kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bump Cert Manager to 1.9.1

This commit is contained in:
Ole Markus With 2022-08-25 08:33:06 +02:00
parent 6c297f9638
commit ba5cc618fa
22 changed files with 1487 additions and 1354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -41,7 +41,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -41,7 +41,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa23/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/many-addons/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

2
tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content
View File

@ -48,7 +48,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0

259
tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-certmanager.io-k8s-1.16_content
View File

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificaterequests.cert-manager.io
spec:
conversion:
@ -279,7 +279,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: certificates.cert-manager.io
spec:
conversion:
@ -511,6 +511,17 @@ spec:
- passwordSecretRef
type: object
type: object
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents
the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6).
Use this *instead* of the Subject field if you need to ensure the
correct ordering of the RDN sequence, such as when issuing certs
for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203,
https://github.com/cert-manager/cert-manager/issues/4424. This field
is alpha level and is only supported by cert-manager installations
where LiteralCertificateSubject feature gate is enabled on both
cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
properties:
@ -816,7 +827,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: challenges.acme.cert-manager.io
spec:
conversion:
@ -1233,9 +1244,29 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared credentials
file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If neither
the Access Key nor Key ID are set, we fall-back to using
env vars, shared credentials file or AWS Instance metadata,
see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set, we fall-back
to using env vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret resource's
`data` field to be used. Some instances of this
field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only this
zone in Route53 and will not do an lookup using the
@ -1868,10 +1899,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -1949,7 +1977,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2084,9 +2112,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2157,7 +2182,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2295,10 +2320,7 @@ spec:
namespaces list means "this
pod's namespace". An empty
selector ({}) matches all
namespaces. This field is
beta-level and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -2376,7 +2398,7 @@ spec:
ones selected by namespaceSelector.
null or empty namespaces list
and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2511,9 +2533,6 @@ spec:
or empty namespaces list means
"this pod's namespace". An empty
selector ({}) matches all namespaces.
This field is beta-level and is
only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions
@ -2584,7 +2603,7 @@ spec:
field and the ones selected by
namespaceSelector. null or empty
namespaces list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -2802,7 +2821,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: clusterissuers.cert-manager.io
spec:
conversion:
@ -4045,11 +4064,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4144,7 +4159,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4299,10 +4314,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4384,7 +4396,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4546,11 +4558,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4645,7 +4653,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -4800,10 +4808,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -4885,7 +4890,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -5359,8 +5364,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -5368,7 +5371,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: issuers.cert-manager.io
spec:
conversion:
@ -5884,10 +5887,33 @@ spec:
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata see:
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
Cannot be set when SecretAccessKeyID is set. If
neither the Access Key nor Key ID are set, we
fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication.
If set, pull the AWS access key ID from a key
within a Kubernetes Secret. Cannot be set when
AccessKeyID is set. If neither the Access Key
nor Key ID are set, we fall-back to using env
vars, shared credentials file or AWS Instance
metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others
it may be required.
type: string
name:
description: 'Name of the resource being referred
to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
required:
- name
type: object
hostedZoneID:
description: If set, the provider will manage only
this zone in Route53 and will not do an lookup
@ -5905,9 +5931,10 @@ spec:
shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication.
If not set we fall-back to using env vars, shared
credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication.
If neither the Access Key nor Key ID are set,
we fall-back to using env vars, shared credentials
file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
