Fix vault-app to use upversioned cert-manager

On [1] and [2] cert-manager was migrated to fluxcd and upversioned to version 1.7.1, but the vault helm-charts are still creating CRs with apiVersion v1beta2. This commit fixes it. [1] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/831956 [2] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/838590 TEST PLAN PASS build vault-fluxcd app PASS Upload PASS Apply (verified created resources) PASS Remove PASS Delete Logs: https://paste.opendev.org/show/bxn3yZEzas1o9bODJ5RO/ Story: 2009837 Task: 45363 Signed-off-by: Thiago Brito <thiago.brito@windriver.com> Change-Id: I4d61f65f453cdd55f514e8bd45c2c43ce5e45cc3
2022-05-13 09:25:11 -03:00 · 2022-05-13 09:25:11 -03:00 · b04ebb5b79
parent 2115404c7d
commit b04ebb5b79
1 changed files with 18 additions and 13 deletions
--- a/vault-helm/vault-helm/helm-charts/vault-certificates.yaml
+++ b/vault-helm/vault-helm/helm-charts/vault-certificates.yaml
@ -21,34 +21,31 @@ data:
  tls.crt: {{ b64enc $ca.Cert }}
  tls.key: {{ b64enc $ca.Key }}
 ---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
+  creationTimestamp: null
  name: ca-issuer
  namespace: {{ .Release.Namespace }}
 spec:
  ca:
    secretName: {{ template "vault.name" . }}-ca
+status: {}
 ---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
+  creationTimestamp: null
  name: vault-server-tls
  namespace: {{ .Release.Namespace }}
 spec:
  # Secret names are always required.
  secretName: vault-server-tls
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
-  organization:
-  - stx
-  isCA: false
-  keySize: 2048
-  keyAlgorithm: rsa
-  keyEncoding: pkcs1
+  duration: 2160h0m0s  # 90d
+  renewBefore: 360h0m0s  # 15d
  usages:
-    - server auth
-    - client auth
+  - server auth
+  - client auth
  # At least one of a DNS Name, URI, or IP address is required.
  dnsNames:
  - sva-{{ template "vault.name" . }}
@ -68,4 +65,12 @@ spec:
    kind: Issuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
-    group: cert-manager.io
+    group: cert-manager.io
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  subject:
+    organizations:
+    - stx
+status: {}