -9674,7 +9685,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -9716,7 +9727,7 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: kops app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.8.0 + app.kubernetes.io/version: v1.9.1 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template index 285d7cbafb..41ba6451c2 100644 --- a/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template +++ b/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template @@ -23,7 +23,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: conversion: strategy: Webhook @@ -144,7 +144,7 @@ spec: description: Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified. type: array items: - description: 'KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"' + description: 'KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"' type: string enum: - signing @@ -235,7 +235,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: conversion: strategy: Webhook @@ -411,6 +411,9 @@ spec: name: description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + type: string privateKey: description: Options to control private keys used for the Certificate. type: object @@ -512,7 +515,7 @@ spec: description: Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified. type: array items: - description: 'KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"' + description: 'KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"' type: string enum: - signing @@ -617,7 +620,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: conversion: strategy: Webhook @@ -950,8 +953,20 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: object + required: + - name + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -1268,7 +1283,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -1298,7 +1313,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -1349,7 +1364,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -1379,7 +1394,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -1437,7 +1452,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -1467,7 +1482,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -1518,7 +1533,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -1548,7 +1563,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -1664,7 +1679,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: conversion: strategy: Webhook @@ -2350,7 +2365,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -2380,7 +2395,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -2431,7 +2446,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -2461,7 +2476,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -2519,7 +2534,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -2549,7 +2564,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -2600,7 +2615,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -2630,7 +2645,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -2921,14 +2936,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: issuers.cert-manager.io - annotations: - cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app: 'cert-manager' app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: conversion: strategy: Webhook @@ -3296,8 +3309,20 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string + accessKeyIDSecretRef: + description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: object + required: + - name + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -3308,7 +3333,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -3614,7 +3639,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -3644,7 +3669,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -3695,7 +3720,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -3725,7 +3750,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -3783,7 +3808,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -3813,7 +3838,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -3864,7 +3889,7 @@ spec: additionalProperties: type: string namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: @@ -3894,7 +3919,7 @@ spec: additionalProperties: type: string namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string @@ -4185,14 +4210,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: orders.acme.cert-manager.io - annotations: - cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app: 'cert-manager' app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: conversion: strategy: Webhook @@ -4388,7 +4411,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" --- # Source: cert-manager/templates/serviceaccount.yaml apiVersion: v1 @@ -4402,7 +4425,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" --- # Source: cert-manager/templates/webhook-serviceaccount.yaml apiVersion: v1 @@ -4416,7 +4439,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" --- # Source: cert-manager/templates/webhook-config.yaml apiVersion: v1 @@ -4441,7 +4464,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates"] @@ -4473,7 +4496,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["cert-manager.io"] resources: ["issuers", "issuers/status"] @@ -4499,7 +4522,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["cert-manager.io"] resources: ["clusterissuers", "clusterissuers/status"] @@ -4525,7 +4548,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] @@ -4560,7 +4583,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["acme.cert-manager.io"] resources: ["orders", "orders/status"] @@ -4598,7 +4621,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: # Use to update challenge resource status - apiGroups: ["acme.cert-manager.io"] @@ -4658,7 +4681,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests"] @@ -4695,7 +4718,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -4717,7 +4740,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: @@ -4742,7 +4765,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] @@ -4762,7 +4785,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests"] @@ -4788,7 +4811,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4804,7 +4827,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4824,7 +4847,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4844,7 +4867,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4864,7 +4887,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4884,7 +4907,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4904,7 +4927,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4924,7 +4947,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4944,7 +4967,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4964,7 +4987,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4984,7 +5007,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5007,7 +5030,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: # Used for leader election by the controller # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller @@ -5033,7 +5056,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5054,7 +5077,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" rules: - apiGroups: [""] resources: ["secrets"] @@ -5079,7 +5102,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5102,7 +5125,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5124,7 +5147,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5146,7 +5169,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: type: ClusterIP ports: @@ -5170,7 +5193,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: type: ClusterIP ports: @@ -5194,7 +5217,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: replicas: 1 selector: @@ -5209,7 +5232,7 @@ spec: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: nodeSelector: null affinity: @@ -5233,7 +5256,7 @@ spec: operator: Exists containers: - name: cert-manager - image: "quay.io/jetstack/cert-manager-cainjector:v1.8.0" + image: "quay.io/jetstack/cert-manager-cainjector:v1.9.1" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5257,7 +5280,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: replicas: 1 selector: @@ -5272,7 +5295,7 @@ spec: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" annotations: prometheus.io/path: "/metrics" prometheus.io/scrape: 'true' @@ -5308,7 +5331,7 @@ spec: operator: Exists containers: - name: cert-manager - image: "quay.io/jetstack/cert-manager-controller:v1.8.0" + image: "quay.io/jetstack/cert-manager-controller:v1.9.1" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5345,7 +5368,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: replicas: 1 selector: @@ -5360,7 +5383,7 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" spec: nodeSelector: null affinity: @@ -5384,7 +5407,7 @@ spec: operator: Exists containers: - name: cert-manager - image: "quay.io/jetstack/cert-manager-webhook:v1.8.0" + image: "quay.io/jetstack/cert-manager-webhook:v1.9.1" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5434,7 +5457,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" annotations: cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca" webhooks: @@ -5475,7 +5498,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.8.0" + app.kubernetes.io/version: "v1.9.1" annotations: cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca" webhooks: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml index bb5f4843b2..18ac9c0f37 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml @@ -49,7 +49,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: certmanager.io/k8s-1.16.yaml - manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 + manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1 name: certmanager.io selector: null version: 9.99.0