diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index dae7618bccb..9f4b13db800 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -133,14 +133,14 @@ func Run(opts *config.ControllerConfiguration, stopCh <-chan struct{}) error { if err != nil { return fmt.Errorf("failed to listen on healthz address %s: %v", opts.HealthzListenAddress, err) } - healthzServer := healthz.NewServer(opts.HealthzLeaderElectionTimeout) + healthzServer := healthz.NewServer(opts.LeaderElectionConfig.HealthzTimeout) g.Go(func() error { log.V(logf.InfoLevel).Info("starting healthz server", "address", healthzListener.Addr()) return healthzServer.Start(rootCtx, healthzListener) }) elected := make(chan struct{}) - if opts.LeaderElect { + if opts.LeaderElectionConfig.Enabled { g.Go(func() error { log.V(logf.InfoLevel).Info("starting leader election") ctx, err := ctxFactory.Build("leader-election") @@ -241,7 +241,7 @@ func Run(opts *config.ControllerConfiguration, stopCh <-chan struct{}) error { func buildControllerContextFactory(ctx context.Context, opts *config.ControllerConfiguration) (*controller.ContextFactory, error) { log := logf.FromContext(ctx) - nameservers := opts.DNS01RecursiveNameservers + nameservers := opts.ACMEDNS01Config.RecursiveNameservers if len(nameservers) == 0 { nameservers = dnsutil.RecursiveNameservers } @@ -250,27 +250,27 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC WithValues("nameservers", nameservers). Info("configured acme dns01 nameservers") - http01SolverResourceRequestCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestCPU) + http01SolverResourceRequestCPU, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceRequestCPU) if err != nil { return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestCPU: %w", err) } - http01SolverResourceRequestMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestMemory) + http01SolverResourceRequestMemory, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceRequestMemory) if err != nil { return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestMemory: %w", err) } - http01SolverResourceLimitsCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsCPU) + http01SolverResourceLimitsCPU, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceLimitsCPU) if err != nil { return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsCPU: %w", err) } - http01SolverResourceLimitsMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsMemory) + http01SolverResourceLimitsMemory, err := resource.ParseQuantity(opts.ACMEHTTP01Config.SolverResourceLimitsMemory) if err != nil { return nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsMemory: %w", err) } - ACMEHTTP01SolverRunAsNonRoot := opts.ACMEHTTP01SolverRunAsNonRoot + ACMEHTTP01SolverRunAsNonRoot := opts.ACMEHTTP01Config.SolverRunAsNonRoot acmeAccountRegistry := accounts.NewDefaultRegistry() ctxFactory, err := controller.NewContextFactory(ctx, controller.ContextOptions{ @@ -290,13 +290,13 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC HTTP01SolverResourceLimitsCPU: http01SolverResourceLimitsCPU, HTTP01SolverResourceLimitsMemory: http01SolverResourceLimitsMemory, ACMEHTTP01SolverRunAsNonRoot: ACMEHTTP01SolverRunAsNonRoot, - HTTP01SolverImage: opts.ACMEHTTP01SolverImage, + HTTP01SolverImage: opts.ACMEHTTP01Config.SolverImage, // Allows specifying a list of custom nameservers to perform HTTP01 checks on. - HTTP01SolverNameservers: opts.ACMEHTTP01SolverNameservers, + HTTP01SolverNameservers: opts.ACMEHTTP01Config.SolverNameservers, DNS01Nameservers: nameservers, - DNS01CheckRetryPeriod: opts.DNS01CheckRetryPeriod, - DNS01CheckAuthoritative: !opts.DNS01RecursiveNameserversOnly, + DNS01CheckRetryPeriod: opts.ACMEDNS01Config.CheckRetryPeriod, + DNS01CheckAuthoritative: !opts.ACMEDNS01Config.RecursiveNameserversOnly, AccountRegistry: acmeAccountRegistry, }, @@ -312,10 +312,10 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC }, IngressShimOptions: controller.IngressShimOptions{ - DefaultIssuerName: opts.DefaultIssuerName, - DefaultIssuerKind: opts.DefaultIssuerKind, - DefaultIssuerGroup: opts.DefaultIssuerGroup, - DefaultAutoCertificateAnnotations: opts.DefaultAutoCertificateAnnotations, + DefaultIssuerName: opts.IngressShimConfig.DefaultIssuerName, + DefaultIssuerKind: opts.IngressShimConfig.DefaultIssuerKind, + DefaultIssuerGroup: opts.IngressShimConfig.DefaultIssuerGroup, + DefaultAutoCertificateAnnotations: opts.IngressShimConfig.DefaultAutoCertificateAnnotations, }, CertificateOptions: controller.CertificateOptions{ @@ -346,7 +346,7 @@ func startLeaderElection(ctx context.Context, opts *config.ControllerConfigurati // We only support leases for leader election. Previously we supported ConfigMap & Lease objects for leader // election. ml, err := resourcelock.New(resourcelock.LeasesResourceLock, - opts.LeaderElectionNamespace, + opts.LeaderElectionConfig.Namespace, lockName, leaderElectionClient.CoreV1(), leaderElectionClient.CoordinationV1(), @@ -359,9 +359,9 @@ func startLeaderElection(ctx context.Context, opts *config.ControllerConfigurati // Try and become the leader and start controller manager loops le, err := leaderelection.NewLeaderElector(leaderelection.LeaderElectionConfig{ Lock: ml, - LeaseDuration: opts.LeaderElectionLeaseDuration, - RenewDeadline: opts.LeaderElectionRenewDeadline, - RetryPeriod: opts.LeaderElectionRetryPeriod, + LeaseDuration: opts.LeaderElectionConfig.LeaseDuration, + RenewDeadline: opts.LeaderElectionConfig.RenewDeadline, + RetryPeriod: opts.LeaderElectionConfig.RetryPeriod, ReleaseOnCancel: true, Callbacks: callbacks, WatchDog: healthzAdaptor, diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 2bd6fac548b..827573b131b 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -83,22 +83,22 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { fs.StringVar(&c.Namespace, "namespace", c.Namespace, ""+ "If set, this limits the scope of cert-manager to a single namespace and ClusterIssuers are disabled. "+ "If not specified, all namespaces will be watched") - fs.BoolVar(&c.LeaderElect, "leader-elect", c.LeaderElect, ""+ + fs.BoolVar(&c.LeaderElectionConfig.Enabled, "leader-elect", c.LeaderElectionConfig.Enabled, ""+ "If true, cert-manager will perform leader election between instances to ensure no more "+ "than one instance of cert-manager operates at a time") - fs.StringVar(&c.LeaderElectionNamespace, "leader-election-namespace", c.LeaderElectionNamespace, ""+ + fs.StringVar(&c.LeaderElectionConfig.Namespace, "leader-election-namespace", c.LeaderElectionConfig.Namespace, ""+ "Namespace used to perform leader election. Only used if leader election is enabled") - fs.DurationVar(&c.LeaderElectionLeaseDuration, "leader-election-lease-duration", c.LeaderElectionLeaseDuration, ""+ + fs.DurationVar(&c.LeaderElectionConfig.LeaseDuration, "leader-election-lease-duration", c.LeaderElectionConfig.LeaseDuration, ""+ "The duration that non-leader candidates will wait after observing a leadership "+ "renewal until attempting to acquire leadership of a led but unrenewed leader "+ "slot. This is effectively the maximum duration that a leader can be stopped "+ "before it is replaced by another candidate. This is only applicable if leader "+ "election is enabled.") - fs.DurationVar(&c.LeaderElectionRenewDeadline, "leader-election-renew-deadline", c.LeaderElectionRenewDeadline, ""+ + fs.DurationVar(&c.LeaderElectionConfig.RenewDeadline, "leader-election-renew-deadline", c.LeaderElectionConfig.RenewDeadline, ""+ "The interval between attempts by the acting master to renew a leadership slot "+ "before it stops leading. This must be less than or equal to the lease duration. "+ "This is only applicable if leader election is enabled.") - fs.DurationVar(&c.LeaderElectionRetryPeriod, "leader-election-retry-period", c.LeaderElectionRetryPeriod, ""+ + fs.DurationVar(&c.LeaderElectionConfig.RetryPeriod, "leader-election-retry-period", c.LeaderElectionConfig.RetryPeriod, ""+ "The duration the clients should wait between attempting acquisition and renewal "+ "of a leadership. This is only applicable if leader election is enabled.") @@ -109,32 +109,32 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { "'foo'.\nAll controllers: %s", strings.Join(defaults.AllControllers, ", "))) + fs.StringVar(&c.ACMEHTTP01Config.SolverImage, "acme-http01-solver-image", c.ACMEHTTP01Config.SolverImage, ""+ + "The docker image to use to solve ACME HTTP01 challenges. You most likely will not "+ + "need to change this parameter unless you are testing a new feature or developing cert-manager.") + // HTTP-01 solver pod configuration via flags is a now deprecated // mechanism- please use pod template instead when adding any new // configuration options // https://github.com/cert-manager/cert-manager/blob/f1d7c432763100c3fb6eb6a1654d29060b479b3c/pkg/apis/acme/v1/types_issuer.go#L270 // These flags however will not be deprecated for backwards compatibility purposes. - fs.StringVar(&c.ACMEHTTP01SolverImage, "acme-http01-solver-image", c.ACMEHTTP01SolverImage, ""+ - "The docker image to use to solve ACME HTTP01 challenges. You most likely will not "+ - "need to change this parameter unless you are testing a new feature or developing cert-manager.") - - fs.StringVar(&c.ACMEHTTP01SolverResourceRequestCPU, "acme-http01-solver-resource-request-cpu", c.ACMEHTTP01SolverResourceRequestCPU, ""+ + fs.StringVar(&c.ACMEHTTP01Config.SolverResourceRequestCPU, "acme-http01-solver-resource-request-cpu", c.ACMEHTTP01Config.SolverResourceRequestCPU, ""+ "Defines the resource request CPU size when spawning new ACME HTTP01 challenge solver pods.") - fs.StringVar(&c.ACMEHTTP01SolverResourceRequestMemory, "acme-http01-solver-resource-request-memory", c.ACMEHTTP01SolverResourceRequestMemory, ""+ + fs.StringVar(&c.ACMEHTTP01Config.SolverResourceRequestMemory, "acme-http01-solver-resource-request-memory", c.ACMEHTTP01Config.SolverResourceRequestMemory, ""+ "Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods.") - fs.StringVar(&c.ACMEHTTP01SolverResourceLimitsCPU, "acme-http01-solver-resource-limits-cpu", c.ACMEHTTP01SolverResourceLimitsCPU, ""+ + fs.StringVar(&c.ACMEHTTP01Config.SolverResourceLimitsCPU, "acme-http01-solver-resource-limits-cpu", c.ACMEHTTP01Config.SolverResourceLimitsCPU, ""+ "Defines the resource limits CPU size when spawning new ACME HTTP01 challenge solver pods.") - fs.StringVar(&c.ACMEHTTP01SolverResourceLimitsMemory, "acme-http01-solver-resource-limits-memory", c.ACMEHTTP01SolverResourceLimitsMemory, ""+ + fs.StringVar(&c.ACMEHTTP01Config.SolverResourceLimitsMemory, "acme-http01-solver-resource-limits-memory", c.ACMEHTTP01Config.SolverResourceLimitsMemory, ""+ "Defines the resource limits Memory size when spawning new ACME HTTP01 challenge solver pods.") - fs.BoolVar(&c.ACMEHTTP01SolverRunAsNonRoot, "acme-http01-solver-run-as-non-root", c.ACMEHTTP01SolverRunAsNonRoot, ""+ + fs.BoolVar(&c.ACMEHTTP01Config.SolverRunAsNonRoot, "acme-http01-solver-run-as-non-root", c.ACMEHTTP01Config.SolverRunAsNonRoot, ""+ "Defines the ability to run the http01 solver as root for troubleshooting issues") - fs.StringSliceVar(&c.ACMEHTTP01SolverNameservers, "acme-http01-solver-nameservers", - c.ACMEHTTP01SolverNameservers, "A list of comma separated dns server endpoints used for "+ + fs.StringSliceVar(&c.ACMEHTTP01Config.SolverNameservers, "acme-http01-solver-nameservers", + c.ACMEHTTP01Config.SolverNameservers, "A list of comma separated dns server endpoints used for "+ "ACME HTTP01 check requests. This should be a list containing host and "+ "port, for example 8.8.8.8:53,8.8.4.4:53") @@ -146,29 +146,31 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { "Whether an issuer may make use of ambient credentials. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the Issuer API object. "+ "When this flag is enabled, the following sources for credentials are also used: "+ "AWS - All sources the Go SDK defaults to, notably including any EC2 IAM roles available via instance metadata.") - fs.StringSliceVar(&c.DefaultAutoCertificateAnnotations, "auto-certificate-annotations", c.DefaultAutoCertificateAnnotations, ""+ - "The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate") - fs.StringVar(&c.DefaultIssuerName, "default-issuer-name", c.DefaultIssuerName, ""+ + fs.StringSliceVar(&c.IngressShimConfig.DefaultAutoCertificateAnnotations, "auto-certificate-annotations", c.IngressShimConfig.DefaultAutoCertificateAnnotations, ""+ + "The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate") + fs.StringVar(&c.IngressShimConfig.DefaultIssuerName, "default-issuer-name", c.IngressShimConfig.DefaultIssuerName, ""+ "Name of the Issuer to use when the tls is requested but issuer name is not specified on the ingress resource.") - fs.StringVar(&c.DefaultIssuerKind, "default-issuer-kind", c.DefaultIssuerKind, ""+ + fs.StringVar(&c.IngressShimConfig.DefaultIssuerKind, "default-issuer-kind", c.IngressShimConfig.DefaultIssuerKind, ""+ "Kind of the Issuer to use when the tls is requested but issuer kind is not specified on the ingress resource.") - fs.StringVar(&c.DefaultIssuerGroup, "default-issuer-group", c.DefaultIssuerGroup, ""+ + fs.StringVar(&c.IngressShimConfig.DefaultIssuerGroup, "default-issuer-group", c.IngressShimConfig.DefaultIssuerGroup, ""+ "Group of the Issuer to use when the tls is requested but issuer group is not specified on the ingress resource.") - fs.StringSliceVar(&c.DNS01RecursiveNameservers, "dns01-recursive-nameservers", - []string{}, "A list of comma separated dns server endpoints used for DNS01 and DNS-over-HTTPS (DoH) check requests. "+ + fs.StringSliceVar(&c.ACMEDNS01Config.RecursiveNameservers, "dns01-recursive-nameservers", + c.ACMEDNS01Config.RecursiveNameservers, "A list of comma separated dns server endpoints used for DNS01 and DNS-over-HTTPS (DoH) check requests. "+ "This should be a list containing entries of the following formats: `:` or `https://`. "+ "For example: `8.8.8.8:53,8.8.4.4:53` or `https://1.1.1.1/dns-query,https://8.8.8.8/dns-query`. "+ "To make sure ALL DNS requests happen through DoH, `dns01-recursive-nameservers-only` should also be set to true.") - - fs.BoolVar(&c.DNS01RecursiveNameserversOnly, "dns01-recursive-nameservers-only", - c.DNS01RecursiveNameserversOnly, + fs.BoolVar(&c.ACMEDNS01Config.RecursiveNameserversOnly, "dns01-recursive-nameservers-only", + c.ACMEDNS01Config.RecursiveNameserversOnly, "When true, cert-manager will only ever query the configured DNS resolvers "+ "to perform the ACME DNS01 self check. This is useful in DNS constrained "+ "environments, where access to authoritative nameservers is restricted. "+ "Enabling this option could cause the DNS01 self check to take longer "+ "due to caching performed by the recursive nameservers.") + fs.DurationVar(&c.ACMEDNS01Config.CheckRetryPeriod, "dns01-check-retry-period", c.ACMEDNS01Config.CheckRetryPeriod, ""+ + "The duration the controller should wait between a propagation check. Despite the name, this flag is used to configure the wait period for both DNS01 and HTTP01 challenge propagation checks. For DNS01 challenges the propagation check verifies that a TXT record with the challenge token has been created. For HTTP01 challenges the propagation check verifies that the challenge token is served at the challenge URL."+ + "This should be a valid duration string, for example 180s or 1h") fs.BoolVar(&c.EnableCertificateOwnerRef, "enable-certificate-owner-ref", c.EnableCertificateOwnerRef, ""+ "Whether to set the certificate resource as an owner of secret where the tls certificate is stored. "+ @@ -184,9 +186,6 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { "The number of concurrent workers for each controller.") fs.IntVar(&c.MaxConcurrentChallenges, "max-concurrent-challenges", c.MaxConcurrentChallenges, ""+ "The maximum number of challenges that can be scheduled as 'processing' at once.") - fs.DurationVar(&c.DNS01CheckRetryPeriod, "dns01-check-retry-period", c.DNS01CheckRetryPeriod, ""+ - "The duration the controller should wait between a propagation check. Despite the name, this flag is used to configure the wait period for both DNS01 and HTTP01 challenge propagation checks. For DNS01 challenges the propagation check verifies that a TXT record with the challenge token has been created. For HTTP01 challenges the propagation check verifies that the challenge token is served at the challenge URL."+ - "This should be a valid duration string, for example 180s or 1h") fs.StringVar(&c.MetricsListenAddress, "metrics-listen-address", c.MetricsListenAddress, ""+ "The host and port that the metrics endpoint should listen on.") @@ -208,7 +207,8 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { "The host and port that the healthz server should listen on. "+ "The healthz server serves the /livez endpoint, which is called by the LivenessProbe.") fs.MarkHidden("internal-healthz-listen-address") - fs.DurationVar(&c.HealthzLeaderElectionTimeout, "internal-healthz-leader-election-timeout", c.HealthzLeaderElectionTimeout, ""+ + + fs.DurationVar(&c.LeaderElectionConfig.HealthzTimeout, "internal-healthz-leader-election-timeout", c.LeaderElectionConfig.HealthzTimeout, ""+ "Leader election healthz checks within this timeout period after the lease expires will still return healthy") fs.MarkHidden("internal-healthz-leader-election-timeout") diff --git a/cmd/controller/app/options/options_test.go b/cmd/controller/app/options/options_test.go index ea3198d9eb4..b72873e1677 100644 --- a/cmd/controller/app/options/options_test.go +++ b/cmd/controller/app/options/options_test.go @@ -96,8 +96,7 @@ func TestValidate(t *testing.T) { for name, test := range tests { t.Run(name, func(t *testing.T) { o, _ := NewControllerConfiguration() - o.DNS01RecursiveNameservers = test.DNS01RecursiveServers - //defaults.SetDefaults_ControllerConfiguration(o) + o.ACMEDNS01Config.RecursiveNameservers = test.DNS01RecursiveServers err := validation.ValidateControllerConfiguration(o) if test.expError != "" { diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index d6b28499585..d118180c918 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -129,7 +129,8 @@ config: # logging: # verbosity: 2 # format: text -# leaderElectionNamespace: kube-system +# leaderElectionConfig: +# namespace: kube-system # kubernetesAPIQPS: 9000 # kubernetesAPIBurst: 9000 # numberOfConcurrentWorkers: 200 diff --git a/internal/apis/config/controller/fuzzer/fuzzer.go b/internal/apis/config/controller/fuzzer/fuzzer.go index 4d54039a09d..4670c7c6116 100644 --- a/internal/apis/config/controller/fuzzer/fuzzer.go +++ b/internal/apis/config/controller/fuzzer/fuzzer.go @@ -40,33 +40,33 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} { s.KubernetesAPIBurst = 10 s.ClusterResourceNamespace = "defaultClusterResourceNamespace" s.Namespace = "defaultNamespace" - s.LeaderElect = true - s.LeaderElectionNamespace = "defaultLeaderElectionNamespace" - s.LeaderElectionLeaseDuration = defaultTime - s.LeaderElectionRenewDeadline = defaultTime - s.LeaderElectionRetryPeriod = defaultTime + s.LeaderElectionConfig.Enabled = true + s.LeaderElectionConfig.Namespace = "defaultLeaderElectionNamespace" + s.LeaderElectionConfig.LeaseDuration = defaultTime + s.LeaderElectionConfig.RenewDeadline = defaultTime + s.LeaderElectionConfig.RetryPeriod = defaultTime s.Controllers = []string{"*"} - s.ACMEHTTP01SolverImage = "defaultACMEHTTP01SolverImage" - s.ACMEHTTP01SolverResourceRequestCPU = "10m" - s.ACMEHTTP01SolverResourceRequestMemory = "64Mi" - s.ACMEHTTP01SolverResourceLimitsCPU = "100m" - s.ACMEHTTP01SolverResourceLimitsMemory = "64Mi" - s.ACMEHTTP01SolverRunAsNonRoot = true - s.ACMEHTTP01SolverNameservers = []string{"8.8.8.8:53"} + s.ACMEHTTP01Config.SolverImage = "defaultACMEHTTP01SolverImage" + s.ACMEHTTP01Config.SolverResourceRequestCPU = "10m" + s.ACMEHTTP01Config.SolverResourceRequestMemory = "64Mi" + s.ACMEHTTP01Config.SolverResourceLimitsCPU = "100m" + s.ACMEHTTP01Config.SolverResourceLimitsMemory = "64Mi" + s.ACMEHTTP01Config.SolverRunAsNonRoot = true + s.ACMEHTTP01Config.SolverNameservers = []string{"8.8.8.8:53"} s.ClusterIssuerAmbientCredentials = true s.IssuerAmbientCredentials = true - s.DefaultIssuerName = "defaultTLSACMEIssuerName" - s.DefaultIssuerKind = "defaultIssuerKind" - s.DefaultIssuerGroup = "defaultTLSACMEIssuerGroup" - s.DefaultAutoCertificateAnnotations = []string{"kubernetes.io/tls-acme"} - s.DNS01RecursiveNameservers = []string{"8.8.8.8:53"} + s.IngressShimConfig.DefaultIssuerName = "defaultTLSACMEIssuerName" + s.IngressShimConfig.DefaultIssuerKind = "defaultIssuerKind" + s.IngressShimConfig.DefaultIssuerGroup = "defaultTLSACMEIssuerGroup" + s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"kubernetes.io/tls-acme"} + s.ACMEDNS01Config.RecursiveNameservers = []string{"8.8.8.8:53"} + s.ACMEDNS01Config.RecursiveNameserversOnly = true s.EnableCertificateOwnerRef = true - s.DNS01RecursiveNameserversOnly = true s.NumberOfConcurrentWorkers = 1 s.MaxConcurrentChallenges = 1 s.MetricsListenAddress = "0.0.0.0:9402" s.HealthzListenAddress = "0.0.0.0:9402" - s.HealthzLeaderElectionTimeout = defaultTime + s.LeaderElectionConfig.HealthzTimeout = defaultTime s.EnablePprof = true s.PprofAddress = "something:1234" temp := logs.NewOptions() diff --git a/internal/apis/config/controller/types.go b/internal/apis/config/controller/types.go index 99e7a77042e..509ef697335 100644 --- a/internal/apis/config/controller/types.go +++ b/internal/apis/config/controller/types.go @@ -22,7 +22,6 @@ import ( "k8s.io/component-base/logs" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - //"k8s.io/kubectl/pkg/cmd/logs" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -43,36 +42,16 @@ type ControllerConfiguration struct { // The maximum burst queries-per-second of requests sent to the Kubernetes apiserver KubernetesAPIBurst int - // Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. - ClusterResourceNamespace string - // If set, this limits the scope of cert-manager to a single namespace and // ClusterIssuers are disabled. If not specified, all namespaces will be // watched" Namespace string - // If true, cert-manager will perform leader election between instances to - // ensure no more than one instance of cert-manager operates at a time - LeaderElect bool - - //Namespace used to perform leader election. Only used if leader election is enabled - LeaderElectionNamespace string - - // The duration that non-leader candidates will wait after observing a leadership - // renewal until attempting to acquire leadership of a led but unrenewed leader - // slot. This is effectively the maximum duration that a leader can be stopped - // before it is replaced by another candidate. This is only applicable if leader - // election is enabled. - LeaderElectionLeaseDuration time.Duration + // Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. + ClusterResourceNamespace string - // The interval between attempts by the acting master to renew a leadership slot - // before it stops leading. This must be less than or equal to the lease duration. - // This is only applicable if leader election is enabled. - LeaderElectionRenewDeadline time.Duration - - // The duration the clients should wait between attempting acquisition and renewal - // of a leadership. This is only applicable if leader election is enabled. - LeaderElectionRetryPeriod time.Duration + // LeaderElectionConfig configures the behaviour of the leader election + LeaderElectionConfig LeaderElectionConfig // A list of controllers to enable. // ['*'] enables all controllers, @@ -80,41 +59,13 @@ type ControllerConfiguration struct { // ['*', '-foo'] disables the controller named foo. Controllers []string - // HTTP-01 solver pod configuration via flags is a now deprecated - // mechanism- please use pod template instead when adding any new - // configuration options - // https://github.com/cert-manager/cert-manager/blob/f1d7c432763100c3fb6eb6a1654d29060b479b3c/pkg/apis/acme/v1/types_issuer.go#L270 - // These flags however will not be deprecated for backwards compatibility purposes. - // The Docker image to use to solve ACME HTTP01 challenges. You most likely - // will not need to change this parameter unless you are testing a new - // feature or developing cert-manager. - ACMEHTTP01SolverImage string - - // Defines the resource request CPU size when spawning new ACME HTTP01 - // challenge solver pods. - ACMEHTTP01SolverResourceRequestCPU string - - //Defines the resource request Memory size when spawning new ACME HTTP01 - //challenge solver pods. - ACMEHTTP01SolverResourceRequestMemory string - - //Defines the resource limits CPU size when spawning new ACME HTTP01 - //challenge solver pods. - ACMEHTTP01SolverResourceLimitsCPU string - - // Defines the resource limits Memory size when spawning new ACME HTTP01 - // challenge solver pods. - ACMEHTTP01SolverResourceLimitsMemory string - - // Defines the ability to run the http01 solver as root for troubleshooting - // issues - ACMEHTTP01SolverRunAsNonRoot bool - - // A list of comma separated dns server endpoints used for - // ACME HTTP01 check requests. This should be a list containing host and - // port, for example ["8.8.8.8:53","8.8.4.4:53"] - // Allows specifying a list of custom nameservers to perform HTTP01 checks on. - ACMEHTTP01SolverNameservers []string + // Whether an issuer may make use of ambient credentials. 'Ambient + // Credentials' are credentials drawn from the environment, metadata services, + // or local files which are not explicitly configured in the Issuer API + // object. When this flag is enabled, the following sources for + // credentials are also used: AWS - All sources the Go SDK defaults to, + // notably including any EC2 IAM roles available via instance metadata. + IssuerAmbientCredentials bool // Whether a cluster-issuer may make use of ambient credentials for issuers. // 'Ambient Credentials' are credentials drawn from the environment, metadata @@ -124,14 +75,89 @@ type ControllerConfiguration struct { // notably including any EC2 IAM roles available via instance metadata. ClusterIssuerAmbientCredentials bool - // Whether an issuer may make use of ambient credentials. 'Ambient - // Credentials' are credentials drawn from the environment, metadata services, - // or local files which are not explicitly configured in the Issuer API - // object. When this flag is enabled, the following sources for - // credentials are also used: AWS - All sources the Go SDK defaults to, - // notably including any EC2 IAM roles available via instance metadata. - IssuerAmbientCredentials bool + // Whether to set the certificate resource as an owner of secret where the + // tls certificate is stored. When this flag is enabled, the secret will be + // automatically removed when the certificate resource is deleted. + EnableCertificateOwnerRef bool + + // Specify which annotations should/shouldn't be copied from Certificate to + // CertificateRequest and Order, as well as from CertificateSigningRequest to + // Order, by passing a list of annotation key prefixes. A prefix starting with + // a dash(-) specifies an annotation that shouldn't be copied. Example: + // '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the + // ones where the key is prefixed with 'kubectl.kubernetes.io/'. + CopiedAnnotationPrefixes []string + + // The number of concurrent workers for each controller. + NumberOfConcurrentWorkers int + + // The maximum number of challenges that can be scheduled as 'processing' at once. + MaxConcurrentChallenges int + + // The host and port that the metrics endpoint should listen on. + MetricsListenAddress string + + // The host and port address, separated by a ':', that the healthz server + // should listen on. + HealthzListenAddress string + + // Enable profiling for controller. + EnablePprof bool + + // The host and port that Go profiler should listen on, i.e localhost:6060. + // Ensure that profiler is not exposed on a public address. Profiler will be + // served at /debug/pprof. + PprofAddress string + + // https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration + Logging logs.Options + + // featureGates is a map of feature names to bools that enable or disable experimental + // features. + // Default: nil + // +optional + FeatureGates map[string]bool + + // IngressShimConfig configures the behaviour of the ingress-shim controller + IngressShimConfig IngressShimConfig + // ACMEHTTP01Config configures the behaviour of the ACME HTTP01 challenge solver + ACMEHTTP01Config ACMEHTTP01Config + + // ACMEDNS01Config configures the behaviour of the ACME DNS01 challenge solver + ACMEDNS01Config ACMEDNS01Config +} + +type LeaderElectionConfig struct { + // If true, cert-manager will perform leader election between instances to + // ensure no more than one instance of cert-manager operates at a time + Enabled bool + + // Namespace used to perform leader election. Only used if leader election is enabled + Namespace string + + // The duration that non-leader candidates will wait after observing a leadership + // renewal until attempting to acquire leadership of a led but unrenewed leader + // slot. This is effectively the maximum duration that a leader can be stopped + // before it is replaced by another candidate. This is only applicable if leader + // election is enabled. + LeaseDuration time.Duration + + // The interval between attempts by the acting master to renew a leadership slot + // before it stops leading. This must be less than or equal to the lease duration. + // This is only applicable if leader election is enabled. + RenewDeadline time.Duration + + // The duration the clients should wait between attempting acquisition and renewal + // of a leadership. This is only applicable if leader election is enabled. + RetryPeriod time.Duration + + // Leader election healthz checks within this timeout period after the lease + // expires will still return healthy. + HealthzTimeout time.Duration +} + +type IngressShimConfig struct { // Default issuer/certificates details consumed by ingress-shim // Name of the Issuer to use when the tls is requested but issuer name is // not specified on the ingress resource. @@ -148,52 +174,55 @@ type ControllerConfiguration struct { // The annotation consumed by the ingress-shim controller to indicate a ingress // is requesting a certificate DefaultAutoCertificateAnnotations []string +} + +type ACMEHTTP01Config struct { + // The Docker image to use to solve ACME HTTP01 challenges. You most likely + // will not need to change this parameter unless you are testing a new + // feature or developing cert-manager. + SolverImage string + + // Defines the resource request CPU size when spawning new ACME HTTP01 + // challenge solver pods. + SolverResourceRequestCPU string + + // Defines the resource request Memory size when spawning new ACME HTTP01 + // challenge solver pods. + SolverResourceRequestMemory string + + // Defines the resource limits CPU size when spawning new ACME HTTP01 + // challenge solver pods. + SolverResourceLimitsCPU string + + // Defines the resource limits Memory size when spawning new ACME HTTP01 + // challenge solver pods. + SolverResourceLimitsMemory string + + // Defines the ability to run the http01 solver as root for troubleshooting + // issues + SolverRunAsNonRoot bool + + // A list of comma separated dns server endpoints used for + // ACME HTTP01 check requests. This should be a list containing host and + // port, for example ["8.8.8.8:53","8.8.4.4:53"] + // Allows specifying a list of custom nameservers to perform HTTP01 checks on. + SolverNameservers []string +} +type ACMEDNS01Config struct { // Each nameserver can be either the IP address and port of a standard // recursive DNS server, or the endpoint to an RFC 8484 DNS over HTTPS // endpoint. For example, the following values are valid: // - "8.8.8.8:53" (Standard DNS) // - "https://1.1.1.1/dns-query" (DNS over HTTPS) - DNS01RecursiveNameservers []string + RecursiveNameservers []string // When true, cert-manager will only ever query the configured DNS resolvers // to perform the ACME DNS01 self check. This is useful in DNS constrained // environments, where access to authoritative nameservers is restricted. // Enabling this option could cause the DNS01 self check to take longer // due to caching performed by the recursive nameservers. - DNS01RecursiveNameserversOnly bool - - // Whether to set the certificate resource as an owner of secret where the - // tls certificate is stored. When this flag is enabled, the secret will be - // automatically removed when the certificate resource is deleted. - EnableCertificateOwnerRef bool - - // The number of concurrent workers for each controller. - NumberOfConcurrentWorkers int - - // The maximum number of challenges that can be scheduled as 'processing' at once. - MaxConcurrentChallenges int - - // The host and port that the metrics endpoint should listen on. - MetricsListenAddress string - - // The host and port address, separated by a ':', that the healthz server - // should listen on. - HealthzListenAddress string - - // Leader election healthz checks within this timeout period after the lease - // expires will still return healthy. - HealthzLeaderElectionTimeout time.Duration - - // The host and port that Go profiler should listen on, i.e localhost:6060. - // Ensure that profiler is not exposed on a public address. Profiler will be - // served at /debug/pprof. - PprofAddress string - - // Enable profiling for controller. - EnablePprof bool - - Logging logs.Options + RecursiveNameserversOnly bool // The duration the controller should wait between a propagation check. Despite // the name, this flag is used to configure the wait period for both DNS01 and @@ -202,19 +231,5 @@ type ControllerConfiguration struct { // For HTTP01 challenges the propagation check verifies that the challenge // token is served at the challenge URL. This should be a valid duration // string, for example 180s or 1h - DNS01CheckRetryPeriod time.Duration - - // Specify which annotations should/shouldn't be copied from Certificate to - // CertificateRequest and Order, as well as from CertificateSigningRequest to - // Order, by passing a list of annotation key prefixes. A prefix starting with - // a dash(-) specifies an annotation that shouldn't be copied. Example: - // '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the - // ones where the key is prefixed with 'kubectl.kubernetes.io/'. - CopiedAnnotationPrefixes []string - - // featureGates is a map of feature names to bools that enable or disable experimental - // features. - // Default: nil - // +optional - FeatureGates map[string]bool + CheckRetryPeriod time.Duration } diff --git a/internal/apis/config/controller/v1alpha1/defaults.go b/internal/apis/config/controller/v1alpha1/defaults.go index 9e70398eaf5..d42803147a6 100644 --- a/internal/apis/config/controller/v1alpha1/defaults.go +++ b/internal/apis/config/controller/v1alpha1/defaults.go @@ -83,6 +83,7 @@ var ( defaultDNS01RecursiveNameserversOnly = false defaultDNS01RecursiveNameservers = []string{} + defaultDNS01CheckRetryPeriod = 10 * time.Second defaultNumberOfConcurrentWorkers int32 = 5 defaultMaxConcurrentChallenges int32 = 60 @@ -96,7 +97,6 @@ var ( defaultHealthzLeaderElectionTimeout = 20 * time.Second // default time period to wait between checking DNS01 and HTTP01 challenge propagation - defaultDNS01CheckRetryPeriod = 10 * time.Second defaultACMEHTTP01SolverImage = fmt.Sprintf("quay.io/jetstack/cert-manager-acmesolver:%s", util.AppVersion) defaultACMEHTTP01SolverResourceRequestCPU = "10m" defaultACMEHTTP01SolverResourceRequestMemory = "64Mi" @@ -191,75 +191,91 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration) obj.KubernetesAPIBurst = &defaultKubernetesAPIBurst } + if obj.Namespace == "" { + obj.Namespace = defaultNamespace + } + if obj.ClusterResourceNamespace == "" { obj.ClusterResourceNamespace = defaultClusterResourceNamespace } - if obj.Namespace == "" { - obj.Namespace = defaultNamespace + if len(obj.Controllers) == 0 { + obj.Controllers = []string{"*"} } - if obj.LeaderElect == nil { - obj.LeaderElect = &defaultLeaderElect + if obj.IssuerAmbientCredentials == nil { + obj.IssuerAmbientCredentials = &defaultIssuerAmbientCredentials } - if obj.LeaderElectionNamespace == "" { - obj.LeaderElectionNamespace = defaultLeaderElectionNamespace + if obj.ClusterIssuerAmbientCredentials == nil { + obj.ClusterIssuerAmbientCredentials = &defaultClusterIssuerAmbientCredentials } - // TODO: Does it make sense to have a duration of 0? - if obj.LeaderElectionLeaseDuration == time.Duration(0) { - obj.LeaderElectionLeaseDuration = defaultLeaderElectionLeaseDuration + if obj.EnableCertificateOwnerRef == nil { + obj.EnableCertificateOwnerRef = &defaultEnableCertificateOwnerRef + } + + if len(obj.CopiedAnnotationPrefixes) == 0 { + obj.CopiedAnnotationPrefixes = defaultCopiedAnnotationPrefixes } - if obj.LeaderElectionRenewDeadline == time.Duration(0) { - obj.LeaderElectionRenewDeadline = defaultLeaderElectionRenewDeadline + if obj.NumberOfConcurrentWorkers == nil { + obj.NumberOfConcurrentWorkers = &defaultNumberOfConcurrentWorkers } - if obj.LeaderElectionRetryPeriod == time.Duration(0) { - obj.LeaderElectionRetryPeriod = defaultLeaderElectionRetryPeriod + if obj.MaxConcurrentChallenges == nil { + obj.MaxConcurrentChallenges = &defaultMaxConcurrentChallenges } - if len(obj.Controllers) == 0 { - obj.Controllers = []string{"*"} + if obj.MetricsListenAddress == "" { + obj.MetricsListenAddress = defaultPrometheusMetricsServerAddress + } + + if obj.HealthzListenAddress == "" { + obj.HealthzListenAddress = defaultHealthzServerAddress } - if obj.ACMEHTTP01SolverImage == "" { - obj.ACMEHTTP01SolverImage = defaultACMEHTTP01SolverImage + if obj.EnablePprof == nil { + obj.EnablePprof = &defaultEnableProfiling } - if obj.ACMEHTTP01SolverResourceRequestCPU == "" { - obj.ACMEHTTP01SolverResourceRequestCPU = defaultACMEHTTP01SolverResourceRequestCPU + if obj.PprofAddress == "" { + obj.PprofAddress = defaultProfilerAddr } - if obj.ACMEHTTP01SolverResourceRequestMemory == "" { - obj.ACMEHTTP01SolverResourceRequestMemory = defaultACMEHTTP01SolverResourceRequestMemory + if obj.Logging == nil { + obj.Logging = defaultLogging } +} - if obj.ACMEHTTP01SolverResourceLimitsCPU == "" { - obj.ACMEHTTP01SolverResourceLimitsCPU = defaultACMEHTTP01SolverResourceLimitsCPU +func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) { + if obj.Enabled == nil { + obj.Enabled = &defaultLeaderElect } - if obj.ACMEHTTP01SolverResourceLimitsMemory == "" { - obj.ACMEHTTP01SolverResourceLimitsMemory = defaultACMEHTTP01SolverResourceLimitsMemory + if obj.Namespace == "" { + obj.Namespace = defaultLeaderElectionNamespace } - if obj.ACMEHTTP01SolverRunAsNonRoot == nil { - obj.ACMEHTTP01SolverRunAsNonRoot = &defaultACMEHTTP01SolverRunAsNonRoot + // TODO: Does it make sense to have a duration of 0? + if obj.LeaseDuration == time.Duration(0) { + obj.LeaseDuration = defaultLeaderElectionLeaseDuration } - if len(obj.ACMEHTTP01SolverNameservers) == 0 { - obj.ACMEHTTP01SolverNameservers = defaultACMEHTTP01SolverNameservers + if obj.RenewDeadline == time.Duration(0) { + obj.RenewDeadline = defaultLeaderElectionRenewDeadline } - if obj.ClusterIssuerAmbientCredentials == nil { - obj.ClusterIssuerAmbientCredentials = &defaultClusterIssuerAmbientCredentials + if obj.RetryPeriod == time.Duration(0) { + obj.RetryPeriod = defaultLeaderElectionRetryPeriod } - if obj.IssuerAmbientCredentials == nil { - obj.IssuerAmbientCredentials = &defaultIssuerAmbientCredentials + if obj.HealthzTimeout == time.Duration(0) { + obj.HealthzTimeout = defaultHealthzLeaderElectionTimeout } +} +func SetDefaults_IngressShimConfig(obj *v1alpha1.IngressShimConfig) { if obj.DefaultIssuerName == "" { obj.DefaultIssuerName = defaultTLSACMEIssuerName } @@ -275,50 +291,49 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration) if len(obj.DefaultAutoCertificateAnnotations) == 0 { obj.DefaultAutoCertificateAnnotations = defaultAutoCertificateAnnotations } +} - if len(obj.DNS01RecursiveNameservers) == 0 { - obj.DNS01RecursiveNameservers = defaultDNS01RecursiveNameservers - } - - if obj.EnableCertificateOwnerRef == nil { - obj.EnableCertificateOwnerRef = &defaultEnableCertificateOwnerRef +func SetDefaults_ACMEHTTP01Config(obj *v1alpha1.ACMEHTTP01Config) { + if obj.SolverImage == "" { + obj.SolverImage = defaultACMEHTTP01SolverImage } - if obj.DNS01RecursiveNameserversOnly == nil { - obj.DNS01RecursiveNameserversOnly = &defaultDNS01RecursiveNameserversOnly + if obj.SolverResourceRequestCPU == "" { + obj.SolverResourceRequestCPU = defaultACMEHTTP01SolverResourceRequestCPU } - if obj.NumberOfConcurrentWorkers == nil { - obj.NumberOfConcurrentWorkers = &defaultNumberOfConcurrentWorkers + if obj.SolverResourceRequestMemory == "" { + obj.SolverResourceRequestMemory = defaultACMEHTTP01SolverResourceRequestMemory } - if obj.MaxConcurrentChallenges == nil { - obj.MaxConcurrentChallenges = &defaultMaxConcurrentChallenges + if obj.SolverResourceLimitsCPU == "" { + obj.SolverResourceLimitsCPU = defaultACMEHTTP01SolverResourceLimitsCPU } - if obj.MetricsListenAddress == "" { - obj.MetricsListenAddress = defaultPrometheusMetricsServerAddress + if obj.SolverResourceLimitsMemory == "" { + obj.SolverResourceLimitsMemory = defaultACMEHTTP01SolverResourceLimitsMemory } - if obj.HealthzListenAddress == "" { - obj.HealthzListenAddress = defaultHealthzServerAddress + if obj.SolverRunAsNonRoot == nil { + obj.SolverRunAsNonRoot = &defaultACMEHTTP01SolverRunAsNonRoot } - if obj.EnablePprof == nil { - obj.EnablePprof = &defaultEnableProfiling + if len(obj.SolverNameservers) == 0 { + obj.SolverNameservers = defaultACMEHTTP01SolverNameservers } - if obj.PprofAddress == "" { - obj.PprofAddress = defaultProfilerAddr +} +func SetDefaults_ACMEDNS01Config(obj *v1alpha1.ACMEDNS01Config) { + if len(obj.RecursiveNameservers) == 0 { + obj.RecursiveNameservers = defaultDNS01RecursiveNameservers } - if obj.Logging == nil { - obj.Logging = defaultLogging + if obj.RecursiveNameserversOnly == nil { + obj.RecursiveNameserversOnly = &defaultDNS01RecursiveNameserversOnly } - if len(obj.CopiedAnnotationPrefixes) == 0 { - obj.CopiedAnnotationPrefixes = defaultCopiedAnnotationPrefixes + if obj.CheckRetryPeriod == time.Duration(0) { + obj.CheckRetryPeriod = defaultDNS01CheckRetryPeriod } - } diff --git a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go index 27b30de839f..520ccd4ff53 100644 --- a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go @@ -26,7 +26,7 @@ import ( unsafe "unsafe" controller "github.com/cert-manager/cert-manager/internal/apis/config/controller" - controllerv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" + v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" @@ -40,6 +40,46 @@ func init() { // RegisterConversions adds conversion functions to the given scheme. // Public to allow building arbitrary schemes. func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*v1alpha1.ACMEDNS01Config)(nil), (*controller.ACMEDNS01Config)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(a.(*v1alpha1.ACMEDNS01Config), b.(*controller.ACMEDNS01Config), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*controller.ACMEDNS01Config)(nil), (*v1alpha1.ACMEDNS01Config)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(a.(*controller.ACMEDNS01Config), b.(*v1alpha1.ACMEDNS01Config), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.ACMEHTTP01Config)(nil), (*controller.ACMEHTTP01Config)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(a.(*v1alpha1.ACMEHTTP01Config), b.(*controller.ACMEHTTP01Config), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*controller.ACMEHTTP01Config)(nil), (*v1alpha1.ACMEHTTP01Config)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(a.(*controller.ACMEHTTP01Config), b.(*v1alpha1.ACMEHTTP01Config), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.IngressShimConfig)(nil), (*controller.IngressShimConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(a.(*v1alpha1.IngressShimConfig), b.(*controller.IngressShimConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*controller.IngressShimConfig)(nil), (*v1alpha1.IngressShimConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(a.(*controller.IngressShimConfig), b.(*v1alpha1.IngressShimConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.LeaderElectionConfig)(nil), (*controller.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(a.(*v1alpha1.LeaderElectionConfig), b.(*controller.LeaderElectionConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*controller.LeaderElectionConfig)(nil), (*v1alpha1.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(a.(*controller.LeaderElectionConfig), b.(*v1alpha1.LeaderElectionConfig), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((**float32)(nil), (*float32)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_Pointer_float32_To_float32(a.(**float32), b.(*float32), scope) }); err != nil { @@ -55,8 +95,8 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddConversionFunc((*controller.ControllerConfiguration)(nil), (*controllerv1alpha1.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(a.(*controller.ControllerConfiguration), b.(*controllerv1alpha1.ControllerConfiguration), scope) + if err := s.AddConversionFunc((*controller.ControllerConfiguration)(nil), (*v1alpha1.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(a.(*controller.ControllerConfiguration), b.(*v1alpha1.ControllerConfiguration), scope) }); err != nil { return err } @@ -75,59 +115,103 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddConversionFunc((*controllerv1alpha1.ControllerConfiguration)(nil), (*controller.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(a.(*controllerv1alpha1.ControllerConfiguration), b.(*controller.ControllerConfiguration), scope) + if err := s.AddConversionFunc((*v1alpha1.ControllerConfiguration)(nil), (*controller.ControllerConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(a.(*v1alpha1.ControllerConfiguration), b.(*controller.ControllerConfiguration), scope) }); err != nil { return err } return nil } -func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(in *controllerv1alpha1.ControllerConfiguration, out *controller.ControllerConfiguration, s conversion.Scope) error { - out.APIServerHost = in.APIServerHost +func autoConvert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in *v1alpha1.ACMEDNS01Config, out *controller.ACMEDNS01Config, s conversion.Scope) error { + out.RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.RecursiveNameservers)) + if err := metav1.Convert_Pointer_bool_To_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil { + return err + } + out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod) + return nil +} + +// Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config is an autogenerated conversion function. +func Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in *v1alpha1.ACMEDNS01Config, out *controller.ACMEDNS01Config, s conversion.Scope) error { + return autoConvert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in, out, s) +} + +func autoConvert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in *controller.ACMEDNS01Config, out *v1alpha1.ACMEDNS01Config, s conversion.Scope) error { + out.RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.RecursiveNameservers)) + if err := metav1.Convert_bool_To_Pointer_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil { + return err + } + out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod) + return nil +} + +// Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config is an autogenerated conversion function. +func Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in *controller.ACMEDNS01Config, out *v1alpha1.ACMEDNS01Config, s conversion.Scope) error { + return autoConvert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in, out, s) +} + +func autoConvert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(in *v1alpha1.ACMEHTTP01Config, out *controller.ACMEHTTP01Config, s conversion.Scope) error { + out.SolverImage = in.SolverImage + out.SolverResourceRequestCPU = in.SolverResourceRequestCPU + out.SolverResourceRequestMemory = in.SolverResourceRequestMemory + out.SolverResourceLimitsCPU = in.SolverResourceLimitsCPU + out.SolverResourceLimitsMemory = in.SolverResourceLimitsMemory + if err := metav1.Convert_Pointer_bool_To_bool(&in.SolverRunAsNonRoot, &out.SolverRunAsNonRoot, s); err != nil { + return err + } + out.SolverNameservers = *(*[]string)(unsafe.Pointer(&in.SolverNameservers)) + return nil +} + +// Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config is an autogenerated conversion function. +func Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(in *v1alpha1.ACMEHTTP01Config, out *controller.ACMEHTTP01Config, s conversion.Scope) error { + return autoConvert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(in, out, s) +} + +func autoConvert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(in *controller.ACMEHTTP01Config, out *v1alpha1.ACMEHTTP01Config, s conversion.Scope) error { + out.SolverImage = in.SolverImage + out.SolverResourceRequestCPU = in.SolverResourceRequestCPU + out.SolverResourceRequestMemory = in.SolverResourceRequestMemory + out.SolverResourceLimitsCPU = in.SolverResourceLimitsCPU + out.SolverResourceLimitsMemory = in.SolverResourceLimitsMemory + if err := metav1.Convert_bool_To_Pointer_bool(&in.SolverRunAsNonRoot, &out.SolverRunAsNonRoot, s); err != nil { + return err + } + out.SolverNameservers = *(*[]string)(unsafe.Pointer(&in.SolverNameservers)) + return nil +} + +// Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config is an autogenerated conversion function. +func Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(in *controller.ACMEHTTP01Config, out *v1alpha1.ACMEHTTP01Config, s conversion.Scope) error { + return autoConvert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(in, out, s) +} + +func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(in *v1alpha1.ControllerConfiguration, out *controller.ControllerConfiguration, s conversion.Scope) error { out.KubeConfig = in.KubeConfig + out.APIServerHost = in.APIServerHost if err := Convert_Pointer_float32_To_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil { return err } if err := Convert_Pointer_int32_To_int(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil { return err } - out.ClusterResourceNamespace = in.ClusterResourceNamespace out.Namespace = in.Namespace - if err := metav1.Convert_Pointer_bool_To_bool(&in.LeaderElect, &out.LeaderElect, s); err != nil { + out.ClusterResourceNamespace = in.ClusterResourceNamespace + if err := Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } - out.LeaderElectionNamespace = in.LeaderElectionNamespace - out.LeaderElectionLeaseDuration = time.Duration(in.LeaderElectionLeaseDuration) - out.LeaderElectionRenewDeadline = time.Duration(in.LeaderElectionRenewDeadline) - out.LeaderElectionRetryPeriod = time.Duration(in.LeaderElectionRetryPeriod) out.Controllers = *(*[]string)(unsafe.Pointer(&in.Controllers)) - out.ACMEHTTP01SolverImage = in.ACMEHTTP01SolverImage - out.ACMEHTTP01SolverResourceRequestCPU = in.ACMEHTTP01SolverResourceRequestCPU - out.ACMEHTTP01SolverResourceRequestMemory = in.ACMEHTTP01SolverResourceRequestMemory - out.ACMEHTTP01SolverResourceLimitsCPU = in.ACMEHTTP01SolverResourceLimitsCPU - out.ACMEHTTP01SolverResourceLimitsMemory = in.ACMEHTTP01SolverResourceLimitsMemory - if err := metav1.Convert_Pointer_bool_To_bool(&in.ACMEHTTP01SolverRunAsNonRoot, &out.ACMEHTTP01SolverRunAsNonRoot, s); err != nil { - return err - } - out.ACMEHTTP01SolverNameservers = *(*[]string)(unsafe.Pointer(&in.ACMEHTTP01SolverNameservers)) - if err := metav1.Convert_Pointer_bool_To_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil { - return err - } if err := metav1.Convert_Pointer_bool_To_bool(&in.IssuerAmbientCredentials, &out.IssuerAmbientCredentials, s); err != nil { return err } - out.DefaultIssuerName = in.DefaultIssuerName - out.DefaultIssuerKind = in.DefaultIssuerKind - out.DefaultIssuerGroup = in.DefaultIssuerGroup - out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations)) - out.DNS01RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.DNS01RecursiveNameservers)) - if err := metav1.Convert_Pointer_bool_To_bool(&in.DNS01RecursiveNameserversOnly, &out.DNS01RecursiveNameserversOnly, s); err != nil { + if err := metav1.Convert_Pointer_bool_To_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil { return err } if err := metav1.Convert_Pointer_bool_To_bool(&in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef, s); err != nil { return err } + out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) if err := Convert_Pointer_int32_To_int(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { return err } @@ -136,21 +220,27 @@ func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfig } out.MetricsListenAddress = in.MetricsListenAddress out.HealthzListenAddress = in.HealthzListenAddress - out.HealthzLeaderElectionTimeout = time.Duration(in.HealthzLeaderElectionTimeout) - out.PprofAddress = in.PprofAddress if err := metav1.Convert_Pointer_bool_To_bool(&in.EnablePprof, &out.EnablePprof, s); err != nil { return err } + out.PprofAddress = in.PprofAddress if err := Convert_Pointer_v1_LoggingConfiguration_To_v1_LoggingConfiguration(&in.Logging, &out.Logging, s); err != nil { return err } - out.DNS01CheckRetryPeriod = time.Duration(in.DNS01CheckRetryPeriod) - out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates)) + if err := Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(&in.IngressShimConfig, &out.IngressShimConfig, s); err != nil { + return err + } + if err := Convert_v1alpha1_ACMEHTTP01Config_To_controller_ACMEHTTP01Config(&in.ACMEHTTP01Config, &out.ACMEHTTP01Config, s); err != nil { + return err + } + if err := Convert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(&in.ACMEDNS01Config, &out.ACMEDNS01Config, s); err != nil { + return err + } return nil } -func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in *controller.ControllerConfiguration, out *controllerv1alpha1.ControllerConfiguration, s conversion.Scope) error { +func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in *controller.ControllerConfiguration, out *v1alpha1.ControllerConfiguration, s conversion.Scope) error { out.APIServerHost = in.APIServerHost out.KubeConfig = in.KubeConfig if err := Convert_float32_To_Pointer_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil { @@ -159,42 +249,22 @@ func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfig if err := Convert_int_To_Pointer_int32(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil { return err } - out.ClusterResourceNamespace = in.ClusterResourceNamespace out.Namespace = in.Namespace - if err := metav1.Convert_bool_To_Pointer_bool(&in.LeaderElect, &out.LeaderElect, s); err != nil { + out.ClusterResourceNamespace = in.ClusterResourceNamespace + if err := Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } - out.LeaderElectionNamespace = in.LeaderElectionNamespace - out.LeaderElectionLeaseDuration = time.Duration(in.LeaderElectionLeaseDuration) - out.LeaderElectionRenewDeadline = time.Duration(in.LeaderElectionRenewDeadline) - out.LeaderElectionRetryPeriod = time.Duration(in.LeaderElectionRetryPeriod) out.Controllers = *(*[]string)(unsafe.Pointer(&in.Controllers)) - out.ACMEHTTP01SolverImage = in.ACMEHTTP01SolverImage - out.ACMEHTTP01SolverResourceRequestCPU = in.ACMEHTTP01SolverResourceRequestCPU - out.ACMEHTTP01SolverResourceRequestMemory = in.ACMEHTTP01SolverResourceRequestMemory - out.ACMEHTTP01SolverResourceLimitsCPU = in.ACMEHTTP01SolverResourceLimitsCPU - out.ACMEHTTP01SolverResourceLimitsMemory = in.ACMEHTTP01SolverResourceLimitsMemory - if err := metav1.Convert_bool_To_Pointer_bool(&in.ACMEHTTP01SolverRunAsNonRoot, &out.ACMEHTTP01SolverRunAsNonRoot, s); err != nil { - return err - } - out.ACMEHTTP01SolverNameservers = *(*[]string)(unsafe.Pointer(&in.ACMEHTTP01SolverNameservers)) - if err := metav1.Convert_bool_To_Pointer_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil { - return err - } if err := metav1.Convert_bool_To_Pointer_bool(&in.IssuerAmbientCredentials, &out.IssuerAmbientCredentials, s); err != nil { return err } - out.DefaultIssuerName = in.DefaultIssuerName - out.DefaultIssuerKind = in.DefaultIssuerKind - out.DefaultIssuerGroup = in.DefaultIssuerGroup - out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations)) - out.DNS01RecursiveNameservers = *(*[]string)(unsafe.Pointer(&in.DNS01RecursiveNameservers)) - if err := metav1.Convert_bool_To_Pointer_bool(&in.DNS01RecursiveNameserversOnly, &out.DNS01RecursiveNameserversOnly, s); err != nil { + if err := metav1.Convert_bool_To_Pointer_bool(&in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials, s); err != nil { return err } if err := metav1.Convert_bool_To_Pointer_bool(&in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef, s); err != nil { return err } + out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) if err := Convert_int_To_Pointer_int32(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { return err } @@ -203,16 +273,82 @@ func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfig } out.MetricsListenAddress = in.MetricsListenAddress out.HealthzListenAddress = in.HealthzListenAddress - out.HealthzLeaderElectionTimeout = time.Duration(in.HealthzLeaderElectionTimeout) - out.PprofAddress = in.PprofAddress if err := metav1.Convert_bool_To_Pointer_bool(&in.EnablePprof, &out.EnablePprof, s); err != nil { return err } + out.PprofAddress = in.PprofAddress if err := Convert_v1_LoggingConfiguration_To_Pointer_v1_LoggingConfiguration(&in.Logging, &out.Logging, s); err != nil { return err } - out.DNS01CheckRetryPeriod = time.Duration(in.DNS01CheckRetryPeriod) - out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) out.FeatureGates = *(*map[string]bool)(unsafe.Pointer(&in.FeatureGates)) + if err := Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(&in.IngressShimConfig, &out.IngressShimConfig, s); err != nil { + return err + } + if err := Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(&in.ACMEHTTP01Config, &out.ACMEHTTP01Config, s); err != nil { + return err + } + if err := Convert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(&in.ACMEDNS01Config, &out.ACMEDNS01Config, s); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(in *v1alpha1.IngressShimConfig, out *controller.IngressShimConfig, s conversion.Scope) error { + out.DefaultIssuerName = in.DefaultIssuerName + out.DefaultIssuerKind = in.DefaultIssuerKind + out.DefaultIssuerGroup = in.DefaultIssuerGroup + out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations)) return nil } + +// Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig is an autogenerated conversion function. +func Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(in *v1alpha1.IngressShimConfig, out *controller.IngressShimConfig, s conversion.Scope) error { + return autoConvert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(in, out, s) +} + +func autoConvert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(in *controller.IngressShimConfig, out *v1alpha1.IngressShimConfig, s conversion.Scope) error { + out.DefaultIssuerName = in.DefaultIssuerName + out.DefaultIssuerKind = in.DefaultIssuerKind + out.DefaultIssuerGroup = in.DefaultIssuerGroup + out.DefaultAutoCertificateAnnotations = *(*[]string)(unsafe.Pointer(&in.DefaultAutoCertificateAnnotations)) + return nil +} + +// Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig is an autogenerated conversion function. +func Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(in *controller.IngressShimConfig, out *v1alpha1.IngressShimConfig, s conversion.Scope) error { + return autoConvert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(in, out, s) +} + +func autoConvert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *controller.LeaderElectionConfig, s conversion.Scope) error { + if err := metav1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + out.Namespace = in.Namespace + out.LeaseDuration = time.Duration(in.LeaseDuration) + out.RenewDeadline = time.Duration(in.RenewDeadline) + out.RetryPeriod = time.Duration(in.RetryPeriod) + out.HealthzTimeout = time.Duration(in.HealthzTimeout) + return nil +} + +// Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig is an autogenerated conversion function. +func Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *controller.LeaderElectionConfig, s conversion.Scope) error { + return autoConvert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in, out, s) +} + +func autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *controller.