Fix vault-app to use upversioned cert-manager
On [1] and [2] cert-manager was migrated to fluxcd and upversioned to version 1.7.1, but the vault helm-charts are still creating CRs with apiVersion v1beta2. This commit fixes it. [1] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/831956 [2] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/838590 TEST PLAN PASS build vault-fluxcd app PASS Upload PASS Apply (verified created resources) PASS Remove PASS Delete Logs: https://paste.opendev.org/show/bxn3yZEzas1o9bODJ5RO/ Story: 2009837 Task: 45363 Signed-off-by: Thiago Brito <thiago.brito@windriver.com> Change-Id: I4d61f65f453cdd55f514e8bd45c2c43ce5e45cc3
This commit is contained in:
parent
2115404c7d
commit
b04ebb5b79
|
@ -21,34 +21,31 @@ data:
|
|||
tls.crt: {{ b64enc $ca.Cert }}
|
||||
tls.key: {{ b64enc $ca.Key }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: ca-issuer
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: {{ template "vault.name" . }}-ca
|
||||
status: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: vault-server-tls
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
# Secret names are always required.
|
||||
secretName: vault-server-tls
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
organization:
|
||||
- stx
|
||||
isCA: false
|
||||
keySize: 2048
|
||||
keyAlgorithm: rsa
|
||||
keyEncoding: pkcs1
|
||||
duration: 2160h0m0s # 90d
|
||||
renewBefore: 360h0m0s # 15d
|
||||
usages:
|
||||
- server auth
|
||||
- client auth
|
||||
- server auth
|
||||
- client auth
|
||||
# At least one of a DNS Name, URI, or IP address is required.
|
||||
dnsNames:
|
||||
- sva-{{ template "vault.name" . }}
|
||||
|
@ -68,4 +65,12 @@ spec:
|
|||
kind: Issuer
|
||||
# This is optional since cert-manager will default to this value however
|
||||
# if you are using an external issuer, change this to that issuer group.
|
||||
group: cert-manager.io
|
||||
group: cert-manager.io
|
||||
privateKey:
|
||||
algorithm: RSA
|
||||
encoding: PKCS1
|
||||
size: 2048
|
||||
subject:
|
||||
organizations:
|
||||
- stx
|
||||
status: {}
|
||||
|
|
Loading…
Reference in New Issue