Merge pull request #2456 from rawmind0/staging

Updated installation docs: cert-manager version to 0.14.2
2026-05-21 12:25:19 +00:00 · 2020-04-17 14:13:02 -07:00
parent 31b1f8d315 9cc63b9c84
commit 846983d96a
8 changed files with 38 additions and 24 deletions
@@ -89,7 +89,7 @@ These instructions are adapted from the [official cert-manager documentation](ht

 ```
 # Install the CustomResourceDefinition resources separately
-kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml
+kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml

 # **Important:**
 # If you are running Kubernetes v1.15 or below, you
@@ -114,7 +114,7 @@ helm repo update
 helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
-  --version v0.12.0
+  --version v0.14.2
 ```

 Once you’ve installed cert-manager, you can verify it is deployed correctly by checking the cert-manager namespace for running pods:
@@ -87,12 +87,12 @@ By default, Rancher generates a CA and uses cert-manager to issue the certificat
 1. Fetch the latest cert-manager chart available from the [Helm chart repository](https://hub.helm.sh/charts/jetstack/cert-manager).

   ```plain
-   helm fetch jetstack/cert-manager --version v0.12.0
+   helm fetch jetstack/cert-manager --version v0.14.2
   ```

 1. Render the cert manager template with the options you would like to use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files.
   ```plain
-   helm template ./cert-manager-v0.12.0.tgz --output-dir . \
+   helm template ./cert-manager-v0.14.2.tgz --output-dir . \
       --name cert-manager --namespace cert-manager \
       --set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
       --set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook
@@ -101,7 +101,7 @@ By default, Rancher generates a CA and uses cert-manager to issue the certificat

 1. Download the required CRD file for cert-manager
   ```plain
-   curl -L -o cert-manager/cert-manager-crd.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml
+   curl -L -o cert-manager/cert-manager-crd.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml
   ```
 1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools.

@@ -56,7 +56,7 @@ In a Kubernetes Install, if you elect to use the Rancher default self-signed TLS
    ```plain
    helm repo add jetstack https://charts.jetstack.io
    helm repo update
-    helm fetch jetstack/cert-manager --version v0.12.0
+    helm fetch jetstack/cert-manager --version v0.14.2
    helm template ./cert-manager-<version>.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt
    ```

@@ -220,7 +220,7 @@ The workstation must have Docker 18.02+ in order to support manifests, which are
      ```plain
      helm repo add jetstack https://charts.jetstack.io
      helm repo update
-      helm fetch jetstack/cert-manager --version v0.12.0
+      helm fetch jetstack/cert-manager --version v0.14.2
      helm template ./cert-manager-<version>.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt
      ```

@@ -79,7 +79,7 @@ These instructions are adapted from the [official cert-manager documentation](ht
    helm install \
      --name cert-manager \
      --namespace cert-manager \
-      --version v0.12.0 \
+      --version v0.14.2 \
      jetstack/cert-manager
    ```

@@ -8,6 +8,7 @@ Rancher uses cert-manager to automatically generate and renew TLS certificates f
 1. [Let's Encrypt will be blocking cert-manager instances older than 0.8.0 starting November 1st 2019.](https://community.letsencrypt.org/t/blocking-old-cert-manager-versions/98753)
 1. [Cert-manager is deprecating and replacing the certificate.spec.acme.solvers field](https://cert-manager.io/docs/installation/upgrading/upgrading-0.7-0.8/). This change has no exact deadline.
 1. [Cert-manager is deprecating `v1alpha1` API and replacing its API group](https://cert-manager.io/docs/installation/upgrading/upgrading-0.10-0.11/)
+1. [Cert-manager is changing the Deployment selector](https://cert-manager.io/docs/installation/upgrading/upgrading-0.13-0.14/)

 To address these changes, this guide will do two things:

@@ -18,8 +19,8 @@ To address these changes, this guide will do two things:
 > If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them:

 > 1. Take a one-time snapshot of your Kubernetes cluster running Rancher server
-> 2. Uninstall Rancher, cert-manager, and the CustomResourceDefinition for cert-manager
-> 3. Install the newer version of Rancher and cert-manager 
+> 2. Uninstall Rancher, cert-manager and the CustomResourceDefinition for cert-manager
+> 3. Install the new CustomResourceDefinition for cert-manager, cert-manager and the newer version of Rancher 

 > The reason is that when Helm upgrades Rancher, it will reject the upgrade and show error messages if the running Rancher app does not match the chart template used to install it. Because cert-manager changed its API group and we cannot modify released charts for Rancher, there will always be a mismatch on the cert-manager's API version, therefore the upgrade will be rejected.

@@ -27,6 +28,10 @@ To address these changes, this guide will do two things:

 ## Upgrade Cert-Manager Only 

+If you are running cert-manager version 0.11.x or above, please follow official [upgrading doc](https://cert-manager.io/docs/installation/upgrading/#upgrading-with-helm) to upgrade it using helm. 
+
+Continue reading if you are comming from a cert-manager version older than 0.11
+
 > **Note:**
 > These instructions are applied if you have no plan to upgrade Rancher. 

@@ -62,7 +67,7 @@ In order to upgrade cert-manager, follow these instructions:
 1. Install the CustomResourceDefinition resources separately

    ```plain
-    kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml
+    kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml
    ```

    > **Note:**
@@ -92,7 +97,7 @@ In order to upgrade cert-manager, follow these instructions:
    helm install \
      cert-manager jetstack/cert-manager \
      --namespace cert-manager \
-      --version v0.12.0 
+      --version v0.14.2 
    ```

 1. [Restore back up resources](https://cert-manager.io/docs/tutorials/backup/#restoring-resources)
@@ -120,7 +125,7 @@ Before you can perform the upgrade, you must prepare your air gapped environment
 1. Fetch the latest cert-manager chart available from the [Helm chart repository](https://hub.helm.sh/charts/jetstack/cert-manager).

    ```plain
-    helm fetch jetstack/cert-manager --version v0.12.0
+    helm fetch jetstack/cert-manager --version v0.14.2
    ```

 1. Render the cert manager template with the options you would like to use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files.
@@ -128,7 +133,7 @@ Before you can perform the upgrade, you must prepare your air gapped environment
    The Helm 3 command is as follows:

    ```plain
-    helm template cert-manager ./cert-manager-v0.12.0.tgz --output-dir . \
+    helm template cert-manager ./cert-manager-v0.14.2.tgz --output-dir . \
    --namespace cert-manager \
    --set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
    --set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook
@@ -138,7 +143,7 @@ Before you can perform the upgrade, you must prepare your air gapped environment
    The Helm 2 command is as follows:

    ```plain
-    helm template ./cert-manager-v0.12.0.tgz --output-dir . \
+    helm template ./cert-manager-v0.14.2.tgz --output-dir . \
    --name cert-manager --namespace cert-manager \
    --set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
    --set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook
@@ -148,7 +153,7 @@ Before you can perform the upgrade, you must prepare your air gapped environment
 1. Download the required CRD file for cert-manager (old and new)

    ```plain
-    curl -L -o cert-manager/cert-manager-crd.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml
+    curl -L -o cert-manager/cert-manager-crd.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml
    curl -L -o cert-manager/cert-manager-crd-old.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-X.Y/deploy/manifests/00-crds.yaml
    ```

@@ -233,5 +238,7 @@ We have also removed support for the old configuration format that was deprecate

 Details about the change and migration instructions can be found in the [cert-manager v0.10 to v0.11 upgrade instructions](https://cert-manager.io/docs/installation/upgrading/upgrading-0.10-0.11/).

+Details about the change and migration instructions can be found in the [cert-manager v0.13 to v0.14 upgrade instructions](https://cert-manager.io/docs/installation/upgrading/upgrading-0.13-0.14/).
+
 More info about [cert-manager upgrade information](https://cert-manager.io/docs/installation/upgrading/).

@@ -8,6 +8,7 @@ Rancher uses cert-manager to automatically generate and renew TLS certificates f
 1. [Let's Encrypt will be blocking cert-manager instances older than 0.8.0 starting November 1st 2019.](https://community.letsencrypt.org/t/blocking-old-cert-manager-versions/98753)
 1. [Cert-manager is deprecating and replacing the certificate.spec.acme.solvers field](https://docs.cert-manager.io/en/latest/tasks/upgrading/upgrading-0.7-0.8.html#upgrading-from-v0-7-to-v0-8). This change has no exact deadline.
 1. [Cert-manager is deprecating `v1alpha1` API and replacing its API group](https://cert-manager.io/docs/installation/upgrading/upgrading-0.10-0.11/)
