diff --git a/third_party/cert-manager-latest/net-certmanager.yaml b/third_party/cert-manager-latest/net-certmanager.yaml index acafa80cd05c..e569f0a1bd26 100644 --- a/third_party/cert-manager-latest/net-certmanager.yaml +++ b/third_party/cert-manager-latest/net-certmanager.yaml @@ -19,7 +19,7 @@ metadata: name: knative-serving-certmanager labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving serving.knative.dev/controller: "true" networking.knative.dev/certificate-provider: cert-manager @@ -52,7 +52,7 @@ metadata: name: config.webhook.net-certmanager.networking.internal.knative.dev labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager webhooks: @@ -93,7 +93,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager @@ -119,7 +119,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager data: @@ -138,23 +138,32 @@ data: # These sample configuration options may be copied out of # this block and unindented to actually change the configuration. - # issuerRef is a reference to the issuer for cluster external certificates used for ingress. + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. # IssuerRef should be either `ClusterIssuer` or `Issuer`. # Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go # for more details about IssuerRef configuration. - # If the issuerRef is not specified, the self-signed `knative-internal-encryption-ca` ClusterIssuer is used. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. issuerRef: | kind: ClusterIssuer name: letsencrypt-issuer - # clusterInternalIssuerRef is a reference to the issuer for cluster internal certificates used for ingress. - # ClusterInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. # Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go # for more details about ClusterInternalIssuerRef configuration. - # If the clusterInternalIssuerRef is not specified, the self-signed `knative-internal-encryption-ca` ClusterIssuer is used. - clusterInternalIssuerRef: | + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | kind: ClusterIssuer - name: knative-internal-encryption-issuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer --- # Copyright 2020 The Knative Authors @@ -178,7 +187,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: @@ -190,7 +199,7 @@ spec: labels: app: net-certmanager-controller app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving spec: serviceAccountName: controller @@ -198,7 +207,7 @@ spec: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/controller@sha256:303e0dd098e5e61074e1114f13944a0c9b287686e964abafc68c18be025fca7f + image: quay.io/rlehmann/net-certmanager-controller resources: requests: cpu: 30m @@ -239,7 +248,7 @@ metadata: labels: app: net-certmanager-controller app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager name: net-certmanager-controller @@ -277,37 +286,40 @@ metadata: name: selfsigned-cluster-issuer labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager + knative.dev/issuer-install: "true" spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: knative-internal-encryption-issuer + name: knative-selfsigned-issuer labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager + knative.dev/issuer-install: "true" spec: ca: - secretName: knative-internal-encryption-ca + secretName: knative-selfsigned-ca --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: knative-internal-encryption-ca + name: knative-selfsigned-ca namespace: cert-manager # If you want to use it as a ClusterIssuer the secret must be in the cert-manager namespace. labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager + knative.dev/issuer-install: "true" spec: - secretName: knative-internal-encryption-ca + secretName: knative-selfsigned-ca commonName: knative.dev usages: - server auth @@ -338,7 +350,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: @@ -351,7 +363,7 @@ spec: labels: app: net-certmanager-webhook app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving role: net-certmanager-webhook spec: @@ -360,7 +372,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/webhook@sha256:dbad94db119ee80aabe5ddf6d9a97e4c699d26d72dfed01d9937fcdaa849fa3a + image: quay.io/rlehmann/net-certmanager-webhook resources: requests: cpu: 20m @@ -426,7 +438,7 @@ metadata: labels: role: net-certmanager-webhook app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231130-a1f69511" + app.kubernetes.io/version: "20231130-95439a33" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: diff --git a/third_party/kourier-latest/kourier.yaml b/third_party/kourier-latest/kourier.yaml index 4e415f35742f..a0bf56ec3c8f 100644 --- a/third_party/kourier-latest/kourier.yaml +++ b/third_party/kourier-latest/kourier.yaml @@ -20,7 +20,7 @@ metadata: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/name: knative-serving app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" --- # Copyright 2020 The Knative Authors @@ -45,7 +45,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving data: envoy-bootstrap.yaml: | @@ -55,7 +55,7 @@ data: api_type: GRPC rate_limit_settings: {} grpc_services: - - envoy_grpc: {cluster_name: xds_cluster} + - envoy_grpc: {cluster_name: xds_cluster} cds_config: resource_api_version: V3 ads: {} @@ -133,9 +133,9 @@ data: type: STRICT_DNS admin: access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog + - name: envoy.access_loggers.stdout + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog address: pipe: path: /tmp/envoy.admin @@ -168,7 +168,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving data: _example: | @@ -248,7 +248,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving --- apiVersion: rbac.authorization.k8s.io/v1 @@ -258,7 +258,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -287,7 +287,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving roleRef: apiGroup: rbac.authorization.k8s.io @@ -321,7 +321,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving spec: strategy: @@ -343,7 +343,7 @@ spec: app: net-kourier-controller spec: containers: - - image: gcr.io/knative-nightly/knative.dev/net-kourier/cmd/kourier@sha256:735d111ef3b90e45b318017391737331b6065db9f2be88a0d91561e2d9b3df4d + - image: quay.io/rlehmann/net-kourier name: controller env: - name: CERTS_SECRET_NAMESPACE @@ -408,7 +408,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving spec: ports: @@ -443,7 +443,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving spec: strategy: @@ -552,7 +552,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving spec: ports: @@ -576,7 +576,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving spec: ports: @@ -600,7 +600,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving spec: minReplicas: 1 @@ -626,7 +626,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231129-f286cd0d" + app.kubernetes.io/version: "20231130-9f3405e7" app.kubernetes.io/name: knative-serving spec: minAvailable: 80%