From 62b1166911fc9d8a2a77ccc604ec92c05d0195b6 Mon Sep 17 00:00:00 2001
From: Wong Hoi Sing Edison <hswong3i@gmail.com>
Date: Tue, 26 Jun 2018 14:42:05 +0800
Subject: [PATCH] cert-manager: Upgrade to 0.3.2

Upstream Changes:

-   cert-manager 0.3.2 (https://github.com/jetstack/cert-manager/releases/tag/v0.3.2)

Our Changes:

-   Remove legacy addon dir, manifests and namespace before upgrade
---
 README.md                                     |  2 +-
 roles/download/defaults/main.yml              |  2 +-
 .../cert_manager/tasks/main.yml               | 36 ++++++++++++++-----
 ...-manager-ns.yml.j2 => 00-namespace.yml.j2} |  0
 ...yml.j2 => clusterrole-cert-manager.yml.j2} |  2 +-
 ...=> clusterrolebinding-cert-manager.yml.j2} |  2 +-
 ...cate-crd.yml.j2 => crd-certificate.yml.j2} |  2 +-
 ...er-crd.yml.j2 => crd-clusterissuer.yml.j2} |  2 +-
 ...er-issuer-crd.yml.j2 => crd-issuer.yml.j2} |  2 +-
 ...ploy.yml.j2 => deploy-cert-manager.yml.j2} |  2 +-
 ...nager-sa.yml.j2 => sa-cert-manager.yml.j2} |  2 +-
 11 files changed, 37 insertions(+), 17 deletions(-)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-ns.yml.j2 => 00-namespace.yml.j2} (100%)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-clusterrole.yml.j2 => clusterrole-cert-manager.yml.j2} (96%)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-clusterrolebinding.yml.j2 => clusterrolebinding-cert-manager.yml.j2} (92%)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-certificate-crd.yml.j2 => crd-certificate.yml.j2} (92%)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-clusterissuer-crd.yml.j2 => crd-clusterissuer.yml.j2} (91%)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-issuer-crd.yml.j2 => crd-issuer.yml.j2} (91%)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-deploy.yml.j2 => deploy-cert-manager.yml.j2} (97%)
 rename roles/kubernetes-apps/ingress_controller/cert_manager/templates/{cert-manager-sa.yml.j2 => sa-cert-manager.yml.j2} (86%)

diff --git a/README.md b/README.md
index b43bec727..9a234fd0c 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ Supported Components
     -   [weave](https://github.com/weaveworks/weave) v2.3.0
 -   Application
     -   [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v1.1.0-k8s1.10
-    -   [cert-manager](https://github.com/jetstack/cert-manager) v0.3.0
+    -   [cert-manager](https://github.com/jetstack/cert-manager) v0.3.2
     -   [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.15.0
 
 Note: kubernetes doesn't support newer docker versions. Among other things kubelet currently breaks on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 3b0932784..597eea501 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -160,7 +160,7 @@ ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/ngin
 ingress_nginx_controller_image_tag: "0.15.0"
 ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend"
 ingress_nginx_default_backend_image_tag: "1.4"
-cert_manager_version: "v0.3.0"
+cert_manager_version: "v0.3.2"
 cert_manager_controller_image_repo: "quay.io/jetstack/cert-manager-controller"
 cert_manager_controller_image_tag: "{{ cert_manager_version }}"
 
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
index eeb29da2d..d8ca7ad17 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
@@ -1,5 +1,23 @@
 ---
 
+- name: Cert Manager | Remove legacy addon dir and manifests
+  file:
+    path: "{{ kube_config_dir }}/addons/cert_manager"
+    state: absent
+  when:
+    - inventory_hostname == groups['kube-master'][0]
+  tags:
+    - upgrade
+
+- name: Cert Manager | Remove legacy namespace
+  shell: |
+    {{ bin_dir }}/kubectl delete namespace {{ cert_manager_namespace }}
+  ignore_errors: yes
+  when:
+    - inventory_hostname == groups['kube-master'][0]
+  tags:
+    - upgrade
+
 - name: Cert Manager | Create addon dir
   file:
     path: "{{ kube_config_dir }}/addons/cert_manager"
@@ -7,20 +25,22 @@
     owner: root
     group: root
     mode: 0755
+  when:
+    - inventory_hostname == groups['kube-master'][0]
 
