From bf20c6a4b740d912707fe61a44d03eda337bc389 Mon Sep 17 00:00:00 2001 From: Javi Polo Date: Wed, 21 Apr 2021 19:09:42 +0200 Subject: [PATCH] Add ability to set a default Issuer in certManager addon --- docs/addons.md | 3 ++- k8s/crds/kops.k8s.io_clusters.yaml | 4 ++++ pkg/apis/kops/componentconfig.go | 4 ++++ pkg/apis/kops/v1alpha2/componentconfig.go | 4 ++++ pkg/apis/kops/v1alpha2/zz_generated.conversion.go | 2 ++ pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go | 5 +++++ pkg/apis/kops/zz_generated.deepcopy.go | 5 +++++ .../resources/addons/certmanager.io/k8s-1.16.yaml.template | 7 ++++++- 8 files changed, 32 insertions(+), 2 deletions(-) diff --git a/docs/addons.md b/docs/addons.md index fd46e5f12b..e769426d59 100644 --- a/docs/addons.md +++ b/docs/addons.md @@ -66,6 +66,7 @@ Cert-manager handles x509 certificates for your cluster. spec: certManager: enabled: true + defaultIssuer: yourDefaultIssuer ``` **Warning: cert-manager only supports one installation per cluster. If you are already running cert-manager, you need to remove this installation prior to enabling this addon. As long as you are using v1 versions of the cert-manager resources, it is safe to remove existing installs and replace it with this addon** @@ -300,4 +301,4 @@ spec: } ] ``` -The masters will poll for changes in the bucket and keep the addons up to date. \ No newline at end of file +The masters will poll for changes in the bucket and keep the addons up to date. diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index f70ba5208d..ee40ccdf1d 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -237,6 +237,10 @@ spec: certManager: description: CertManager determines the metrics server configuration. properties: + defaultIssuer: + description: 'defaultIssuer sets a default clusterIssuer Default: + none' + type: string enabled: description: 'Enabled enables the cert manager. Default: false' type: boolean diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index 508e0d96af..0ddfdddcf6 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -916,6 +916,10 @@ type CertManagerConfig struct { // Image is the docker container used. // Default: the latest supported image for the specified kubernetes version. Image *string `json:"image,omitempty"` + + // defaultIssuer sets a default clusterIssuer + // Default: none + DefaultIssuer *string `json:"defaultIssuer,omitempty"` } // AWSLoadBalancerControllerConfig determines the AWS LB controller configuration. diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go index b5e4b0d26d..837b3e0d7d 100644 --- a/pkg/apis/kops/v1alpha2/componentconfig.go +++ b/pkg/apis/kops/v1alpha2/componentconfig.go @@ -915,6 +915,10 @@ type CertManagerConfig struct { // Image is the docker container used. // Default: the latest supported image for the specified kubernetes version. Image *string `json:"image,omitempty"` + + // defaultIssuer sets a default clusterIssuer + // Default: none + DefaultIssuer *string `json:"defaultIssuer,omitempty"` } // AWSLoadBalancerControllerConfig determines the AWS LB controller configuration. diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 526120b6ce..d9ae512b78 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -1635,6 +1635,7 @@ func Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *kops.C func autoConvert_v1alpha2_CertManagerConfig_To_kops_CertManagerConfig(in *CertManagerConfig, out *kops.CertManagerConfig, s conversion.Scope) error { out.Enabled = in.Enabled out.Image = in.Image + out.DefaultIssuer = in.DefaultIssuer return nil } @@ -1646,6 +1647,7 @@ func Convert_v1alpha2_CertManagerConfig_To_kops_CertManagerConfig(in *CertManage func autoConvert_kops_CertManagerConfig_To_v1alpha2_CertManagerConfig(in *kops.CertManagerConfig, out *CertManagerConfig, s conversion.Scope) error { out.Enabled = in.Enabled out.Image = in.Image + out.DefaultIssuer = in.DefaultIssuer return nil } diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index 1b08d8f6df..57eecd6bba 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -415,6 +415,11 @@ func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) { *out = new(string) **out = **in } + if in.DefaultIssuer != nil { + in, out := &in.DefaultIssuer, &out.DefaultIssuer + *out = new(string) + **out = **in + } return } diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index ebdb1f8171..0e621d420a 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -431,6 +431,11 @@ func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) { *out = new(string) **out = **in } + if in.DefaultIssuer != nil { + in, out := &in.DefaultIssuer, &out.DefaultIssuer + *out = new(string) + **out = **in + } return } diff --git a/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template index f0a5589a4d..bab001f2c2 100644 --- a/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template +++ b/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template @@ -26279,6 +26279,11 @@ spec: - --cluster-resource-namespace=$(POD_NAMESPACE) - --leader-election-namespace=kube-system - --enable-certificate-owner-ref=true + {{ if .CertManager.DefaultIssuer }} + - --default-issuer-name={{ .CertManager.DefaultIssuer }} + - --default-issuer-kind=ClusterIssuer + - --default-issuer-group=cert-manager.io + {{ end }} env: - name: POD_NAMESPACE valueFrom: @@ -26297,7 +26302,7 @@ spec: tolerations: - key: node-role.kubernetes.io/master operator: Exists - + --- apiVersion: apps/v1 kind: Deployment