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { + if err := metav1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + out.Namespace = in.Namespace + out.LeaseDuration = time.Duration(in.LeaseDuration) + out.RenewDeadline = time.Duration(in.RenewDeadline) + out.RetryPeriod = time.Duration(in.RetryPeriod) + out.HealthzTimeout = time.Duration(in.HealthzTimeout) + return nil +} + +// Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig is an autogenerated conversion function. +func Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *controller.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { + return autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in, out, s) +} diff --git a/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go b/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go index 3b429dee22f..c5d663baaab 100644 --- a/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go +++ b/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go @@ -38,4 +38,8 @@ func RegisterDefaults(scheme *runtime.Scheme) error { func SetObjectDefaults_ControllerConfiguration(in *v1alpha1.ControllerConfiguration) { SetDefaults_ControllerConfiguration(in) + SetDefaults_LeaderElectionConfig(&in.LeaderElectionConfig) + SetDefaults_IngressShimConfig(&in.IngressShimConfig) + SetDefaults_ACMEHTTP01Config(&in.ACMEHTTP01Config) + SetDefaults_ACMEDNS01Config(&in.ACMEDNS01Config) } diff --git a/internal/apis/config/controller/validation/validation.go b/internal/apis/config/controller/validation/validation.go index aa682162f4f..842f294904b 100644 --- a/internal/apis/config/controller/validation/validation.go +++ b/internal/apis/config/controller/validation/validation.go @@ -32,7 +32,7 @@ import ( ) func ValidateControllerConfiguration(o *config.ControllerConfiguration) error { - if len(o.DefaultIssuerKind) == 0 { + if len(o.IngressShimConfig.DefaultIssuerKind) == 0 { return errors.New("the --default-issuer-kind flag must not be empty") } @@ -48,7 +48,7 @@ func ValidateControllerConfiguration(o *config.ControllerConfiguration) error { return fmt.Errorf("invalid value for kube-api-burst: %v must be higher or equal to kube-api-qps: %v", o.KubernetesAPIQPS, o.KubernetesAPIQPS) } - for _, server := range o.ACMEHTTP01SolverNameservers { + for _, server := range o.ACMEHTTP01Config.SolverNameservers { // ensure all servers have a port number _, _, err := net.SplitHostPort(server) if err != nil { @@ -56,7 +56,7 @@ func ValidateControllerConfiguration(o *config.ControllerConfiguration) error { } } - for _, server := range o.DNS01RecursiveNameservers { + for _, server := range o.ACMEDNS01Config.RecursiveNameservers { // ensure all servers follow one of the following formats: // - : // - https:// diff --git a/internal/apis/config/controller/zz_generated.deepcopy.go b/internal/apis/config/controller/zz_generated.deepcopy.go index 58d1df409c0..6417e2d66d2 100644 --- a/internal/apis/config/controller/zz_generated.deepcopy.go +++ b/internal/apis/config/controller/zz_generated.deepcopy.go @@ -26,35 +26,63 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { +func (in *ACMEDNS01Config) DeepCopyInto(out *ACMEDNS01Config) { *out = *in - out.TypeMeta = in.TypeMeta - if in.Controllers != nil { - in, out := &in.Controllers, &out.Controllers + if in.RecursiveNameservers != nil { + in, out := &in.RecursiveNameservers, &out.RecursiveNameservers *out = make([]string, len(*in)) copy(*out, *in) } - if in.ACMEHTTP01SolverNameservers != nil { - in, out := &in.ACMEHTTP01SolverNameservers, &out.ACMEHTTP01SolverNameservers - *out = make([]string, len(*in)) - copy(*out, *in) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEDNS01Config. +func (in *ACMEDNS01Config) DeepCopy() *ACMEDNS01Config { + if in == nil { + return nil } - if in.DefaultAutoCertificateAnnotations != nil { - in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations + out := new(ACMEDNS01Config) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEHTTP01Config) DeepCopyInto(out *ACMEHTTP01Config) { + *out = *in + if in.SolverNameservers != nil { + in, out := &in.SolverNameservers, &out.SolverNameservers *out = make([]string, len(*in)) copy(*out, *in) } - if in.DNS01RecursiveNameservers != nil { - in, out := &in.DNS01RecursiveNameservers, &out.DNS01RecursiveNameservers + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEHTTP01Config. +func (in *ACMEHTTP01Config) DeepCopy() *ACMEHTTP01Config { + if in == nil { + return nil + } + out := new(ACMEHTTP01Config) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { + *out = *in + out.TypeMeta = in.TypeMeta + out.LeaderElectionConfig = in.LeaderElectionConfig + if in.Controllers != nil { + in, out := &in.Controllers, &out.Controllers *out = make([]string, len(*in)) copy(*out, *in) } - in.Logging.DeepCopyInto(&out.Logging) if in.CopiedAnnotationPrefixes != nil { in, out := &in.CopiedAnnotationPrefixes, &out.CopiedAnnotationPrefixes *out = make([]string, len(*in)) copy(*out, *in) } + in.Logging.DeepCopyInto(&out.Logging) if in.FeatureGates != nil { in, out := &in.FeatureGates, &out.FeatureGates *out = make(map[string]bool, len(*in)) @@ -62,6 +90,9 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { (*out)[key] = val } } + in.IngressShimConfig.DeepCopyInto(&out.IngressShimConfig) + in.ACMEHTTP01Config.DeepCopyInto(&out.ACMEHTTP01Config) + in.ACMEDNS01Config.DeepCopyInto(&out.ACMEDNS01Config) return } @@ -82,3 +113,40 @@ func (in *ControllerConfiguration) DeepCopyObject() runtime.Object { } return nil } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressShimConfig) DeepCopyInto(out *IngressShimConfig) { + *out = *in + if in.DefaultAutoCertificateAnnotations != nil { + in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressShimConfig. +func (in *IngressShimConfig) DeepCopy() *IngressShimConfig { + if in == nil { + return nil + } + out := new(IngressShimConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig. +func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { + if in == nil { + return nil + } + out := new(LeaderElectionConfig) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apis/config/controller/v1alpha1/types.go b/pkg/apis/config/controller/v1alpha1/types.go index b5578786dfe..c115904941c 100644 --- a/pkg/apis/config/controller/v1alpha1/types.go +++ b/pkg/apis/config/controller/v1alpha1/types.go @@ -29,13 +29,14 @@ import ( type ControllerConfiguration struct { metav1.TypeMeta `json:",inline"` - // Optional apiserver host address to connect to. If not specified, - // autoconfiguration will be attempted - APIServerHost string `json:"apiServerHost,omitempty"` - - // Paths to a kubeconfig. Only required if out-of-cluster. + // kubeConfig is the kubeconfig file used to connect to the Kubernetes apiserver. + // If not specified, the webhook will attempt to load the in-cluster-config. KubeConfig string `json:"kubeConfig,omitempty"` + // apiServerHost is used to override the API server connection address. + // Deprecated: use `kubeConfig` instead. + APIServerHost string `json:"apiServerHost,omitempty"` + // Indicates the maximum queries-per-second requests to the Kubernetes apiserver // TODO: floats are not recommended. Maybe we should use resource.Quantity? https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ KubernetesAPIQPS *float32 `json:"kubernetesAPIQPS,omitempty"` @@ -43,152 +44,204 @@ type ControllerConfiguration struct { // The maximum burst queries-per-second of requests sent to the Kubernetes apiserver KubernetesAPIBurst *int32 `json:"kubernetesAPIBurst,omitempty"` - // Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. - ClusterResourceNamespace string `json:"clusterResourceNamespace,omitempty"` - // If set, this limits the scope of cert-manager to a single namespace and // ClusterIssuers are disabled. If not specified, all namespaces will be // watched" Namespace string `json:"namespace,omitempty"` + // Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. + ClusterResourceNamespace string `json:"clusterResourceNamespace,omitempty"` + + // LeaderElectionConfig configures the behaviour of the leader election + LeaderElectionConfig LeaderElectionConfig `json:"leaderElectionConfig"` + + // A list of controllers to enable. + // ['*'] enables all controllers, + // ['foo'] enables only the foo controller + // ['*', '-foo'] disables the controller named foo. + Controllers []string `json:"controllers,omitempty"` + + // Whether an issuer may make use of ambient credentials. 'Ambient + // Credentials' are credentials drawn from the environment, metadata services, + // or local files which are not explicitly configured in the Issuer API + // object. When this flag is enabled, the following sources for + // credentials are also used: AWS - All sources the Go SDK defaults to, + // notably including any EC2 IAM roles available via instance metadata. + IssuerAmbientCredentials *bool `json:"issuerAmbientCredentials,omitempty"` + + // Whether a cluster-issuer may make use of ambient credentials for issuers. + // 'Ambient Credentials' are credentials drawn from the environment, metadata + // services, or local files which are not explicitly configured in the + // ClusterIssuer API object. When this flag is enabled, the following sources + // for credentials are also used: AWS - All sources the Go SDK defaults to, + // notably including any EC2 IAM roles available via instance metadata. + ClusterIssuerAmbientCredentials *bool `json:"clusterIssuerAmbientCredentials,omitempty"` + + // Whether to set the certificate resource as an owner of secret where the + // tls certificate is stored. When this flag is enabled, the secret will be + // automatically removed when the certificate resource is deleted. + EnableCertificateOwnerRef *bool `json:"enableCertificateOwnerRef,omitempty"` + + // Specify which annotations should/shouldn't be copied from Certificate to + // CertificateRequest and Order, as well as from CertificateSigningRequest to + // Order, by passing a list of annotation key prefixes. A prefix starting with + // a dash(-) specifies an annotation that shouldn't be copied. Example: + // '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the + // ones where the key is prefixed with 'kubectl.kubernetes.io/'. + CopiedAnnotationPrefixes []string `json:"copiedAnnotationPrefixes,omitempty"` + + // The number of concurrent workers for each controller. + NumberOfConcurrentWorkers *int32 `json:"numberOfConcurrentWorkers,omitempty"` + + // The