From 1e0a190aa61b7e6d97f603ea7158f4c8b62760e0 Mon Sep 17 00:00:00 2001 From: Elisamara Aoki Goncalves Date: Tue, 21 Jun 2022 10:57:10 -0300 Subject: [PATCH] Platform Application Components updates ingress-nginx Story: 2009836 Task: 45655 Signed-off-by: Elisamara Aoki Goncalves Change-Id: I93eb5e8e873c29d01d5311a45c252d481c306243 --- .../the-cert-manager-bootstrap-process.rst | 70 ++++++------------- 1 file changed, 20 insertions(+), 50 deletions(-) diff --git a/doc/source/security/kubernetes/the-cert-manager-bootstrap-process.rst b/doc/source/security/kubernetes/the-cert-manager-bootstrap-process.rst index ab9db1f2d..45246b11f 100644 --- a/doc/source/security/kubernetes/the-cert-manager-bootstrap-process.rst +++ b/doc/source/security/kubernetes/the-cert-manager-bootstrap-process.rst @@ -2,41 +2,22 @@ .. gks1588335341933 .. _the-cert-manager-bootstrap-process: -===================================== +=================================== Configure cert-manager at Bootstrap -===================================== +=================================== -Both nginx-ingress-controller and cert-manager are installed at bootstrap time -with defaults appropriate to most use cases, but their configuration can be -modified at bootstrap. +Both ``nginx-ingress-controller`` and ``cert-manager`` are packaged as |prod| +system applications. They are uploaded and applied, by default at bootstrap +time with defaults appropriate to most use cases, but their configuration can +be modified at bootstrap. -Nginx-ingress-controller and cert-manager are packaged as armada system -applications. - -Both system applications are uploaded and applied, by default, as part of -the bootstrap phase of the |prod-long| installation. -/usr/share/ansible/stx-ansible/playbooks/host\_vars/bootstrap/default.yml -contains the following definition: - -.. code-block:: none - - ... - applications: - - /usr/local/share/applications/helm/nginx-ingress-controller-1.0-0.tgz: - - /usr/local/share/applications/helm/cert-manager-1.0-0.tgz: - ... - - -As with other parameters in default.yml, you can override this definition in -$HOME/localhost.yml. In the case of the ``applications``: parameter, do this to -change the application helm overrides for an application. - -The full general syntax for the ``applications:`` structure is: +To override the default configuration add an applications section in +``$HOME/localhost.yml``, as shown below: .. code-block:: none applications: - - /full/path/to/appOne-1.0-0.tgz: + - usr/local/share/applications/helm/nginx-ingress-controller-{version}.tgz: overrides: - chart: appOne-ChartOne namespace: kube-system @@ -44,33 +25,23 @@ The full general syntax for the ``applications:`` structure is: - chart: appOne-ChartTwo namespace: kube-system values-path: /home/sysinv/appOne-ChartTwo-overrides.yaml - - /full/path/to/appTwo-1.0-0.tgz: + - /usr/local/share/applications/helm/cert-manager-{version}.tgz: overrides: - chart: appTwo-ChartOne namespace: kube-system values-path: /home/sysinv/appTwo-ChartOne-overrides.yaml -If you do override ``applications:`` in $HOME/localhost.yml, note the following: +.. note:: - -.. _the-cert-manager-bootstrap-process-ul-o3j-vdv-nlb: - -- The applications: definition in localhost.yml replaces rather than - augments the definition in default.yml. - -- Semantically, nginx-ingress-controller and cert-manager are mandatory - and must be in this order, otherwise bootstrap fails. - - -|org| recommends that you copy ``applications:`` from default.yml and add in -any required overrides. + Semantically, ``nginx-ingress-controller`` and ``cert-manager`` are + mandatory and must be in this order, otherwise bootstrap fails. At a high-level, the default configuration for the two mandatory applications is: .. _the-cert-manager-bootstrap-process-ul-dxm-q2v-nlb: -- nginx-ingress-controller +- ``nginx-ingress-controller`` - Runs as a DaemonSet only on controllers. @@ -82,7 +53,7 @@ At a high-level, the default configuration for the two mandatory applications is - Has a default backend. -- cert-manager +- ``cert-manager`` - Runs as a Deployment only on controllers. @@ -93,6 +64,7 @@ At a high-level, the default configuration for the two mandatory applications is - The deployment replicaCount is set to 1 for bootstrap. .. note:: + replicaCount can NOT be changed at bootstrap time. The second controller must be configured and unlocked before replicaCount can be set to 2. @@ -102,12 +74,10 @@ web pages: .. _the-cert-manager-bootstrap-process-ul-d4j-khv-nlb: -- Nginx-ingress-controller +- ``nginx-ingress-controller`` - `https://github.com/kubernetes/ingress-nginx/tree/controller-v0.41.2 `__ - -- cert-manager - - `https://github.com/jetstack/cert-manager/blob/release-0.15/deploy/charts/cert-manager/README.template.md `__ + `https://github.com/kubernetes/ingress-nginx/blob/controller-v1.1.1/charts/ingress-nginx/values.yaml `__ +- ``cert-manager`` + `https://github.com/cert-manager/cert-manager/blob/release-1.7/deploy/charts/cert-manager/values.yaml `__