Upgrade to cert-manager 1.11 #33
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Richard Wall <[email protected]>
Signed-off-by: Richard Wall <[email protected]>
Signed-off-by: Richard Wall <[email protected]>
Signed-off-by: Richard Wall <[email protected]>
Signed-off-by: Richard Wall <[email protected]>
jetstack-bot
added
do-not-merge/work-in-progress
Closed
wallrj
force-pushed
the
cert-manager-1.11
branch
from
863ad22 to
ab493c2
Compare
wallrj
changed the title
jetstack-bot
removed
the
do-not-merge/work-in-progress
wallrj
commented
Apr 12, 2023
| # Build and install sample-external-issuer and run the E2E tests. | ||
| # This step can be run iteratively when ever you make changes to the code or to the installation manifests. | ||
| make docker-build kind-load deploy e2e | ||
| ``` |
Member
Author
There was a problem hiding this comment.
I've added this documentation for now.
I know I should add GitHub actions workflow for this, but that will be in another PR.
| k8s.io/apimachinery v0.23.4 | ||
| k8s.io/client-go v0.23.4 | ||
| sigs.k8s.io/controller-runtime v0.11.1 | ||
| github.com/cert-manager/cert-manager v1.11.1 |
Member
Author
There was a problem hiding this comment.
This is the only line I changed manually.
The rest was changed by go mod tidy.
| "k8s.io/apimachinery/pkg/types" | ||
| "k8s.io/apimachinery/pkg/util/clock" | ||
| utilerrors "k8s.io/apimachinery/pkg/util/errors" | ||
| "k8s.io/utils/clock" |
Member
Author
There was a problem hiding this comment.
This module got spun out some time ago.
Upgrading cert-manager brings a newer version of apimachinery which no longer has the clock package.
irbekrm
reviewed
Apr 12, 2023
|
|
||
| ```bash | ||
| # Create a Kind cluster along with cert-manager. | ||
| make kind-cluster deploy-cert-manager |
Contributor
There was a problem hiding this comment.
Does this work? I think the cert-manager created via make deploy-cert-manager also requires gateway-api to be installed
Member
Author
There was a problem hiding this comment.
It does work...perhaps because the tests still install K8S 1.23?
$ cmctl version --short
Client Version: v1.11.0
Server Version: v1.11.1
$ kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.25.3
Kustomize Version: v4.5.7
Server Version: v1.23.4
WARNING: version difference between client (1.25) and server (1.23) exceeds the supported minor version skew of +/-1
$ make e2e
kubectl apply --filename config/samples
kubectl wait --for=condition=Ready --timeout=5s issuers.sample-issuer.example.com issuer-sample
kubectl wait --for=condition=Ready --timeout=5s certificaterequests.cert-manager.io issuer-sample
kubectl wait --for=condition=Ready --timeout=5s certificates.cert-manager.io certificate-by-issuer
kubectl wait --for=condition=Ready --timeout=5s clusterissuers.sample-issuer.example.com clusterissuer-sample
kubectl wait --for=condition=Ready --timeout=5s certificaterequests.cert-manager.io clusterissuer-sample
kubectl wait --for=condition=Ready --timeout=5s certificates.cert-manager.io certificate-by-clusterissuer
kubectl delete --filename config/samples
certificate.cert-manager.io/certificate-by-clusterissuer created
certificate.cert-manager.io/certificate-by-issuer created
certificaterequest.cert-manager.io/clusterissuer-sample created
certificaterequest.cert-manager.io/issuer-sample created
clusterissuer.sample-issuer.example.com/clusterissuer-sample created
issuer.sample-issuer.example.com/issuer-sample created
secret/clusterissuer-sample-credentials created
secret/issuer-sample-credentials created
issuer.sample-issuer.example.com/issuer-sample condition met
certificaterequest.cert-manager.io/issuer-sample condition met
certificate.cert-manager.io/certificate-by-issuer condition met
clusterissuer.sample-issuer.example.com/clusterissuer-sample condition met
certificaterequest.cert-manager.io/clusterissuer-sample condition met
certificate.cert-manager.io/certificate-by-clusterissuer condition met
certificate.cert-manager.io "certificate-by-clusterissuer" deleted
certificate.cert-manager.io "certificate-by-issuer" deleted
certificaterequest.cert-manager.io "clusterissuer-sample" deleted
certificaterequest.cert-manager.io "issuer-sample" deleted
clusterissuer.sample-issuer.example.com "clusterissuer-sample" deleted
issuer.sample-issuer.example.com "issuer-sample" deleted
secret "clusterissuer-sample-credentials" deleted
secret "issuer-sample-credentials" deleted
Contributor
There was a problem hiding this comment.
Ahh nvm, I thought these were the cert-manager/cert-manager make targets
Member
Author
There was a problem hiding this comment.
$ kubectl logs -n cert-manager deploy/cert-manager | fgrep -i gateway
I0412 12:03:04.944251 1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="gateway-shim"
Contributor
There was a problem hiding this comment.
yeah I didn't realize this repo had make targets to deploy cert-manager 👍🏼
irbekrm
approved these changes
Apr 12, 2023
Contributor
irbekrm
left a comment
irbekrm
left a comment
There was a problem hiding this comment.
Thank you for leaving the code comments 👍🏼
/lgtm
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: irbekrm, wallrj The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is in preparation for upgrading to cert-manager 1.12 where we introduce the extra go.mod files.
I want to see if those separate modules results in fewer transitive dependencies in this sample-external-issuer...
Ran E2E tests locally: