kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bump Cert Manager to 1.9.1

This commit is contained in:
Ole Markus With 2022-08-25 08:33:06 +02:00
parent 6c297f9638
commit ba5cc618fa
22 changed files with 1487 additions and 1354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -41,7 +41,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -41,7 +41,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

2
tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0

259
tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io name: certificaterequests.cert-manager.io
spec: spec:
conversion: conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io name: certificates.cert-manager.io
spec: spec:
conversion: conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef - passwordSecretRef
type: object type: object
type: object type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
properties: properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io name: challenges.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -1233,9 +1244,29 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials Cannot be set when SecretAccessKeyID is set. If neither
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this namespaces list means "this
pod's namespace". An empty pod's namespace". An empty
selector ({}) matches all selector ({}) matches all
namespaces. This field is namespaces.
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector. ones selected by namespaceSelector.
null or empty namespaces list null or empty namespaces list
and null namespaceSelector and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means or empty namespaces list means
"this pod's namespace". An empty "this pod's namespace". An empty
selector ({}) matches all namespaces. selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by field and the ones selected by
namespaceSelector. null or empty namespaceSelector. null or empty
namespaces list and null namespaceSelector namespaces list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io name: clusterissuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io name: issuers.cert-manager.io
spec: spec:
conversion: conversion:
@ -5884,10 +5887,33 @@ spec:
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared Cannot be set when SecretAccessKeyID is set. If
credentials file or AWS Instance metadata see: neither the Access Key nor Key ID are set, we
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only description: If set, the provider will manage only
this zone in Route53 and will not do an lookup this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. description: 'The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared If neither the Access Key nor Key ID are set,
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties: properties:
key: key:
description: The key of the entry in the Secret description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's list means "this pod's
namespace". An empty namespace". An empty
selector ({}) matches selector ({}) matches
all namespaces. This all namespaces.
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector. selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces null or empty namespaces
list means "this pod's namespace". list means "this pod's namespace".
An empty selector ({}) matches An empty selector ({}) matches
all namespaces. This field all namespaces.
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector. the ones selected by namespaceSelector.
null or empty namespaces null or empty namespaces
list and null namespaceSelector list and null namespaceSelector
means "this pod's namespace" means "this pod's namespace".
items: items:
type: string type: string
type: array type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: certmanager.io addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
spec: spec:
conversion: conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
rules: rules:
- apiGroups: - apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
rules: rules:
- apiGroups: - apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
rules: rules:
- apiGroups: - apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
rules: rules:
- apiGroups: - apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
rules: rules:
- apiGroups: - apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
rules: rules:
- apiGroups: - apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
rules: rules:
- apiGroups: - apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
rules: rules:
- apiGroups: - apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
rules: rules:
- apiGroups: - apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
rules: rules:
- apiGroups: - apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers name: cert-manager-controller-issuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers name: cert-manager-controller-clusterissuers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates name: cert-manager-controller-certificates
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders name: cert-manager-controller-orders
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges name: cert-manager-controller-challenges
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim name: cert-manager-controller-ingress-shim
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io name: cert-manager-controller-approve:cert-manager-io
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests name: cert-manager-controller-certificatesigningrequests
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews name: cert-manager-webhook:subjectaccessreviews
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
rules: rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
rules: rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection name: cert-manager-cainjector:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection name: cert-manager:leaderelection
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving name: cert-manager-webhook:dynamic-serving
namespace: kube-system namespace: kube-system
roleRef: roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector name: cert-manager-cainjector
namespace: kube-system namespace: kube-system
spec: spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0 image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
securityContext: securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager name: cert-manager
namespace: kube-system namespace: kube-system
spec: spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0 image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: cert-manager name: cert-manager
ports: ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
namespace: kube-system namespace: kube-system
spec: spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops kops.k8s.io/managed-by: kops
spec: spec:
affinity: affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0 image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0 app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook name: cert-manager-webhook
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

185
upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template
View File

@ -23,7 +23,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager' app.kubernetes.io/instance: 'cert-manager'
# Generated labels # Generated labels
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
conversion: conversion:
strategy: Webhook strategy: Webhook
@ -235,7 +235,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager' app.kubernetes.io/instance: 'cert-manager'
# Generated labels # Generated labels
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
conversion: conversion:
strategy: Webhook strategy: Webhook
@ -411,6 +411,9 @@ spec:
name: name:
description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string type: string
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook.
type: string
privateKey: privateKey:
description: Options to control private keys used for the Certificate. description: Options to control private keys used for the Certificate.
type: object type: object
@ -617,7 +620,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager' app.kubernetes.io/instance: 'cert-manager'
# Generated labels # Generated labels
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
conversion: conversion:
strategy: Webhook strategy: Webhook
@ -950,7 +953,19 @@ spec:
- region - region
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: object
required:
- name
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string type: string
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
@ -1268,7 +1283,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -1298,7 +1313,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -1349,7 +1364,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -1379,7 +1394,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -1437,7 +1452,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -1467,7 +1482,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -1518,7 +1533,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -1548,7 +1563,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -1664,7 +1679,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager' app.kubernetes.io/instance: 'cert-manager'
# Generated labels # Generated labels
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
conversion: conversion:
strategy: Webhook strategy: Webhook
@ -2350,7 +2365,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -2380,7 +2395,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -2431,7 +2446,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -2461,7 +2476,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -2519,7 +2534,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -2549,7 +2564,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -2600,7 +2615,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -2630,7 +2645,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -2921,14 +2936,12 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
name: issuers.cert-manager.io name: issuers.cert-manager.io
annotations:
cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels: labels:
app: 'cert-manager' app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager' app.kubernetes.io/instance: 'cert-manager'
# Generated labels # Generated labels
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
conversion: conversion:
strategy: Webhook strategy: Webhook
@ -3296,7 +3309,19 @@ spec:
- region - region
properties: properties:
accessKeyID: accessKeyID:
description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: object
required:
- name
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string type: string
hostedZoneID: hostedZoneID:
description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
@ -3308,7 +3333,7 @@ spec:
description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
type: string type: string
secretAccessKeySecretRef: secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: object type: object
required: required:
- name - name
@ -3614,7 +3639,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -3644,7 +3669,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -3695,7 +3720,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -3725,7 +3750,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -3783,7 +3808,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -3813,7 +3838,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -3864,7 +3889,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaceSelector: namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object type: object
properties: properties:
matchExpressions: matchExpressions:
@ -3894,7 +3919,7 @@ spec:
additionalProperties: additionalProperties:
type: string type: string
namespaces: namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array type: array
items: items:
type: string type: string
@ -4185,14 +4210,12 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
name: orders.acme.cert-manager.io name: orders.acme.cert-manager.io
annotations:
cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels: labels:
app: 'cert-manager' app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager' app.kubernetes.io/instance: 'cert-manager'
# Generated labels # Generated labels
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
conversion: conversion:
strategy: Webhook strategy: Webhook
@ -4388,7 +4411,7 @@ metadata:
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector" app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
--- ---
# Source: cert-manager/templates/serviceaccount.yaml # Source: cert-manager/templates/serviceaccount.yaml
apiVersion: v1 apiVersion: v1
@ -4402,7 +4425,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
--- ---
# Source: cert-manager/templates/webhook-serviceaccount.yaml # Source: cert-manager/templates/webhook-serviceaccount.yaml
apiVersion: v1 apiVersion: v1
@ -4416,7 +4439,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
--- ---
# Source: cert-manager/templates/webhook-config.yaml # Source: cert-manager/templates/webhook-config.yaml
apiVersion: v1 apiVersion: v1
@ -4441,7 +4464,7 @@ metadata:
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector" app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["cert-manager.io"] - apiGroups: ["cert-manager.io"]
resources: ["certificates"] resources: ["certificates"]
@ -4473,7 +4496,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["cert-manager.io"] - apiGroups: ["cert-manager.io"]
resources: ["issuers", "issuers/status"] resources: ["issuers", "issuers/status"]
@ -4499,7 +4522,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["cert-manager.io"] - apiGroups: ["cert-manager.io"]