properties:
key:
description: The key of the entry in the Secret
@ -6610,11 +6637,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6709,7 +6732,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -6864,10 +6887,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -6949,7 +6969,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7111,11 +7131,7 @@ spec:
list means "this pod's
namespace". An empty
selector ({}) matches
all namespaces. This
field is beta-level
and is only honored
when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7210,7 +7226,7 @@ spec:
selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7365,10 +7381,7 @@ spec:
null or empty namespaces
list means "this pod's namespace".
An empty selector ({}) matches
all namespaces. This field
is beta-level and is only
honored when PodAffinityNamespaceSelector
feature is enabled.
all namespaces.
properties:
matchExpressions:
description: matchExpressions
@ -7450,7 +7463,7 @@ spec:
the ones selected by namespaceSelector.
null or empty namespaces
list and null namespaceSelector
means "this pod's namespace"
means "this pod's namespace".
items:
type: string
type: array
@ -7924,8 +7937,6 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca
creationTimestamp: null
labels:
addon.kops.k8s.io/name: certmanager.io
@ -7933,7 +7944,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: orders.acme.cert-manager.io
spec:
conversion:
@ -8194,7 +8205,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
@ -8212,7 +8223,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
@ -8230,7 +8241,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
@ -8264,7 +8275,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
rules:
- apiGroups:
@ -8334,7 +8345,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
rules:
- apiGroups:
@ -8385,7 +8396,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
@ -8436,7 +8447,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
rules:
- apiGroups:
@ -8510,7 +8521,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
rules:
- apiGroups:
@ -8581,7 +8592,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
rules:
- apiGroups:
@ -8691,7 +8702,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
@ -8765,7 +8776,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -8804,7 +8815,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
@ -8852,7 +8863,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
@ -8878,7 +8889,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
@ -8926,7 +8937,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
@ -8949,7 +8960,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8973,7 +8984,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -8997,7 +9008,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9021,7 +9032,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9045,7 +9056,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9069,7 +9080,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9093,7 +9104,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9117,7 +9128,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-approve:cert-manager-io
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9141,7 +9152,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-controller-certificatesigningrequests
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9165,7 +9176,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:subjectaccessreviews
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -9190,7 +9201,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
@ -9225,7 +9236,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
rules:
@ -9259,7 +9270,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
rules:
@ -9294,7 +9305,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
@ -9319,7 +9330,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
@ -9345,7 +9356,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook:dynamic-serving
namespace: kube-system
roleRef:
@ -9371,7 +9382,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9399,7 +9410,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9427,7 +9438,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-cainjector
namespace: kube-system
spec:
@ -9445,7 +9456,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9467,7 +9478,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.8.0
image: quay.io/jetstack/cert-manager-cainjector:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
securityContext:
@ -9496,7 +9507,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager
namespace: kube-system
spec:
@ -9518,7 +9529,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9542,7 +9553,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.8.0
image: quay.io/jetstack/cert-manager-controller:v1.9.1
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
@ -9576,7 +9587,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
namespace: kube-system
spec:
@ -9594,7 +9605,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
kops.k8s.io/managed-by: kops
spec:
affinity:
@ -9619,7 +9630,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.8.0
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@ -9674,7 +9685,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:
@ -9716,7 +9727,7 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kops
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.8.0
app.kubernetes.io/version: v1.9.1
name: cert-manager-webhook
webhooks:
- admissionReviewVersions:

185
upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template
View File

@ -23,7 +23,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
conversion:
strategy: Webhook
@ -235,7 +235,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
conversion:
strategy: Webhook
@ -411,6 +411,9 @@ spec:
name:
description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
literalSubject:
description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook.
type: string
privateKey:
description: Options to control private keys used for the Certificate.
type: object
@ -617,7 +620,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
conversion:
strategy: Webhook
@ -950,7 +953,19 @@ spec:
- region
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: object
required:
- name
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
hostedZoneID:
description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
@ -1268,7 +1283,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -1298,7 +1313,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -1349,7 +1364,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -1379,7 +1394,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -1437,7 +1452,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -1467,7 +1482,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -1518,7 +1533,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -1548,7 +1563,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -1664,7 +1679,7 @@ metadata:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
conversion:
strategy: Webhook
@ -2350,7 +2365,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -2380,7 +2395,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -2431,7 +2446,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -2461,7 +2476,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -2519,7 +2534,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -2549,7 +2564,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -2600,7 +2615,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -2630,7 +2645,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -2921,14 +2936,12 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: issuers.cert-manager.io
annotations:
cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
conversion:
strategy: Webhook
@ -3296,7 +3309,19 @@ spec:
- region
properties:
accessKeyID:
description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: string
accessKeyIDSecretRef:
description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: object
required:
- name
properties:
key:
description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
type: string
name:
description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
hostedZoneID:
description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
@ -3308,7 +3333,7 @@ spec:
description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
type: string
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
type: object
required:
- name
@ -3614,7 +3639,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -3644,7 +3669,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -3695,7 +3720,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -3725,7 +3750,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -3783,7 +3808,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -3813,7 +3838,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -3864,7 +3889,7 @@ spec:
additionalProperties:
type: string
namespaceSelector:
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
type: object
properties:
matchExpressions:
@ -3894,7 +3919,7 @@ spec:
additionalProperties:
type: string
namespaces:
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: array
items:
type: string
@ -4185,14 +4210,12 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: orders.acme.cert-manager.io
annotations:
cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/instance: 'cert-manager'
# Generated labels
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
conversion:
strategy: Webhook
@ -4388,7 +4411,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
---
# Source: cert-manager/templates/serviceaccount.yaml
apiVersion: v1
@ -4402,7 +4425,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
---
# Source: cert-manager/templates/webhook-serviceaccount.yaml
apiVersion: v1
@ -4416,7 +4439,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
---
# Source: cert-manager/templates/webhook-config.yaml
apiVersion: v1
@ -4441,7 +4464,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["certificates"]
@ -4473,7 +4496,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["issuers", "issuers/status"]
@ -4499,7 +4522,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["clusterissuers", "clusterissuers/status"]
@ -4525,7 +4548,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
@ -4560,7 +4583,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["acme.cert-manager.io"]
resources: ["orders", "orders/status"]
@ -4598,7 +4621,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
# Use to update challenge resource status
- apiGroups: ["acme.cert-manager.io"]
@ -4658,7 +4681,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificaterequests"]
@ -4695,7 +4718,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
@ -4717,7 +4740,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
@ -4742,7 +4765,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["cert-manager.io"]
resources: ["signers"]
@ -4762,7 +4785,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
@ -4788,7 +4811,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["authorization.k8s.io"]
resources: ["subjectaccessreviews"]
@ -4804,7 +4827,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4824,7 +4847,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4844,7 +4867,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4864,7 +4887,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4884,7 +4907,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4904,7 +4927,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4924,7 +4947,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4944,7 +4967,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4964,7 +4987,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cert-manager"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -4984,7 +5007,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -5007,7 +5030,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
# Used for leader election by the controller
# cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
@ -5033,7 +5056,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
@ -5054,7 +5077,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
rules:
- apiGroups: [""]
resources: ["secrets"]
@ -5079,7 +5102,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -5102,7 +5125,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -5124,7 +5147,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -5146,7 +5169,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
type: ClusterIP
ports:
@ -5170,7 +5193,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
type: ClusterIP
ports:
@ -5194,7 +5217,7 @@ metadata:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
replicas: 1
selector:
@ -5209,7 +5232,7 @@ spec:
app.kubernetes.io/name: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "cainjector"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
nodeSelector: null
affinity:
@ -5233,7 +5256,7 @@ spec:
operator: Exists
containers:
- name: cert-manager
image: "quay.io/jetstack/cert-manager-cainjector:v1.8.0"
image: "quay.io/jetstack/cert-manager-cainjector:v1.9.1"
imagePullPolicy: IfNotPresent
args:
- --v=2
@ -5257,7 +5280,7 @@ metadata:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
replicas: 1
selector:
@ -5272,7 +5295,7 @@ spec:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
annotations:
prometheus.io/path: "/metrics"
prometheus.io/scrape: 'true'
@ -5308,7 +5331,7 @@ spec:
operator: Exists
containers:
- name: cert-manager
image: "quay.io/jetstack/cert-manager-controller:v1.8.0"
image: "quay.io/jetstack/cert-manager-controller:v1.9.1"
imagePullPolicy: IfNotPresent
args:
- --v=2
@ -5345,7 +5368,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
replicas: 1
selector:
@ -5360,7 +5383,7 @@ spec:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
spec:
nodeSelector: null
affinity:
@ -5384,7 +5407,7 @@ spec:
operator: Exists
containers:
- name: cert-manager
image: "quay.io/jetstack/cert-manager-webhook:v1.8.0"
image: "quay.io/jetstack/cert-manager-webhook:v1.9.1"
imagePullPolicy: IfNotPresent
args:
- --v=2
@ -5434,7 +5457,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
annotations:
cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca"
webhooks:
@ -5475,7 +5498,7 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "webhook"
app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/version: "v1.9.1"
annotations:
cert-manager.io/inject-ca-from-secret: "kube-system/cert-manager-webhook-ca"
webhooks:

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml
View File

@ -49,7 +49,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: fa3e4adb14fc2f64a688763b14c13aa599f17a03db832ce9e404983cfec43a97
manifestHash: 79bc70f8f9b7a91e97830ecaa8968a51e0c5b78318444cb5a44935e8f9f73aa1
name: certmanager.io
selector: null
version: 9.99.0