Skip to content

Commit

Permalink
TEMPORARY: use unmerged versions of net-kourier + net-cert-manager
Browse files Browse the repository at this point in the history
  • Loading branch information
ReToCode committed Nov 30, 2023
1 parent f1ba4ee commit 8ad22bc
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 44 deletions.
64 changes: 38 additions & 26 deletions third_party/cert-manager-latest/net-certmanager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ metadata:
name: knative-serving-certmanager
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
serving.knative.dev/controller: "true"
networking.knative.dev/certificate-provider: cert-manager
Expand Down Expand Up @@ -52,7 +52,7 @@ metadata:
name: config.webhook.net-certmanager.networking.internal.knative.dev
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
webhooks:
Expand Down Expand Up @@ -93,7 +93,7 @@ metadata:
namespace: knative-serving
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager

Expand All @@ -119,7 +119,7 @@ metadata:
namespace: knative-serving
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
data:
Expand All @@ -138,23 +138,32 @@ data:
# These sample configuration options may be copied out of
# this block and unindented to actually change the configuration.
# issuerRef is a reference to the issuer for cluster external certificates used for ingress.
# issuerRef is a reference to the issuer for external-domain certificates used for ingress.
# IssuerRef should be either `ClusterIssuer` or `Issuer`.
# Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go
# for more details about IssuerRef configuration.
# If the issuerRef is not specified, the self-signed `knative-internal-encryption-ca` ClusterIssuer is used.
# If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
issuerRef: |
kind: ClusterIssuer
name: letsencrypt-issuer
# clusterInternalIssuerRef is a reference to the issuer for cluster internal certificates used for ingress.
# ClusterInternalIssuerRef should be either `ClusterIssuer` or `Issuer`.
# clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress.
# clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`.
# Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go
# for more details about ClusterInternalIssuerRef configuration.
# If the clusterInternalIssuerRef is not specified, the self-signed `knative-internal-encryption-ca` ClusterIssuer is used.
clusterInternalIssuerRef: |
# If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
clusterLocalIssuerRef: |
kind: ClusterIssuer
name: knative-internal-encryption-issuer
name: your-company-issuer
# systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components.
# systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`.
# Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go
# for more details about ClusterInternalIssuerRef configuration.
# If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used.
systemInternalIssuerRef: |
kind: ClusterIssuer
name: knative-selfsigned-issuer
---
# Copyright 2020 The Knative Authors
Expand All @@ -178,7 +187,7 @@ metadata:
namespace: knative-serving
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
spec:
Expand All @@ -190,15 +199,15 @@ spec:
labels:
app: net-certmanager-controller
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
spec:
serviceAccountName: controller
containers:
- name: controller
# This is the Go import path for the binary that is containerized
# and substituted here.
image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/controller@sha256:303e0dd098e5e61074e1114f13944a0c9b287686e964abafc68c18be025fca7f
image: quay.io/rlehmann/net-certmanager-controller
resources:
requests:
cpu: 30m
Expand Down Expand Up @@ -239,7 +248,7 @@ metadata:
labels:
app: net-certmanager-controller
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
name: net-certmanager-controller
Expand Down Expand Up @@ -277,37 +286,40 @@ metadata:
name: selfsigned-cluster-issuer
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
knative.dev/issuer-install: "true"
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: knative-internal-encryption-issuer
name: knative-selfsigned-issuer
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
knative.dev/issuer-install: "true"
spec:
ca:
secretName: knative-internal-encryption-ca
secretName: knative-selfsigned-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: knative-internal-encryption-ca
name: knative-selfsigned-ca
namespace: cert-manager # If you want to use it as a ClusterIssuer the secret must be in the cert-manager namespace.
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
knative.dev/issuer-install: "true"
spec:
secretName: knative-internal-encryption-ca
secretName: knative-selfsigned-ca
commonName: knative.dev
usages:
- server auth
Expand Down Expand Up @@ -338,7 +350,7 @@ metadata:
namespace: knative-serving
labels:
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
spec:
Expand All @@ -351,7 +363,7 @@ spec:
labels:
app: net-certmanager-webhook
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
role: net-certmanager-webhook
spec:
Expand All @@ -360,7 +372,7 @@ spec:
- name: webhook
# This is the Go import path for the binary that is containerized
# and substituted here.
image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/webhook@sha256:dbad94db119ee80aabe5ddf6d9a97e4c699d26d72dfed01d9937fcdaa849fa3a
image: quay.io/rlehmann/net-certmanager-webhook
resources:
requests:
cpu: 20m
Expand Down Expand Up @@ -426,7 +438,7 @@ metadata:
labels:
role: net-certmanager-webhook
app.kubernetes.io/component: net-certmanager
app.kubernetes.io/version: "20231130-a1f69511"
app.kubernetes.io/version: "20231130-95439a33"
app.kubernetes.io/name: knative-serving
networking.knative.dev/certificate-provider: cert-manager
spec:
Expand Down
36 changes: 18 additions & 18 deletions third_party/kourier-latest/kourier.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ metadata:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"

---
# Copyright 2020 The Knative Authors
Expand All @@ -45,7 +45,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
data:
envoy-bootstrap.yaml: |
Expand All @@ -55,7 +55,7 @@ data:
api_type: GRPC
rate_limit_settings: {}
grpc_services:
- envoy_grpc: {cluster_name: xds_cluster}
- envoy_grpc: {cluster_name: xds_cluster}
cds_config:
resource_api_version: V3
ads: {}
Expand Down Expand Up @@ -133,9 +133,9 @@ data:
type: STRICT_DNS
admin:
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
address:
pipe:
path: /tmp/envoy.admin
Expand Down Expand Up @@ -168,7 +168,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
data:
_example: |
Expand Down Expand Up @@ -248,7 +248,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
---
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -258,7 +258,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
rules:
- apiGroups: [""]
Expand Down Expand Up @@ -287,7 +287,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand Down Expand Up @@ -321,7 +321,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
spec:
strategy:
Expand All @@ -343,7 +343,7 @@ spec:
app: net-kourier-controller
spec:
containers:
- image: gcr.io/knative-nightly/knative.dev/net-kourier/cmd/kourier@sha256:735d111ef3b90e45b318017391737331b6065db9f2be88a0d91561e2d9b3df4d
- image: quay.io/rlehmann/net-kourier
name: controller
env:
- name: CERTS_SECRET_NAMESPACE
Expand Down Expand Up @@ -408,7 +408,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
spec:
ports:
Expand Down Expand Up @@ -443,7 +443,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
spec:
strategy:
Expand Down Expand Up @@ -552,7 +552,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
spec:
ports:
Expand All @@ -576,7 +576,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
spec:
ports:
Expand All @@ -600,7 +600,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
spec:
minReplicas: 1
Expand All @@ -626,7 +626,7 @@ metadata:
labels:
networking.knative.dev/ingress-provider: kourier
app.kubernetes.io/component: net-kourier
app.kubernetes.io/version: "20231129-f286cd0d"
app.kubernetes.io/version: "20231130-9f3405e7"
app.kubernetes.io/name: knative-serving
spec:
minAvailable: 80%
Expand Down

0 comments on commit 8ad22bc

Please sign in to comment.