Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
barry cho
Rancher
Commits
e2191da8
Commit
e2191da8
authored
5 years ago
by
rawmind0
Committed by
Denise
5 years ago
Browse files
Options
Download
Email Patches
Plain Diff
[2.2] check capabilities or cert-manager version for its api changes
parent
e6bc45e6
release/v2.2
codyrancher-patch-1
Tags unavailable
No related merge requests found
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
chart/templates/ingress.yaml
+5
-0
chart/templates/ingress.yaml
chart/templates/issuer-letsEncrypt.yaml
+14
-2
chart/templates/issuer-letsEncrypt.yaml
chart/templates/issuer-rancher.yaml
+5
-0
chart/templates/issuer-rancher.yaml
chart/tests/ingress_test.yaml
+141
-4
chart/tests/ingress_test.yaml
chart/tests/issuer_test.yaml
+183
-5
chart/tests/issuer_test.yaml
chart/values.yaml
+4
-0
chart/values.yaml
with
352 additions
and
11 deletions
+352
-11
chart/templates/ingress.yaml
+
5
-
0
View file @
e2191da8
...
...
@@ -16,7 +16,12 @@ metadata:
nginx.ingress.kubernetes.io/ssl-redirect
:
"
false"
# turn off ssl redirect for external.
{{
- else
}}
{{
- if ne .Values.ingress.tls.source "secret"
}}
{{
- $certmanagerVer
:
= split "." .Values.certmanager.version -
}}
{{
- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11))
}}
cert-manager.io/issuer
:
{{
template "rancher.fullname" .
}}
{{
- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11))
}}
certmanager.k8s.io/issuer
:
{{
template "rancher.fullname" .
}}
{{
- end
}}
{{
- end
}}
{{
- end
}}
{{
- if .Values.ingress.extraAnnotations
}}
...
...
This diff is collapsed.
Click to expand it.
chart/templates/issuer-letsEncrypt.yaml
+
14
-
2
View file @
e2191da8
{{
- if eq .Values.tls "ingress" -
}}
{{
- if eq .Values.ingress.tls.source "letsEncrypt" -
}}
{{
- $certmanagerVer
:
= split "." .Values.certmanager.version -
}}
{{
- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11))
}}
apiVersion
:
cert-manager.io/v1alpha2
kind
:
ClusterIssuer
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
apiVersion
:
certmanager.k8s.io/v1alpha1
kind
:
Issuer
{{- end }}
metadata
:
name
:
{{
template "rancher.fullname" .
}}
labels
:
...
...
@@ -13,13 +19,19 @@ spec:
acme
:
{{
- if eq .Values.letsEncrypt.environment "production"
}}
server
:
https://acme-v02.api.letsencrypt.org/directory
{{
- end
}}
{{
- if eq .Values.letsEncrypt.environment "staging"
}}
{{
- else
}}
server
:
https://acme-staging-v02.api.letsencrypt.org/directory
{{
- end
}}
email
:
{{
.Values.letsEncrypt.email
}}
privateKeySecretRef
:
name
:
letsencrypt-{{ .Values.letsEncrypt.environment }}
{{
- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11))
}}
solvers
:
-
http01
:
ingress
:
class
:
nginx
{{
- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11))
}}
http01
:
{}
{{
- end
}}
{{
- end -
}}
{{
- end -
}}
This diff is collapsed.
Click to expand it.
chart/templates/issuer-rancher.yaml
+
5
-
0
View file @
e2191da8
{{
- if eq .Values.tls "ingress" -
}}
{{
- if eq .Values.ingress.tls.source "rancher" -
}}
{{
- $certmanagerVer
:
= split "." .Values.certmanager.version -
}}
{{
- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11))
}}
apiVersion
:
cert-manager.io/v1alpha2
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
apiVersion
:
certmanager.k8s.io/v1alpha1
{{- end }}
kind
:
Issuer
metadata
:
name
:
{{
template "rancher.fullname" .
}}
...
...
This diff is collapsed.
Click to expand it.
chart/tests/ingress_test.yaml
+
141
-
4
View file @
e2191da8
...
...
@@ -13,7 +13,10 @@ tests:
path
:
metadata.annotations.certmanager\.k8s\.io/issuer
-
isNull
:
path
:
spec.tls
-
it
:
should set default annotations
-
it
:
should set default annotations < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
asserts
:
-
equal
:
path
:
metadata.annotations
...
...
@@ -22,7 +25,44 @@ tests:
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
30"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should over write proxy-connect-timeout
-
it
:
should set default annotations < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
certmanager.k8s.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
30"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should set default annotations > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
cert-manager.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
30"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should set default annotations > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
cert-manager.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
30"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should over write proxy-connect-timeout < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
set
:
ingress.extraAnnotations
:
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
...
...
@@ -34,7 +74,48 @@ tests:
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should set source secret
-
it
:
should over write proxy-connect-timeout < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
ingress.extraAnnotations
:
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
certmanager.k8s.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should over write proxy-connect-timeout > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
set
:
ingress.extraAnnotations
:
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
cert-manager.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should over write proxy-connect-timeout > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
ingress.extraAnnotations
:
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
cert-manager.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
15"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
-
it
:
should set source secret
set
:
hostname
:
test
ingress.tls.source
:
secret
...
...
@@ -47,7 +128,10 @@ tests:
hosts
:
-
test
secretName
:
tls-rancher-ingress
-
it
:
should set static X-Forwarded-Host header
-
it
:
should set static X-Forwarded-Host header < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
set
:
hostname
:
host.example.com
ingress
:
...
...
@@ -63,3 +147,56 @@ tests:
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
nginx.ingress.kubernetes.io/configuration-snippet
:
|
more_set_input_headers X-Forwarded-Host host.example.com;
-
it
:
should set static X-Forwarded-Host header < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
hostname
:
host.example.com
ingress
:
configurationSnippet
:
|
more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
certmanager.k8s.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
30"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
nginx.ingress.kubernetes.io/configuration-snippet
:
|
more_set_input_headers X-Forwarded-Host host.example.com;
-
it
:
should set static X-Forwarded-Host header > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
set
:
hostname
:
host.example.com
ingress
:
configurationSnippet
:
|
more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
cert-manager.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
30"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
nginx.ingress.kubernetes.io/configuration-snippet
:
|
more_set_input_headers X-Forwarded-Host host.example.com;
-
it
:
should set static X-Forwarded-Host header > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
hostname
:
host.example.com
ingress
:
configurationSnippet
:
|
more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};
asserts
:
-
equal
:
path
:
metadata.annotations
value
:
cert-manager.io/issuer
:
RELEASE-NAME-rancher
nginx.ingress.kubernetes.io/proxy-connect-timeout
:
"
30"
nginx.ingress.kubernetes.io/proxy-read-timeout
:
"
1800"
nginx.ingress.kubernetes.io/proxy-send-timeout
:
"
1800"
nginx.ingress.kubernetes.io/configuration-snippet
:
|
more_set_input_headers X-Forwarded-Host host.example.com;
This diff is collapsed.
Click to expand it.
chart/tests/issuer_test.yaml
+
183
-
5
View file @
e2191da8
...
...
@@ -23,7 +23,10 @@ tests:
-
hasDocuments
:
count
:
0
template
:
issuer-rancher.yaml
-
it
:
should render letsEncrypt but not rancher
-
it
:
should render letsEncrypt but not rancher with cert-manager < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
set
:
ingress.tls.source
:
letsEncrypt
asserts
:
...
...
@@ -33,7 +36,69 @@ tests:
-
hasDocuments
:
count
:
0
template
:
issuer-rancher.yaml
-
it
:
should render rancher but not letsEncrypt
-
it
:
should render letsEncrypt but not rancher with cert-manager < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
ingress.tls.source
:
letsEncrypt
asserts
:
-
hasDocuments
:
count
:
1
template
:
issuer-letsEncrypt.yaml
-
hasDocuments
:
count
:
0
template
:
issuer-rancher.yaml
-
it
:
should render letsEncrypt but not rancher with cert-manager > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
set
:
ingress.tls.source
:
letsEncrypt
asserts
:
-
hasDocuments
:
count
:
1
template
:
issuer-letsEncrypt.yaml
-
hasDocuments
:
count
:
0
template
:
issuer-rancher.yaml
-
it
:
should render letsEncrypt but not rancher with cert-manager > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
ingress.tls.source
:
letsEncrypt
asserts
:
-
hasDocuments
:
count
:
1
template
:
issuer-letsEncrypt.yaml
-
hasDocuments
:
count
:
0
template
:
issuer-rancher.yaml
-
it
:
should render rancher but not letsEncrypt with cert-manager < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
set
:
ingress.tls.source
:
rancher
asserts
:
-
hasDocuments
:
count
:
0
template
:
issuer-letsEncrypt.yaml
-
hasDocuments
:
count
:
1
template
:
issuer-rancher.yaml
-
it
:
should render rancher but not letsEncrypt with cert-manager < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
ingress.tls.source
:
rancher
asserts
:
-
hasDocuments
:
count
:
0
template
:
issuer-letsEncrypt.yaml
-
hasDocuments
:
count
:
1
template
:
issuer-rancher.yaml
-
it
:
should render rancher but not letsEncrypt with cert-manager > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
set
:
ingress.tls.source
:
rancher
asserts
:
...
...
@@ -43,7 +108,21 @@ tests:
-
hasDocuments
:
count
:
1
template
:
issuer-rancher.yaml
-
it
:
should set letsEncrypt production by default
-
it
:
should render rancher but not letsEncrypt with cert-manager > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
ingress.tls.source
:
rancher
asserts
:
-
hasDocuments
:
count
:
0
template
:
issuer-letsEncrypt.yaml
-
hasDocuments
:
count
:
1
template
:
issuer-rancher.yaml
-
it
:
should set letsEncrypt production by default with cert-manager < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
set
:
ingress.tls.source
:
letsEncrypt
asserts
:
...
...
@@ -51,7 +130,39 @@ tests:
path
:
spec.acme.server
value
:
https://acme-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt staging
-
it
:
should set letsEncrypt production by default with cert-manager < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
ingress.tls.source
:
letsEncrypt
asserts
:
-
equal
:
path
:
spec.acme.server
value
:
https://acme-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt production by default with cert-manager > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
set
:
ingress.tls.source
:
letsEncrypt
asserts
:
-
equal
:
path
:
spec.acme.server
value
:
https://acme-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt production by default with cert-manager > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
ingress.tls.source
:
letsEncrypt
asserts
:
-
equal
:
path
:
spec.acme.server
value
:
https://acme-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt staging with cert-manager < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
set
:
ingress.tls.source
:
letsEncrypt
letsEncrypt.environment
:
staging
...
...
@@ -60,8 +171,75 @@ tests:
path
:
spec.acme.server
value
:
https://acme-staging-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt email address
-
it
:
should set letsEncrypt staging with cert-manager < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
ingress.tls.source
:
letsEncrypt
letsEncrypt.environment
:
staging
asserts
:
-
equal
:
path
:
spec.acme.server
value
:
https://acme-staging-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt staging with cert-manager > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
set
:
ingress.tls.source
:
letsEncrypt
letsEncrypt.environment
:
staging
asserts
:
-
equal
:
path
:
spec.acme.server
value
:
https://acme-staging-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt staging with cert-manager > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
ingress.tls.source
:
letsEncrypt
letsEncrypt.environment
:
staging
asserts
:
-
equal
:
path
:
spec.acme.server
value
:
https://acme-staging-v02.api.letsencrypt.org/directory
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt email address with cert-manager < 0.11.0 using capabilities
capabilities
:
apiversions
:
-
certmanager.k8s.io/v1alpha1
set
:
ingress.tls.source
:
letsEncrypt
letsEncrypt.email
:
test@test.org
asserts
:
-
equal
:
path
:
spec.acme.email
value
:
test@test.org
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt email address with cert-manager < 0.11.0 using parameter
set
:
certmanager.version
:
0.9.0
ingress.tls.source
:
letsEncrypt
letsEncrypt.email
:
test@test.org
asserts
:
-
equal
:
path
:
spec.acme.email
value
:
test@test.org
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt email address with cert-manager > 0.11.0 using capabilities
capabilities
:
apiversions
:
-
cert-manager.io/v1alpha2
set
:
ingress.tls.source
:
letsEncrypt
letsEncrypt.email
:
test@test.org
asserts
:
-
equal
:
path
:
spec.acme.email
value
:
test@test.org
template
:
issuer-letsEncrypt.yaml
-
it
:
should set letsEncrypt email address with cert-manager > 0.11.0 using parameter
set
:
certmanager.version
:
0.12.0
ingress.tls.source
:
letsEncrypt
letsEncrypt.email
:
test@test.org
asserts
:
...
...
This diff is collapsed.
Click to expand it.
chart/values.yaml
+
4
-
0
View file @
e2191da8
...
...
@@ -98,3 +98,7 @@ resources: {}
# - ingress (default)
# - external
tls
:
ingress
# Certmanager version compatibility
certmanager
:
version
:
"
"
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help