+1. [Cert-manager is changing the Deployment selector](https://cert-manager.io/docs/installation/upgrading/upgrading-0.13-0.14/)

 To address these changes, this guide will do two things:

@@ -27,6 +28,10 @@ To address these changes, this guide will do two things:

 ## Upgrade Cert-Manager Only 

+If you are running cert-manager version 0.11.x or above, please follow official [upgrading doc](https://cert-manager.io/docs/installation/upgrading/#upgrading-with-helm) to upgrade it using helm.
+
+Continue reading if you are comming from a cert-manager version older than 0.11
+
 > **Note:**
 > These instructions are applied if you have no plan to upgrade Rancher. 

@@ -74,7 +79,7 @@ In order to upgrade cert-manager, follow these instructions:
 1. Install the new version of cert-manager

    ```plain
-    helm install --version 0.12.0 --name cert-manager --namespace kube-system jetstack/cert-manager
+    helm install --version 0.14.2 --name cert-manager --namespace kube-system jetstack/cert-manager
    ```
 {{% /accordion %}}

@@ -95,13 +100,13 @@ Before you can perform the upgrade, you must prepare your air gapped environment
 1. Fetch the latest cert-manager chart available from the [Helm chart repository](https://hub.helm.sh/charts/jetstack/cert-manager).

    ```plain
-    helm fetch jetstack/cert-manager --version v0.12.0
+    helm fetch jetstack/cert-manager --version v0.14.2
    ```

 1. Render the cert manager template with the options you would like to use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files.

    ```plain
-    helm template ./cert-manager-v0.12.0.tgz --output-dir . \
+    helm template ./cert-manager-v0.14.2.tgz --output-dir . \
    --name cert-manager --namespace kube-system \
    --set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
    --set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook
@@ -180,4 +185,6 @@ We have also removed support for the old configuration format that was deprecate

 Details about the change and migration instructions can be found in the [cert-manager v0.10 to v0.11 upgrade instructions](https://cert-manager.io/docs/installation/upgrading/upgrading-0.10-0.11/).

+Details about the change and migration instructions can be found in the [cert-manager v0.13 to v0.14 upgrade instructions](https://cert-manager.io/docs/installation/upgrading/upgrading-0.13-0.14/).
+
 For information on upgrading from all other versions of cert-manager, refer to the [official documentation](https://cert-manager.io/docs/installation/upgrading/).
@@ -88,12 +88,12 @@ By default, Rancher generates a CA and uses cert-manager to issue the certificat
 1. Fetch the latest cert-manager chart available from the [Helm chart repository](https://hub.helm.sh/charts/jetstack/cert-manager).

   ```plain
-   helm fetch jetstack/cert-manager --version v0.12.0
+   helm fetch jetstack/cert-manager --version v0.14.2
   ```

 1. Render the cert manager template with the options you would like to use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files.
   ```plain
-   helm template cert-manager ./cert-manager-v0.12.0.tgz --output-dir . \
+   helm template cert-manager ./cert-manager-v0.14.2.tgz --output-dir . \
       --namespace cert-manager \
       --set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller \
       --set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook \
@@ -102,7 +102,7 @@ By default, Rancher generates a CA and uses cert-manager to issue the certificat

 1. Download the required CRD file for cert-manager
   ```plain
-   curl -L -o cert-manager/cert-manager-crd.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml
+   curl -L -o cert-manager/cert-manager-crd.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml
   ```
 1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools.

@@ -57,7 +57,7 @@ In a Kubernetes Install, if you elect to use the Rancher default self-signed TLS
    ```plain
    helm repo add jetstack https://charts.jetstack.io
    helm repo update
-    helm fetch jetstack/cert-manager --version v0.12.0
+    helm fetch jetstack/cert-manager --version v0.14.2
    helm template ./cert-manager-<version>.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt
    ```

@@ -227,7 +227,7 @@ The workstation must have Docker 18.02+ in order to support manifests, which are
      ```plain
      helm repo add jetstack https://charts.jetstack.io
      helm repo update
-      helm fetch jetstack/cert-manager --version v0.12.0
+      helm fetch jetstack/cert-manager --version v0.14.2
      helm template ./cert-manager-<version>.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt
      ```