From 7e841065b01557f931fddbe9856e5186a3bb5fe2 Mon Sep 17 00:00:00 2001 From: Piotr Dobrowolski Date: Sun, 23 Apr 2023 11:36:15 +0200 Subject: [PATCH] *: post-certmanager manifests update Change-Id: I745c850268c31777c5722a9833c8152a55615aed Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1512 Reviewed-by: q3k --- app/covid-formity/prod.jsonnet | 2 +- app/mastodon/kube/mastodon.libsonnet | 2 +- app/matrix/lib/matrix-ng.libsonnet | 2 +- app/matrix/lib/matrix.libsonnet | 2 +- app/onlyoffice/prod.jsonnet | 2 +- bgpwtf/cccampix/kube/ix.libsonnet | 6 +++--- bgpwtf/internet/kube/prod.jsonnet | 2 +- bgpwtf/speedtest/kube/prod.jsonnet | 2 +- cluster/kube/cluster.libsonnet | 6 ++++-- cluster/kube/lib/registry.libsonnet | 2 +- cluster/kube/lib/rook.libsonnet | 4 ++-- devtools/gerrit/kube/gerrit.libsonnet | 2 +- devtools/issues/redmine.libsonnet | 4 ++-- hswaw/oodviewer/prod.jsonnet | 2 +- hswaw/paperless/paperless.libsonnet | 2 +- kube/kube.libsonnet | 6 +++--- kube/mirko.libsonnet | 2 +- ops/monitoring/lib/global.libsonnet | 4 ++-- ops/sso/kube/sso.libsonnet | 2 +- personal/q3k/annoyatron/prod.jsonnet | 2 +- personal/q3k/ppsa.jsonnet | 2 +- personal/q3k/rc3.jsonnet | 2 +- personal/q3k/wow/lib.libsonnet | 2 +- personal/vuko/shells/prod.jsonnet | 2 +- 24 files changed, 34 insertions(+), 32 deletions(-) diff --git a/app/covid-formity/prod.jsonnet b/app/covid-formity/prod.jsonnet index 18fb845f..44f83ef7 100644 --- a/app/covid-formity/prod.jsonnet +++ b/app/covid-formity/prod.jsonnet @@ -93,7 +93,7 @@ local postgres = import "../../kube/postgres.libsonnet"; metadata+: app.metadata("covid-formity") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", "nginx.ingress.kubernetes.io/configuration-snippet": " location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; } diff --git a/app/mastodon/kube/mastodon.libsonnet b/app/mastodon/kube/mastodon.libsonnet index 04f673b3..87ca0558 100644 --- a/app/mastodon/kube/mastodon.libsonnet +++ b/app/mastodon/kube/mastodon.libsonnet @@ -283,7 +283,7 @@ local redis = import "../../../kube/redis.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/app/matrix/lib/matrix-ng.libsonnet b/app/matrix/lib/matrix-ng.libsonnet index 037da0f8..18120f08 100644 --- a/app/matrix/lib/matrix-ng.libsonnet +++ b/app/matrix/lib/matrix-ng.libsonnet @@ -365,7 +365,7 @@ local coturn = import "./coturn.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", "nginx.ingress.kubernetes.io/use-regex": "true", }, diff --git a/app/matrix/lib/matrix.libsonnet b/app/matrix/lib/matrix.libsonnet index 5d4c7406..19903582 100644 --- a/app/matrix/lib/matrix.libsonnet +++ b/app/matrix/lib/matrix.libsonnet @@ -397,7 +397,7 @@ local postgres = import "../../../kube/postgres.libsonnet"; metadata+: app.metadata("matrix") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/app/onlyoffice/prod.jsonnet b/app/onlyoffice/prod.jsonnet index aa808069..ea9958db 100644 --- a/app/onlyoffice/prod.jsonnet +++ b/app/onlyoffice/prod.jsonnet @@ -80,7 +80,7 @@ local policies = import "../../kube/policies.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: { diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet index 7496dadc..a3521f8b 100644 --- a/bgpwtf/cccampix/kube/ix.libsonnet +++ b/bgpwtf/cccampix/kube/ix.libsonnet @@ -429,7 +429,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: ix.metadata("public") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, @@ -454,7 +454,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: ix.metadata("alice") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, @@ -479,7 +479,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: ix.metadata("grpc") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "kubernetes.io/ingress.class": "nginx", "nginx.ingress.kubernetes.io/ssl-redirect": "true", "nginx.ingress.kubernetes.io/backend-protocol": "GRPC", diff --git a/bgpwtf/internet/kube/prod.jsonnet b/bgpwtf/internet/kube/prod.jsonnet index 11a93c6e..0644ab30 100644 --- a/bgpwtf/internet/kube/prod.jsonnet +++ b/bgpwtf/internet/kube/prod.jsonnet @@ -63,7 +63,7 @@ local kube = import '../../../kube/kube.libsonnet'; metadata+: internet.metadata("frontend") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: { diff --git a/bgpwtf/speedtest/kube/prod.jsonnet b/bgpwtf/speedtest/kube/prod.jsonnet index 9187f542..6b57ce2f 100644 --- a/bgpwtf/speedtest/kube/prod.jsonnet +++ b/bgpwtf/speedtest/kube/prod.jsonnet @@ -62,7 +62,7 @@ local kube = import '../../../kube/kube.libsonnet'; metadata+: speedtest.metadata("public") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/cluster/kube/cluster.libsonnet b/cluster/kube/cluster.libsonnet index 83050332..07013053 100644 --- a/cluster/kube/cluster.libsonnet +++ b/cluster/kube/cluster.libsonnet @@ -127,7 +127,7 @@ local pki = import "lib/pki.libsonnet"; verbs: ["*"], }, { - apiGroups: ["certmanager.k8s.io"], + apiGroups: ["cert-manager.io/v1"], resources: ["certificates"], verbs: ["*"], }, @@ -205,7 +205,9 @@ local pki = import "lib/pki.libsonnet"; privateKeySecretRef: { name: "letsencrypt-prod" }, - http01: {}, + solvers: [ + { http01: { ingress: {} } }, + ] }, }, }, diff --git a/cluster/kube/lib/registry.libsonnet b/cluster/kube/lib/registry.libsonnet index 552d31bb..d26d0fdb 100644 --- a/cluster/kube/lib/registry.libsonnet +++ b/cluster/kube/lib/registry.libsonnet @@ -286,7 +286,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: env.metadata("registry") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, diff --git a/cluster/kube/lib/rook.libsonnet b/cluster/kube/lib/rook.libsonnet index 9a0f8326..dba82343 100644 --- a/cluster/kube/lib/rook.libsonnet +++ b/cluster/kube/lib/rook.libsonnet @@ -757,7 +757,7 @@ local oa = kube.OpenAPI; metadata+: cluster.metadata { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: { @@ -1197,7 +1197,7 @@ local oa = kube.OpenAPI; metadata+: zonegroup.realm.cluster.metadata { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/devtools/gerrit/kube/gerrit.libsonnet b/devtools/gerrit/kube/gerrit.libsonnet index 1a466bd1..8d2c61b8 100644 --- a/devtools/gerrit/kube/gerrit.libsonnet +++ b/devtools/gerrit/kube/gerrit.libsonnet @@ -194,7 +194,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: gerrit.metadata("ingress") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/devtools/issues/redmine.libsonnet b/devtools/issues/redmine.libsonnet index 20800930..5e656db6 100644 --- a/devtools/issues/redmine.libsonnet +++ b/devtools/issues/redmine.libsonnet @@ -134,7 +134,7 @@ local postgres = import "../../kube/postgres.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, @@ -186,7 +186,7 @@ local postgres = import "../../kube/postgres.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/hswaw/oodviewer/prod.jsonnet b/hswaw/oodviewer/prod.jsonnet index 914264bc..e7858085 100644 --- a/hswaw/oodviewer/prod.jsonnet +++ b/hswaw/oodviewer/prod.jsonnet @@ -64,7 +64,7 @@ local kube = import "../../kube/kube.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/hswaw/paperless/paperless.libsonnet b/hswaw/paperless/paperless.libsonnet index bed51e97..9f0ba4bd 100644 --- a/hswaw/paperless/paperless.libsonnet +++ b/hswaw/paperless/paperless.libsonnet @@ -167,7 +167,7 @@ local redis = import "../../kube/redis.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/kube/kube.libsonnet b/kube/kube.libsonnet index 7e697200..f9615c00 100644 --- a/kube/kube.libsonnet +++ b/kube/kube.libsonnet @@ -3,13 +3,13 @@ local kube = import "kube.upstream.libsonnet"; kube { - ClusterIssuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "ClusterIssuer", name) { + ClusterIssuer(name): kube._Object("cert-manager.io/v1", "ClusterIssuer", name) { spec: error "spec must be defined", }, - Issuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "Issuer", name) { + Issuer(name): kube._Object("cert-manager.io/v1", "Issuer", name) { spec: error "spec must be defined", }, - Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) { + Certificate(name): kube._Object("cert-manager.io/v1", "Certificate", name) { spec: error "spec must be defined", }, # For use in PodSpec.volumes_ diff --git a/kube/mirko.libsonnet b/kube/mirko.libsonnet index 5203afd7..4f7d5014 100644 --- a/kube/mirko.libsonnet +++ b/kube/mirko.libsonnet @@ -55,7 +55,7 @@ local kube = import "kube.libsonnet"; }, annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", [if env.ingressServerSnippet != null then "nginx.ingress.kubernetes.io/server-snippet"]: env.ingressServerSnippet, [if std.length(env.extraHeaders) > 0 then "nginx.ingress.kubernetes.io/configuration-snippet"]: std.join("\n", ["proxy_set_header %s;" % [h] for h in env.extraHeaders]), diff --git a/ops/monitoring/lib/global.libsonnet b/ops/monitoring/lib/global.libsonnet index 6ec92492..bd6bee37 100644 --- a/ops/monitoring/lib/global.libsonnet +++ b/ops/monitoring/lib/global.libsonnet @@ -138,7 +138,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: { @@ -283,7 +283,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: { diff --git a/ops/sso/kube/sso.libsonnet b/ops/sso/kube/sso.libsonnet index 26966bf2..7b51c72f 100644 --- a/ops/sso/kube/sso.libsonnet +++ b/ops/sso/kube/sso.libsonnet @@ -108,7 +108,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/personal/q3k/annoyatron/prod.jsonnet b/personal/q3k/annoyatron/prod.jsonnet index dcd3679b..c693cfdf 100644 --- a/personal/q3k/annoyatron/prod.jsonnet +++ b/personal/q3k/annoyatron/prod.jsonnet @@ -51,7 +51,7 @@ local kube = import '../../../kube/kube.libsonnet'; namespace: "q3k", annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: { diff --git a/personal/q3k/ppsa.jsonnet b/personal/q3k/ppsa.jsonnet index 46eda707..60651c73 100644 --- a/personal/q3k/ppsa.jsonnet +++ b/personal/q3k/ppsa.jsonnet @@ -37,7 +37,7 @@ local kube = import "../../kube/kube.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/personal/q3k/rc3.jsonnet b/personal/q3k/rc3.jsonnet index 879e2917..91f39694 100644 --- a/personal/q3k/rc3.jsonnet +++ b/personal/q3k/rc3.jsonnet @@ -37,7 +37,7 @@ local kube = import "../../kube/kube.libsonnet"; namespace: "personal-q3k", annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, diff --git a/personal/q3k/wow/lib.libsonnet b/personal/q3k/wow/lib.libsonnet index 8828b494..d9ddc3d6 100644 --- a/personal/q3k/wow/lib.libsonnet +++ b/personal/q3k/wow/lib.libsonnet @@ -276,7 +276,7 @@ local kube = import "../../../kube/kube.libsonnet"; metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: { diff --git a/personal/vuko/shells/prod.jsonnet b/personal/vuko/shells/prod.jsonnet index 463087e9..ed04483b 100644 --- a/personal/vuko/shells/prod.jsonnet +++ b/personal/vuko/shells/prod.jsonnet @@ -141,7 +141,7 @@ local kube = import '../../../kube/kube.libsonnet'; metadata+: shells.metadata("frontend") { annotations+: { "kubernetes.io/tls-acme": "true", - "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", }, }, spec+: {