Merge pull request #11281 from javipolo/cert-manager-default-issuer

Add ability to set a default Issuer in certManager addon

docs/addons.md

@@ -66,6 +66,7 @@ Cert-manager handles x509 certificates for your cluster.
 spec:
   certManager:
     enabled: true
+    defaultIssuer: yourDefaultIssuer
 ```
 
 **Warning: cert-manager only supports one installation per cluster. If you are already running cert-manager, you need to remove this installation prior to enabling this addon. As long as you are using v1 versions of the cert-manager resources, it is safe to remove existing installs and replace it with this addon**

k8s/crds/kops.k8s.io_clusters.yaml

@@ -237,6 +237,10 @@ spec:
               certManager:
                 description: CertManager determines the metrics server configuration.
                 properties:
+                  defaultIssuer:
+                    description: 'defaultIssuer sets a default clusterIssuer Default:
+                      none'
+                    type: string
                   enabled:
                     description: 'Enabled enables the cert manager. Default: false'
                     type: boolean

pkg/apis/kops/componentconfig.go

@@ -922,6 +922,10 @@ type CertManagerConfig struct {
 	// Image is the docker container used.
 	// Default: the latest supported image for the specified kubernetes version.
 	Image *string `json:"image,omitempty"`
+
+	// defaultIssuer sets a default clusterIssuer
+	// Default: none
+	DefaultIssuer *string `json:"defaultIssuer,omitempty"`
 }
 
 // AWSLoadBalancerControllerConfig determines the AWS LB controller configuration.

pkg/apis/kops/v1alpha2/componentconfig.go

@@ -921,6 +921,10 @@ type CertManagerConfig struct {
 	// Image is the docker container used.
 	// Default: the latest supported image for the specified kubernetes version.
 	Image *string `json:"image,omitempty"`
+
+	// defaultIssuer sets a default clusterIssuer
+	// Default: none
+	DefaultIssuer *string `json:"defaultIssuer,omitempty"`
 }
 
 // AWSLoadBalancerControllerConfig determines the AWS LB controller configuration.

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -1635,6 +1635,7 @@ func Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *kops.C
 func autoConvert_v1alpha2_CertManagerConfig_To_kops_CertManagerConfig(in *CertManagerConfig, out *kops.CertManagerConfig, s conversion.Scope) error {
 	out.Enabled = in.Enabled
 	out.Image = in.Image
+	out.DefaultIssuer = in.DefaultIssuer
 	return nil
 }
 
@@ -1646,6 +1647,7 @@ func Convert_v1alpha2_CertManagerConfig_To_kops_CertManagerConfig(in *CertManage
 func autoConvert_kops_CertManagerConfig_To_v1alpha2_CertManagerConfig(in *kops.CertManagerConfig, out *CertManagerConfig, s conversion.Scope) error {
 	out.Enabled = in.Enabled
 	out.Image = in.Image
+	out.DefaultIssuer = in.DefaultIssuer
 	return nil
 }
 

pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go

@@ -415,6 +415,11 @@ func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.DefaultIssuer != nil {
+		in, out := &in.DefaultIssuer, &out.DefaultIssuer
+		*out = new(string)
+		**out = **in
+	}
 	return
 }
 

pkg/apis/kops/zz_generated.deepcopy.go

@@ -431,6 +431,11 @@ func (in *CertManagerConfig) DeepCopyInto(out *CertManagerConfig) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.DefaultIssuer != nil {
+		in, out := &in.DefaultIssuer, &out.DefaultIssuer
+		*out = new(string)
+		**out = **in
+	}
 	return
 }
 

upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template

@@ -26279,6 +26279,11 @@ spec:
         - --cluster-resource-namespace=$(POD_NAMESPACE)
         - --leader-election-namespace=kube-system
         - --enable-certificate-owner-ref=true
+        {{ if .CertManager.DefaultIssuer }}
+        - --default-issuer-name={{ .CertManager.DefaultIssuer }}
+        - --default-issuer-kind=ClusterIssuer
+        - --default-issuer-group=cert-manager.io
+        {{ end }}
         env:
         - name: POD_NAMESPACE
           valueFrom: