forked from hswaw/hscloud
cert-manager: bump to v0.9.1
We just got this email: We've been working with Jetstack, the authors of cert-manager, on a series of fixes to the client. Cert-manager sometimes falls into a traffic pattern where it sends really excessive traffic to Let's Encrypt's servers, continuously. To mitigate this, we plan to start blocking all traffic from cert-manager versions less than 0.8.0 (the current semver minor release), as of November 1, 2019. Please upgrade all of your cert-manager instances before then. We're sending this email because this is the contact address of your cert-manager instance at: 185.236.240.37 . Version 0.8.0 is much better but we still observe excessive traffic in some cases. We're working with Jetstack to improve these cases. As new versions of cert-manager are released, we will add the non-current versions to our block list after 3 months. We strongly encourage cert-manager users to stay up-to-date with new versions. Also, there is an opportunity to help both Jetstack and Let's Encrypt. Once you've upgraded, please check the logs for your cert-manager instances from time to time. Are they making excessive requests to Let's Encrypt (more than, say, 10 per day over multiple days)? If so, please share details at https://github.com/jetstack/cert-manager/issues/1948 . Thanks, Let's Encrypt Team Change-Id: Ic7152150ac1c96941423878c6d4b6209e07429cfmaster
parent
ef93747aec
commit
d16454badc
|
@ -11,6 +11,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
cfg:: {
|
||||
namespace: "cert-manager",
|
||||
enableWebhook: false,
|
||||
version: "v0.9.1",
|
||||
},
|
||||
|
||||
metadata:: {
|
||||
|
@ -389,7 +390,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
serviceAccountName: env.sas.cainjector.metadata.name,
|
||||
containers_: {
|
||||
cainjector: kube.Container("cainjector") {
|
||||
image: "quay.io/jetstack/cert-manager-cainjector:v0.7.0",
|
||||
image: "quay.io/jetstack/cert-manager-cainjector:" + cfg.version,
|
||||
args: [
|
||||
"--leader-election-namespace=%s" % [cfg.namespace],
|
||||
],
|
||||
|
@ -415,7 +416,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
serviceAccountName: env.sas.webhook.metadata.name,
|
||||
containers_: {
|
||||
webhook: kube.Container("webhook") {
|
||||
image: "quay.io/jetstack/cert-manager-webhook:v0.7.0",
|
||||
image: "quay.io/jetstack/cert-manager-webhook:" + cfg.version,
|
||||
args: [
|
||||
"--v=12",
|
||||
"--secure-port=6443",
|
||||
|
@ -452,7 +453,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
serviceAccountName: env.sas.certmanager.metadata.name,
|
||||
containers_: {
|
||||
webhook: kube.Container("cert-manager") {
|
||||
image: "quay.io/jetstack/cert-manager-controller:v0.7.0",
|
||||
image: "quay.io/jetstack/cert-manager-controller:" + cfg.version,
|
||||
args: [
|
||||
"--cluster-resource-namespace=%s" % [cfg.namespace],
|
||||
"--leader-election-namespace=%s" % [cfg.namespace],
|
||||
|
|
Loading…
Reference in New Issue