From 8a79d7c51bdeec35d12194fe39672036c8bb1a5c Mon Sep 17 00:00:00 2001
From: Travis Neely <travis.neely@att.com>
Date: Wed, 27 Jan 2021 22:22:08 +0000
Subject: [PATCH] Revert "feat(tls): Change Issuer to ClusterIssuer"
This reverts commit f60c94fc16f81d220cfc32098cf518ae62afa99a.
Reason for revert: This introduced a bug:
https://cert-manager.io/docs/installation/upgrading/upgrading-0.15-0.16/#issue-with-older-versions-of-kubectl
Older versions of kubectl will have issues with the nested CRDs.
Change-Id: I322fc1382fe3d0a4517e4c7c5982ea50a721a1f7
---
ca-clusterissuer/Chart.yaml | 20 -------------
ca-clusterissuer/requirements.yaml | 18 ------------
.../templates/clusterissuer-ca.yaml | 28 -------------------
ca-clusterissuer/templates/secret-ca.yaml | 26 -----------------
ca-clusterissuer/values.yaml | 27 ------------------
ca-issuer/Chart.yaml | 2 +-
ca-issuer/templates/issuer-ca.yaml | 2 +-
helm-toolkit/Chart.yaml | 2 +-
.../templates/manifests/_certificates.tpl | 4 +--
helm-toolkit/templates/manifests/_ingress.tpl | 4 +--
mariadb/Chart.yaml | 2 +-
mariadb/values_overrides/tls.yaml | 2 +-
12 files changed, 9 insertions(+), 128 deletions(-)
delete mode 100644 ca-clusterissuer/Chart.yaml
delete mode 100644 ca-clusterissuer/requirements.yaml
delete mode 100644 ca-clusterissuer/templates/clusterissuer-ca.yaml
delete mode 100644 ca-clusterissuer/templates/secret-ca.yaml
delete mode 100644 ca-clusterissuer/values.yaml
diff --git a/ca-clusterissuer/Chart.yaml b/ca-clusterissuer/Chart.yaml
deleted file mode 100644
index ee59e38d8..000000000
--- a/ca-clusterissuer/Chart.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: v1
-appVersion: "1.0"
-description: Certificate Issuer chart for OSH
-home: https://cert-manager.io/
-name: ca-clusterissuer
-version: 0.1.0
-...
diff --git a/ca-clusterissuer/requirements.yaml b/ca-clusterissuer/requirements.yaml
deleted file mode 100644
index 19b0d6992..000000000
--- a/ca-clusterissuer/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-dependencies:
- - name: helm-toolkit
- repository: http://localhost:8879/charts
- version: ">= 0.1.0"
-...
diff --git a/ca-clusterissuer/templates/clusterissuer-ca.yaml b/ca-clusterissuer/templates/clusterissuer-ca.yaml
deleted file mode 100644
index 1f67d7b4a..000000000
--- a/ca-clusterissuer/templates/clusterissuer-ca.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.clusterissuer }}
-{{- $envAll := . }}
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
- name: {{ .Values.conf.ca.issuer.name }}
- labels:
-{{ tuple $envAll "cert-manager" "clusterissuer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-spec:
- ca:
- secretName: {{ .Values.conf.ca.secret.name }}
-...
-{{- end }}
diff --git a/ca-clusterissuer/templates/secret-ca.yaml b/ca-clusterissuer/templates/secret-ca.yaml
deleted file mode 100644
index 8c4472514..000000000
--- a/ca-clusterissuer/templates/secret-ca.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.secret_ca }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.conf.ca.secret.name }}
- namespace: {{ .Values.conf.ca.secret.namespace }}
-data:
- tls.crt: {{ .Values.conf.ca.secret.crt | default "" | b64enc }}
- tls.key: {{ .Values.conf.ca.secret.key | default "" | b64enc }}
-...
-{{- end }}
diff --git a/ca-clusterissuer/values.yaml b/ca-clusterissuer/values.yaml
deleted file mode 100644
index eefe92bba..000000000
--- a/ca-clusterissuer/values.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-conf:
- ca:
- issuer:
- name: ca-issuer
- secret:
- name: secret-name
- # Namespace where cert-manager is deployed.
