Merge pull request #11308 from hakman/automated-cherry-pick-of-#11281…

…-upstream-release-1.20 Automated cherry pick of #11281: Add ability to set a default Issuer in certManager addon
kubernetes · Apr 24, 2021 · 82e71db · 82e71db
2 parents 7634978 + 49e32ea
commit 82e71db
Show file tree

Hide file tree

Showing 9 changed files with 38 additions and 3 deletions.
diff --git a/docs/addons.md b/docs/addons.md
@@ -66,6 +66,7 @@ Cert-manager handles x509 certificates for your cluster.
 spec:
   certManager:
     enabled: true
+    defaultIssuer: yourDefaultIssuer
 ```
 
 **Warning: cert-manager only supports one installation per cluster. If you are already running cert-manager, you need to remove this installation prior to enabling this addon. As long as you are using v1 versions of the cert-manager resources, it is safe to remove existing installs and replace it with this addon**
@@ -300,4 +301,4 @@ spec:
         }
       ]
 ```
-The masters will poll for changes in the bucket and keep the addons up to date.
+The masters will poll for changes in the bucket and keep the addons up to date.
diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -237,6 +237,10 @@ spec:
               certManager:
                 description: CertManager determines the metrics server configuration.
                 properties:
+                  defaultIssuer:
+                    description: 'defaultIssuer sets a default clusterIssuer Default:
+                      none'
+                    type: string
                   enabled:
                     description: 'Enabled enables the cert manager. Default: false'
                     type: boolean

diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go
@@ -916,6 +916,10 @@ type CertManagerConfig struct {
 	// Image is the docker container used.
 	// Default: the latest supported image for the specified kubernetes version.
 	Image *string `json:"image,omitempty"`
+
+	// defaultIssuer sets a default clusterIssuer
+	// Default: none
+	DefaultIssuer *string `json:"defaultIssuer,omitempty"`
 }
 
 // AWSLoadBalancerControllerConfig determines the AWS LB controller configuration.

diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go
@@ -915,6 +915,10 @@ type CertManagerConfig struct {
 	// Image is the docker container used.
 	// Default: the latest supported image for the specified kubernetes version.
 	Image *string `json:"image,omitempty"`
+
+	// defaultIssuer sets a default clusterIssuer
+	// Default: none
+	DefaultIssuer *string `json:"defaultIssuer,omitempty"`
 }
 
 // AWSLoadBalancerControllerConfig determines the AWS LB controller configuration.

diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go
diff --git a/upup/models/bindata.go b/upup/models/bindata.go
diff --git a/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template
@@ -26279,6 +26279,11 @@ spec:
         - --cluster-resource-namespace=$(POD_NAMESPACE)
         - --leader-election-namespace=kube-system
         - --enable-certificate-owner-ref=true
+        {{ if .CertManager.DefaultIssuer }}
+        - --default-issuer-name={{ .CertManager.DefaultIssuer }}
+        - --default-issuer-kind=ClusterIssuer
+        - --default-issuer-group=cert-manager.io
+        {{ end }}
         env:
         - name: POD_NAMESPACE
           valueFrom:
@@ -26297,7 +26302,7 @@ spec:
       tolerations:
       - key: node-role.kubernetes.io/master
         operator: Exists
-        
+
 ---
 apiVersion: apps/v1
 kind: Deployment