resources: ["clusterissuers", "clusterissuers/status"] resources: ["clusterissuers", "clusterissuers/status"]
@ -4525,7 +4548,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["cert-manager.io"] - apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
@ -4560,7 +4583,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["acme.cert-manager.io"] - apiGroups: ["acme.cert-manager.io"]
resources: ["orders", "orders/status"] resources: ["orders", "orders/status"]
@ -4598,7 +4621,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
# Use to update challenge resource status # Use to update challenge resource status
- apiGroups: ["acme.cert-manager.io"] - apiGroups: ["acme.cert-manager.io"]
@ -4658,7 +4681,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["cert-manager.io"] - apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificaterequests"] resources: ["certificates", "certificaterequests"]
@ -4695,7 +4718,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
@ -4717,7 +4740,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules: rules:
@ -4742,7 +4765,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager" app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["cert-manager.io"] - apiGroups: ["cert-manager.io"]
resources: ["signers"] resources: ["signers"]
@ -4762,7 +4785,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager" app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["certificates.k8s.io"] - apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"] resources: ["certificatesigningrequests"]
@ -4788,7 +4811,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["authorization.k8s.io"] - apiGroups: ["authorization.k8s.io"]
resources: ["subjectaccessreviews"] resources: ["subjectaccessreviews"]
@ -4804,7 +4827,7 @@ metadata:
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector" app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4824,7 +4847,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4844,7 +4867,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4864,7 +4887,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4884,7 +4907,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4904,7 +4927,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4924,7 +4947,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4944,7 +4967,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager" app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4964,7 +4987,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager" app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -4984,7 +5007,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -5007,7 +5030,7 @@ metadata:
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector" app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
# Used for leader election by the controller # Used for leader election by the controller
# cert-manager-cainjector-leader-election is used by the CertificateBased injector controller # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
@ -5033,7 +5056,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: ["coordination.k8s.io"] - apiGroups: ["coordination.k8s.io"]
resources: ["leases"] resources: ["leases"]
@ -5054,7 +5077,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
@ -5079,7 +5102,7 @@ metadata:
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector" app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@ -5102,7 +5125,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@ -5124,7 +5147,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@ -5146,7 +5169,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
@ -5170,7 +5193,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
@ -5194,7 +5217,7 @@ metadata:
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector" app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -5209,7 +5232,7 @@ spec:
app.kubernetes.io/name: cainjector app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector" app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
nodeSelector: null nodeSelector: null
affinity: affinity:
@ -5233,7 +5256,7 @@ spec:
operator: Exists operator: Exists
containers: containers:
- name: cert-manager - name: cert-manager
image: "quay.io/jetstack/cert-manager-cainjector:v1.8.0" image: "quay.io/jetstack/cert-manager-cainjector:v1.9.1"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- --v=2 - --v=2
@ -5257,7 +5280,7 @@ metadata:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -5272,7 +5295,7 @@ spec:
app.kubernetes.io/name: cert-manager app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller" app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
annotations: annotations:
prometheus.io/path: "/metrics" prometheus.io/path: "/metrics"
prometheus.io/scrape: 'true' prometheus.io/scrape: 'true'
@ -5308,7 +5331,7 @@ spec:
operator: Exists operator: Exists
containers: containers:
- name: cert-manager - name: cert-manager
image: "quay.io/jetstack/cert-manager-controller:v1.8.0" image: "quay.io/jetstack/cert-manager-controller:v1.9.1"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- --v=2 - --v=2
@ -5345,7 +5368,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -5360,7 +5383,7 @@ spec:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
spec: spec:
nodeSelector: null nodeSelector: null
affinity: affinity:
@ -5384,7 +5407,7 @@ spec:
operator: Exists operator: Exists
containers: containers:
- name: cert-manager - name: cert-manager
image: "quay.io/jetstack/cert-manager-webhook:v1.8.0" image: "quay.io/jetstack/cert-manager-webhook:v1.9.1"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- --v=2 - --v=2
@ -5434,7 +5457,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
annotations: annotations:
cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca" cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca"
webhooks: webhooks:
@ -5475,7 +5498,7 @@ metadata:
app.kubernetes.io/name: webhook app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook" app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0" app.kubernetes.io/version: "v1.9.1"
annotations: annotations:
cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca" cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca"
webhooks: webhooks:

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml
View File

@ -49,7 +49,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97 manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io name: certmanager.io
selector: null selector: null
version: 9.99.0 version: 9.99.0