- namespace: cert-manager
- crt: null
- key: null
-
-manifests:
- clusterissuer: true
- secret_ca: true
-...
diff --git a/ca-issuer/Chart.yaml b/ca-issuer/Chart.yaml
index b5543746a..ffca090ff 100644
--- a/ca-issuer/Chart.yaml
+++ b/ca-issuer/Chart.yaml
@@ -16,5 +16,5 @@ appVersion: "1.0"
description: Certificate Issuer chart for OSH
home: https://cert-manager.io/
name: ca-issuer
-version: 0.1.2
+version: 0.1.3
...
diff --git a/ca-issuer/templates/issuer-ca.yaml b/ca-issuer/templates/issuer-ca.yaml
index a93713554..01af5f337 100644
--- a/ca-issuer/templates/issuer-ca.yaml
+++ b/ca-issuer/templates/issuer-ca.yaml
@@ -15,7 +15,7 @@ limitations under the License.
{{- if .Values.manifests.issuer }}
{{- $envAll := . }}
---
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/v1alpha3
kind: Issuer
metadata:
name: {{ .Values.conf.ca.issuer.name }}
diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml
index 7ece3309f..8684c77db 100644
--- a/helm-toolkit/Chart.yaml
+++ b/helm-toolkit/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Helm-Toolkit
name: helm-toolkit
-version: 0.2.1
+version: 0.2.2
home: https://docs.openstack.org/openstack-helm
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
sources:
diff --git a/helm-toolkit/templates/manifests/_certificates.tpl b/helm-toolkit/templates/manifests/_certificates.tpl
index 68fe583f2..3b6ab2b18 100644
--- a/helm-toolkit/templates/manifests/_certificates.tpl
+++ b/helm-toolkit/templates/manifests/_certificates.tpl
@@ -43,7 +43,7 @@ examples:
{{ $opts | include "helm-toolkit.manifests.certificates" }}
return: |
---
- apiVersion: cert-manager.io/v1
+ apiVersion: cert-manager.io/v1alpha3
kind: Certificate
metadata:
name: keystone-tls-api
@@ -94,7 +94,7 @@ examples:
{{- $_ := (list "server auth" "client auth") | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "usages" -}}
{{- end -}}
---
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/v1alpha3
kind: Certificate
metadata:
name: {{ index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "secretName" }}
diff --git a/helm-toolkit/templates/manifests/_ingress.tpl b/helm-toolkit/templates/manifests/_ingress.tpl
index 7588c7938..e2426d3e4 100644
--- a/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/helm-toolkit/templates/manifests/_ingress.tpl
@@ -554,9 +554,9 @@ examples:
{{- $backendPort := index . "backendPort" -}}
{{- $endpoint := index . "endpoint" | default "public" -}}
{{- $certIssuer := index . "certIssuer" | default "" -}}
-{{- $certIssuerType := index . "certIssuerType" | default "cluster-issuer" -}}
+{{- $certIssuerType := index . "certIssuerType" | default "issuer" -}}
{{- if and (ne $certIssuerType "issuer") (ne $certIssuerType "cluster-issuer") }}
-{{- $certIssuerType = "cluster-issuer" -}}
+{{- $certIssuerType = "issuer" -}}
{{- end }}
{{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml
index c9f563784..a014a8d25 100644
--- a/mariadb/Chart.yaml
+++ b/mariadb/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.2.31
description: OpenStack-Helm MariaDB
name: mariadb
-version: 0.1.6
+version: 0.1.7
home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources:
diff --git a/mariadb/values_overrides/tls.yaml b/mariadb/values_overrides/tls.yaml
index b8da60f89..f89d5e94b 100644
--- a/mariadb/values_overrides/tls.yaml
+++ b/mariadb/values_overrides/tls.yaml
@@ -17,7 +17,7 @@ endpoints:
secretName: mariadb-tls-direct
issuerRef:
name: ca-issuer
- kind: ClusterIssuer
+ kind: Issuer
manifests:
certificates: true
...