Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deploy releases/k8s-manifests 5f0cd7b #96

Merged
merged 2 commits into from
Apr 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/k8s-prepare.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ jobs:
## build PR description body
echo
echo "Builing PR title+body content..."
diff_size=$(du -k '/tmp/kube.diff' | cut -f1)
diff_size=$(wc -c /tmp/kube.diff | awk '{print $1}')
pr_head_describe="$(git describe --always --tag)"

pr_title="Deploy ${BRANCH_RELEASE} ${pr_head_describe}"
Expand Down
3 changes: 3 additions & 0 deletions _/ClusterRole/cert-manager-cainjector.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ rules:
- list
- watch
- update
- patch
- apiGroups:
- apiregistration.k8s.io
resources:
Expand All @@ -55,6 +56,7 @@ rules:
- list
- watch
- update
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
Expand All @@ -64,3 +66,4 @@ rules:
- list
- watch
- update
- patch
22 changes: 22 additions & 0 deletions _/ClusterRole/cert-manager-cluster-view.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
rbac.authorization.k8s.io/aggregate-to-cluster-reader: 'true'
name: cert-manager-cluster-view
rules:
- apiGroups:
- cert-manager.io
resources:
- clusterissuers
verbs:
- get
- list
- watch
1 change: 1 addition & 0 deletions _/ClusterRole/cert-manager-view.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ metadata:
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
rbac.authorization.k8s.io/aggregate-to-admin: 'true'
rbac.authorization.k8s.io/aggregate-to-cluster-reader: 'true'
rbac.authorization.k8s.io/aggregate-to-edit: 'true'
rbac.authorization.k8s.io/aggregate-to-view: 'true'
name: cert-manager-view
Expand Down
62 changes: 31 additions & 31 deletions _/CustomResourceDefinition/certificaterequests.cert-manager.io.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
description: >-
A CertificateRequest is used to request a signed certificate from
one of the configured issuers.
All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field.
All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `Ready` status condition and its `status.failureTime` field.
A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used.
properties:
apiVersion:
Expand All @@ -79,12 +79,16 @@ spec:
metadata:
type: object
spec:
description: Desired state of the CertificateRequest resource.
description: >-
Specification of the desired state of the CertificateRequest
resource.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
duration:
description: >-
The requested 'duration' (i.e. lifetime) of the Certificate.
This option may be ignored/overridden by some issuer types.
Requested 'duration' (i.e. lifetime) of the Certificate.
Note that the issuer may choose to ignore the requested
duration, just like any other requested attribute.
type: string
extra:
additionalProperties:
Expand All @@ -107,22 +111,19 @@ spec:
x-kubernetes-list-type: atomic
isCA:
description: >-
IsCA will request to mark the certificate as valid for
certificate signing when submitting to the issuer. This will
automatically add the `cert sign` usage to the list of
`usages`.
Requested basic constraints isCA value. Note that the issuer
may choose to ignore the requested isCA value, just like any
other requested attribute.
NOTE: If the CSR in the `Request` field has a BasicConstraints extension, it must have the same isCA value as specified here.
If true, this will automatically add the `cert sign` usage to the list of requested `usages`.
type: boolean
issuerRef:
description: >-
IssuerRef is a reference to the issuer for this
CertificateRequest. If the `kind` field is not set, or set
to `Issuer`, an Issuer resource with the given name in the
same namespace as the CertificateRequest will be used. If
the `kind` field is set to `ClusterIssuer`, a ClusterIssuer
with the provided name will be used. The `name` field in
this stanza is required at all times. The group field refers
to the API group of the issuer which defaults to
`cert-manager.io` if empty.
Reference to the issuer responsible for issuing the
certificate. If the issuer is namespace-scoped, it must be
in the same namespace as the Certificate. If the issuer is
cluster-scoped, it can be used from any namespace.
The `name` field of the reference must always be specified.
properties:
group:
description: Group of the resource being referred to.
Expand All @@ -138,8 +139,9 @@ spec:
type: object
request:
description: >-
The PEM-encoded x509 certificate signing request to be
submitted to the CA for signing.
The PEM-encoded X.509 certificate signing request to be
submitted to the issuer for signing.
If the CSR has a BasicConstraints extension, its isCA attribute must match the `isCA` value of this CertificateRequest. If the CSR has a KeyUsage extension, its key usages must match the key usages in the `usages` field of this CertificateRequest. If the CSR has a ExtKeyUsage extension, its extended key usages must match the extended key usages in the `usages` field of this CertificateRequest.
format: byte
type: string
uid:
Expand All @@ -149,11 +151,10 @@ spec:
creation and immutable.
type: string
usages:
description: >-
Usages is the set of x509 usages that are requested for the
certificate. If usages are set they SHOULD be encoded inside
the CSR spec Defaults to `digital signature` and `key
encipherment` if not specified.
description: |-
Requested key usages and extended key usages.
NOTE: If the CSR in the `Request` field has uses the KeyUsage or ExtKeyUsage extension, these extensions must have the same values as specified here without any additional values.
If unset, defaults to `digital signature` and `key encipherment`.
items:
description: >-
KeyUsage specifies valid usage contexts for keys. See:
Expand Down Expand Up @@ -199,19 +200,20 @@ spec:
status:
description: >-
Status of the CertificateRequest. This is set and managed
automatically.
automatically. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
ca:
description: >-
The PEM encoded x509 certificate of the signer, also known
The PEM encoded X.509 certificate of the signer, also known
as the CA (Certificate Authority). This is set on a
best-effort basis by different issuers. If not set, the CA
is assumed to be unknown/not available.
format: byte
type: string
certificate:
description: >-
The PEM encoded x509 certificate resulting from the
The PEM encoded X.509 certificate resulting from the
certificate signing request. If not set, the
CertificateRequest has either not been completed or has
failed. More information on failure can be found by checking
Expand All @@ -221,8 +223,8 @@ spec:
conditions:
description: >-
List of status conditions to indicate the status of a
CertificateRequest. Known condition types are `Ready` and
`InvalidRequest`.
CertificateRequest. Known condition types are `Ready`,
`InvalidRequest`, `Approved` and `Denied`.
items:
description: >-
CertificateRequestCondition contains condition information
Expand Down Expand Up @@ -274,8 +276,6 @@ spec:
format: date-time
type: string
type: object
required:
- spec
type: object
served: true
storage: true
Expand Down
Loading
Loading