Cert manager version doesnt match the documentation #5946
Comments
|
As I see it was updated here, but the deployment file does not use this variable at all: |
|
And also which is even bigger problem that the cert-manager-controller has the new version and thats incompatible with the old cert-manager. |
|
You are probably looking at the Then copied into |
|
@Miouge1 exactly, thats for the controller and the actual cert manager version is hardcoded here: https://github.com/kubernetes-sigs/kubespray/blob/master/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2#L9 |
|
And that's just a label. It has no impact on the docker image used etc... try it out for yourself to double check. |
|
Well, I have tried and it wasnt working so I had to setup from scratch. But close it please if you feel its working, it didnt work for me because the controller and the cert manager wasnt compatible with one and the other. |
|
I've hit on the same issue. Kubespray 2.13.0. Though tried to find some quick and dirty fix. Based on release log https://github.com/jetstack/cert-manager/releases/tag/v0.11.0, there are a few new resources were absent. While I succeeded to create them, that didn't help much. After diving deeper into helm chart, I found a few deployments and services are also missing as well as more complicated role management. So I'm under impression nowadays integration is completely broken and should be rewritten from scratch :( Would be glad to be mistaken. Seems nowadays it's easier to install cert-manager separately. |
|
I've successfully implemented Cert-Manager Cert-Manager I'd be happy to create a PR to get this version integrated with the latest Kubespray codebase? |
|
I also had issues using the Cert-Manager as installed by Kubespray. There were api version mismatch with the examples provided in the Cert-Manager documentation (and there were other access-related issues once I resolved those). Just applying the manifests of a more recent version of Cert-Manager as indicated here worked for me: https://cert-manager.io/docs/installation/kubernetes/#installing-with-regular-manifests |
Oh my, please do ! :) this is something needed, and I didn't have a cluster setup with that to properly update and test it. |
Please, let me know if I'm just creating noise, but I'm wondering if you really want to take on the burden of supporting cert-manager for this project (in the context of what I assume is an idempotent mostly declarative installer). From what I could gather from the cert-manager documentation, their api is not stable and there are breaking changes with each release that requires a careful migration: https://cert-manager.io/docs/installation/upgrading/#upgrading-using-static-manifests What I assume this means if someone has a previous version of cert-manager installed and the version is bumped up in a future release of kubepray is: the best the installer can do in such a situation is abort the installation and tell the user he/she will have to migrate this manually. Then again, maybe the version of cert-manager will remain the same in a given release of kubespray and such breaking changes are to be expected across releases in which case this would be a non-issue. Anyways, food for thought. |
Kind of agree with you, but I'm hopeful they will have something stable overtime.. best we can do right now is putting a bit warning in the release note and tell users to be careful if an old version is already installed ? |
Agreed. While common sense should dictate caution when running a newer revision of Kubespray on a pre-existing cluster (ie, try it on a dummy environment), I'm guessing based on what I've seen so far in the industry that someone would fall for it. I cogitated about it over the weekend and I think there are two potential longer term solutions to the problem (not mutually exclusive) until it becomes stables:
Even when it becomes stable, the above would provide a path forward in case of future breaking api changes or just for ultra-cautious developers who want to lock their versions to prevent regression bugs. I could look into it if you like. |
New Features: NGINX 1.19.2 New configmap option enable-real-ip to enable realip_module Use k8s.gcr.io vanity domain Go 1.15 client-go v0.18.6 Migrate to klog v2 Changes: kubernetes-sigs#5887 Add force-enable-realip-module kubernetes-sigs#5888 Update dev-env.sh script kubernetes-sigs#5923 Fix error in grpcbin deployment and enable e2e test kubernetes-sigs#5924 Validate endpoints are ready in e2e tests kubernetes-sigs#5931 Add opentracing operation name settings kubernetes-sigs#5933 Update opentracing nginx module kubernetes-sigs#5946 Do not add namespace to cluster-scoped resources kubernetes-sigs#5951 Use env expansion to provide namespace in container args kubernetes-sigs#5952 Refactor shutdown e2e tests kubernetes-sigs#5957 bump fsnotify to v1.4.9 kubernetes-sigs#5958 Disable enable-access-log-for-default-backend e2e test kubernetes-sigs#5984 Fix panic in ingress class validation kubernetes-sigs#5986 Migrate to klog v2 kubernetes-sigs#5987 Fix wait times in e2e tests kubernetes-sigs#5990 Fix nginx command env variable reference kubernetes-sigs#6004 Update nginx to 1.19.2 kubernetes-sigs#6006 Update nginx image kubernetes-sigs#6007 Update e2e-test-runner image kubernetes-sigs#6008 Rollback update of Jaeger library to 0.5.0 and update datadog to 1.2.0 kubernetes-sigs#6014 Update go dependencies kubernetes-sigs#6039 Add configurable serviceMonitor metricRelabelling and targetLabels kubernetes-sigs#6046 Add new Dockerfile label org.opencontainers.image.revision kubernetes-sigs#6047 Increase wait times in e2e tests kubernetes-sigs#6049 Improve docs and logging for --ingress-class usage kubernetes-sigs#6052 Fix flaky e2e test kubernetes-sigs#6056 Rollback to Poll instead of PollImmediate kubernetes-sigs#6062 Adjust e2e timeouts kubernetes-sigs#6063 Remove file system paths executables kubernetes-sigs#6080 Use k8s.gcr.io vanity domain
Environment:
Kubespray version (commit) (
git rev-parse --short HEAD):Latest
Anything else do we need to know:
The documentation says that it uses cert-manager v0.11.0 (which would be the latest version) but meanwhile in the code it still uses 0.5.2 (https://github.com/kubernetes-sigs/kubespray/blob/master/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2)
Am I missing something and cert-manager is not part of kubespray anymore or is this a bug?
The text was updated successfully, but these errors were encountered: