Upgrade cert-manager installation in k8s

Note that the spec has changed for v1alpha2.
2025-01-25 22:18:24 +00:00 · 2020-03-26 11:33:06 +01:00 · 2020-03-26 11:33:06 +01:00 · e4ca99b237
commit e4ca99b237
parent d1f1a33f51
3 changed files with 10 additions and 15 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".

 ## Unreleased

+- [Improvement] Upgrade k8s certificate issuer to cert-manager.io/v1alpha2
 - [Feature] Add SCORM XBlock to default openedx docker image

 ## v3.11.12 (2020-04-16)
--- a/docs/k8s.rst
+++ b/docs/k8s.rst
@ -50,9 +50,7 @@ cert-manager for TLS certificates

 Tutor relies on `cert-manager <https://docs.cert-manager.io/>`_ to generate TLS certificates for HTTPS access. In order to activate HTTPS support, you will have to install cert-manager yourself. To do so, follow the `instructions from the official documentation <https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html>`_. It might be as simple as running::

-    kubectl create namespace cert-manager
-    kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
-    kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.8.0/cert-manager.yaml
+    kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml

 If you decide to enable HTTPS certificates, you will also have to set ``WEB_PROXY=true`` in the platform configuration, because the SSL/TLS termination will not occur in the Nginx container, but in the Ingress controller. To do so, run::
  
--- a/tutor/templates/k8s/ingress.yml
+++ b/tutor/templates/k8s/ingress.yml
@ -7,8 +7,8 @@ metadata:
    app.kubernetes.io/name: web
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 1000m
-    {% if ACTIVATE_HTTPS%}certmanager.k8s.io/issuer: letsencrypt
-    certmanager.k8s.io/acme-challenge-type: http01{% endif %}
+    {% if ACTIVATE_HTTPS%}cert-manager.io/issuer: letsencrypt
+    cert-manager.io/acme-challenge-type: http01{% endif %}
 spec:
  rules:
  {% for host in hosts %}
@ -29,7 +29,7 @@ spec:
  {%endif%}
 {% if ACTIVATE_HTTPS %}
 ---
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1alpha2
 kind: Issuer
 metadata:
  name: letsencrypt
@ -41,9 +41,12 @@ spec:
    email: {{ CONTACT_EMAIL }}
    privateKeySecretRef:
      name: letsencrypt-privatekey
-    http01: {}
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
 ---
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1alpha2
 kind: Certificate
 metadata:
  name: {{ LMS_HOST|replace(".", "-") }}
@ -55,12 +58,5 @@ spec:
  dnsNames:
  - {{ LMS_HOST }}
  - {{ CMS_HOST }}
-  acme:
-    config:
-    - http01:
-        ingress: web
-      domains:
-      - {{ LMS_HOST }}
-      - {{ CMS_HOST }}
 {{ patch("k8s-ingress-certificates") }}
 {% endif %}