 - name: Cert Manager | Create manifests
   template:
     src: "{{ item.file }}.j2"
     dest: "{{ kube_config_dir }}/addons/cert_manager/{{ item.file }}"
   with_items:
-    - { name: cert-manager-ns, file: cert-manager-ns.yml, type: ns }
-    - { name: cert-manager-sa, file: cert-manager-sa.yml, type: sa }
-    - { name: cert-manager-clusterrole, file: cert-manager-clusterrole.yml, type: clusterrole }
-    - { name: cert-manager-clusterrolebinding, file: cert-manager-clusterrolebinding.yml, type: clusterrolebinding }
-    - { name: cert-manager-issuer-crd, file: cert-manager-issuer-crd.yml, type: crd }
-    - { name: cert-manager-clusterissuer-crd, file: cert-manager-clusterissuer-crd.yml, type: crd }
-    - { name: cert-manager-certificate-crd, file: cert-manager-certificate-crd.yml, type: crd }
-    - { name: cert-manager-deploy, file: cert-manager-deploy.yml, type: deploy }
+    - { name: 00-namespace, file: 00-namespace.yml, type: ns }
+    - { name: sa-cert-manager, file: sa-cert-manager.yml, type: sa }
+    - { name: crd-certificate, file: crd-certificate.yml, type: crd }
+    - { name: crd-clusterissuer, file: crd-clusterissuer.yml, type: crd }
+    - { name: crd-issuer, file: crd-issuer.yml, type: crd }
+    - { name: clusterrole-cert-manager, file: clusterrole-cert-manager.yml, type: clusterrole }
+    - { name: clusterrolebinding-cert-manager, file: clusterrolebinding-cert-manager.yml, type: clusterrolebinding }
+    - { name: deploy-cert-manager, file: deploy-cert-manager.yml, type: deploy }
   register: cert_manager_manifests
   when:
     - inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-ns.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2
similarity index 100%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-ns.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/00-namespace.yml.j2
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrole.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2
similarity index 96%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrole.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2
index e7f7aa47b..2480113bf 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrole.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrole-cert-manager.yml.j2
@@ -5,7 +5,7 @@ metadata:
   name: cert-manager
   labels:
     app: cert-manager
-    chart: cert-manager-v0.3.2
+    chart: cert-manager-v0.3.4
     release: cert-manager
     heritage: Tiller
 rules:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrolebinding.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2
similarity index 92%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrolebinding.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2
index 6cf3c2a31..445452643 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterrolebinding.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/clusterrolebinding-cert-manager.yml.j2
@@ -5,7 +5,7 @@ metadata:
   name: cert-manager
   labels:
     app: cert-manager
-    chart: cert-manager-v0.3.2
+    chart: cert-manager-v0.3.4
     release: cert-manager
     heritage: Tiller
 roleRef:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-certificate-crd.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2
similarity index 92%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-certificate-crd.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2
index 3b154656f..c006d5747 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-certificate-crd.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2
@@ -5,7 +5,7 @@ metadata:
   name: certificates.certmanager.k8s.io
   labels:
     app: cert-manager
-    chart: cert-manager-v0.3.2
+    chart: cert-manager-v0.3.4
     release: cert-manager
     heritage: Tiller
 spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterissuer-crd.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2
similarity index 91%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterissuer-crd.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2
index 38f68cb2f..bc69736d5 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-clusterissuer-crd.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-clusterissuer.yml.j2
@@ -5,7 +5,7 @@ metadata:
   name: clusterissuers.certmanager.k8s.io
   labels:
     app: cert-manager
-    chart: cert-manager-v0.3.2
+    chart: cert-manager-v0.3.4
     release: cert-manager
     heritage: Tiller
 spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-issuer-crd.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2
similarity index 91%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-issuer-crd.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2
index 041b82559..c46b58a10 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-issuer-crd.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-issuer.yml.j2
@@ -5,7 +5,7 @@ metadata:
   name: issuers.certmanager.k8s.io
   labels:
     app: cert-manager
-    chart: cert-manager-v0.3.2
+    chart: cert-manager-v0.3.4
     release: cert-manager
     heritage: Tiller
 spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-deploy.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
similarity index 97%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-deploy.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
index 1760ed4b8..de13ad05a 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-deploy.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
@@ -6,7 +6,7 @@ metadata:
   namespace: {{ cert_manager_namespace }}
   labels:
     app: cert-manager
-    chart: cert-manager-v0.3.2
+    chart: cert-manager-v0.3.4
     release: cert-manager
     heritage: Tiller
 spec:
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-sa.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2
similarity index 86%
rename from roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-sa.yml.j2
rename to roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2
index b96c97a2a..f6060c01a 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager-sa.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/sa-cert-manager.yml.j2
@@ -6,6 +6,6 @@ metadata:
   namespace: {{ cert_manager_namespace }}
   labels:
     app: cert-manager
-    chart: cert-manager-v0.3.2
+    chart: cert-manager-v0.3.4
     release: cert-manager
     heritage: Tiller