maximum number of challenges that can be scheduled as 'processing' at once. + MaxConcurrentChallenges *int32 `json:"maxConcurrentChallenges,omitempty"` + + // The host and port that the metrics endpoint should listen on. + MetricsListenAddress string `json:"metricsListenAddress,omitempty"` + + // The host and port address, separated by a ':', that the healthz server + // should listen on. + HealthzListenAddress string `json:"healthzListenAddress,omitempty"` + + // Enable profiling for controller. + EnablePprof *bool `json:"enablePprof"` + + // The host and port that Go profiler should listen on, i.e localhost:6060. + // Ensure that profiler is not exposed on a public address. Profiler will be + // served at /debug/pprof. + PprofAddress string `json:"pprofAddress,omitempty"` + + // logging configures the logging behaviour of the controller. + // https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration + Logging *logs.Options `json:"logging,omitempty"` + + // featureGates is a map of feature names to bools that enable or disable experimental + // features. + // Default: nil + // +optional + FeatureGates map[string]bool `json:"featureGates,omitempty"` + + // ingressShimConfig configures the behaviour of the ingress-shim controller + IngressShimConfig IngressShimConfig `json:"ingressShimConfig,omitempty"` + + // acmeHTTP01Config configures the behaviour of the ACME HTTP01 challenge solver + ACMEHTTP01Config ACMEHTTP01Config `json:"acmeHTTP01Config,omitempty"` + + // acmeDNS01Config configures the behaviour of the ACME DNS01 challenge solver + ACMEDNS01Config ACMEDNS01Config `json:"acmeDNS01Config,omitempty"` +} + +type KubeConfig struct { + // Path to a kubeconfig. Only required if out-of-cluster. + Path string `json:"path,omitempty"` + + // If true, use the current context from the kubeconfig file. + // If false, use the context specified by ControllerConfiguration.Context. + // Default: true + // +optional + CurrentContext *bool `json:"currentContext,omitempty"` + + // The kubeconfig context to use. + // Default: current-context from kubeconfig file + // +optional + Context string `json:"context,omitempty"` +} + +type LeaderElectionConfig struct { // If true, cert-manager will perform leader election between instances to // ensure no more than one instance of cert-manager operates at a time - LeaderElect *bool `json:"leaderElect,omitempty"` + Enabled *bool `json:"enabled,omitempty"` - //Namespace used to perform leader election. Only used if leader election is enabled - LeaderElectionNamespace string `json:"leaderElectionNamespace,omitempty"` + // Namespace used to perform leader election. Only used if leader election is enabled + Namespace string `json:"namespace,omitempty"` // The duration that non-leader candidates will wait after observing a leadership // renewal until attempting to acquire leadership of a led but unrenewed leader // slot. This is effectively the maximum duration that a leader can be stopped // before it is replaced by another candidate. This is only applicable if leader // election is enabled. - LeaderElectionLeaseDuration time.Duration `json:"leaderElectionLeaseDuration,omitempty"` + LeaseDuration time.Duration `json:"leaseDuration,omitempty"` // The interval between attempts by the acting master to renew a leadership slot // before it stops leading. This must be less than or equal to the lease duration. // This is only applicable if leader election is enabled. - LeaderElectionRenewDeadline time.Duration `json:"leaderElectionRenewDeadline,omitempty"` + RenewDeadline time.Duration `json:"renewDeadline,omitempty"` // The duration the clients should wait between attempting acquisition and renewal // of a leadership. This is only applicable if leader election is enabled. - LeaderElectionRetryPeriod time.Duration `json:"leaderElectionRetryPeriod,omitempty"` + RetryPeriod time.Duration `json:"retryPeriod,omitempty"` - // A list of controllers to enable. - // ['*'] enables all controllers, - // ['foo'] enables only the foo controller - // ['*', '-foo'] disables the controller named foo. - Controllers []string `json:"controllers,omitempty"` + // Leader election healthz checks within this timeout period after the lease + // expires will still return healthy. + HealthzTimeout time.Duration `json:"healthzTimeout,omitempty"` +} + +type IngressShimConfig struct { + // Default issuer/certificates details consumed by ingress-shim + // Name of the Issuer to use when the tls is requested but issuer name is + // not specified on the ingress resource. + DefaultIssuerName string `json:"defaultIssuerName,omitempty"` + + // Kind of the Issuer to use when the TLS is requested but issuer kind is not + // specified on the ingress resource. + DefaultIssuerKind string `json:"defaultIssuerKind,omitempty"` + // Group of the Issuer to use when the TLS is requested but issuer group is + // not specified on the ingress resource. + DefaultIssuerGroup string `json:"defaultIssuerGroup,omitempty"` + + // The annotation consumed by the ingress-shim controller to indicate a ingress + // is requesting a certificate + DefaultAutoCertificateAnnotations []string `json:"defaultAutoCertificateAnnotations,omitempty"` +} + +type ACMEHTTP01Config struct { // The Docker image to use to solve ACME HTTP01 challenges. You most likely // will not need to change this parameter unless you are testing a new // feature or developing cert-manager. - ACMEHTTP01SolverImage string `json:"acmeHTTP01SolverImage,omitempty"` + SolverImage string `json:"solverImage,omitempty"` // Defines the resource request CPU size when spawning new ACME HTTP01 // challenge solver pods. - ACMEHTTP01SolverResourceRequestCPU string `json:"acmeHTTP01SolverResourceRequestCPU,omitempty"` + SolverResourceRequestCPU string `json:"solverResourceRequestCPU,omitempty"` - //Defines the resource request Memory size when spawning new ACME HTTP01 - //challenge solver pods. - ACMEHTTP01SolverResourceRequestMemory string `json:"acmeHTTP01SolverResourceRequestMemory,omitempty"` + // Defines the resource request Memory size when spawning new ACME HTTP01 + // challenge solver pods. + SolverResourceRequestMemory string `json:"solverResourceRequestMemory,omitempty"` - //Defines the resource limits CPU size when spawning new ACME HTTP01 - //challenge solver pods. - ACMEHTTP01SolverResourceLimitsCPU string `json:"acmeHTTP01SolverResourceLimitsCPU,omitempty"` + // Defines the resource limits CPU size when spawning new ACME HTTP01 + // challenge solver pods. + SolverResourceLimitsCPU string `json:"solverResourceLimitsCPU,omitempty"` // Defines the resource limits Memory size when spawning new ACME HTTP01 // challenge solver pods. - ACMEHTTP01SolverResourceLimitsMemory string `json:"acmeHTTP01SolverResourceLimitsMemory,omitempty"` + SolverResourceLimitsMemory string `json:"solverResourceLimitsMemory,omitempty"` // Defines the ability to run the http01 solver as root for troubleshooting // issues - ACMEHTTP01SolverRunAsNonRoot *bool `json:"acmeHTTP01SolverRunAsNonRoot,omitempty"` + SolverRunAsNonRoot *bool `json:"solverRunAsNonRoot,omitempty"` // A list of comma separated dns server endpoints used for // ACME HTTP01 check requests. This should be a list containing host and // port, for example ["8.8.8.8:53","8.8.4.4:53"] // Allows specifying a list of custom nameservers to perform HTTP01 checks on. - ACMEHTTP01SolverNameservers []string `json:"acmeHTTP01SolverNameservers,omitempty"` - - // Whether a cluster-issuer may make use of ambient credentials for issuers. - // 'Ambient Credentials' are credentials drawn from the environment, metadata - // services, or local files which are not explicitly configured in the - // ClusterIssuer API object. When this flag is enabled, the following sources - // for credentials are also used: AWS - All sources the Go SDK defaults to, - // notably including any EC2 IAM roles available via instance metadata. - ClusterIssuerAmbientCredentials *bool `json:"clusterIssuerAmbientCredentials,omitempty"` - - // Whether an issuer may make use of ambient credentials. 'Ambient - // Credentials' are credentials drawn from the environment, metadata services, - // or local files which are not explicitly configured in the Issuer API - // object. When this flag is enabled, the following sources for - // credentials are also used: AWS - All sources the Go SDK defaults to, - // notably including any EC2 IAM roles available via instance metadata. - IssuerAmbientCredentials *bool `json:"issuerAmbientCredentials,omitempty"` - - // Default issuer/certificates details consumed by ingress-shim - // Name of the Issuer to use when the tls is requested but issuer name is - // not specified on the ingress resource. - DefaultIssuerName string `json:"defaultIssuerName,omitempty"` - - // Kind of the Issuer to use when the TLS is requested but issuer kind is not - // specified on the ingress resource. - DefaultIssuerKind string `json:"defaultIssuerKind,omitempty"` - - // Group of the Issuer to use when the TLS is requested but issuer group is - // not specified on the ingress resource. - DefaultIssuerGroup string `json:"defaultIssuerGroup,omitempty"` - - // The annotation consumed by the ingress-shim controller to indicate a ingress - // is requesting a certificate - DefaultAutoCertificateAnnotations []string `json:"defaultAutoCertificateAnnotations,omitempty"` + SolverNameservers []string `json:"solverNameservers,omitempty"` +} +type ACMEDNS01Config struct { // Each nameserver can be either the IP address and port of a standard // recursive DNS server, or the endpoint to an RFC 8484 DNS over HTTPS // endpoint. For example, the following values are valid: // - "8.8.8.8:53" (Standard DNS) // - "https://1.1.1.1/dns-query" (DNS over HTTPS) - DNS01RecursiveNameservers []string `json:"dns01RecursiveNameservers,omitempty"` + RecursiveNameservers []string `json:"recursiveNameservers,omitempty"` // When true, cert-manager will only ever query the configured DNS resolvers // to perform the ACME DNS01 self check. This is useful in DNS constrained // environments, where access to authoritative nameservers is restricted. // Enabling this option could cause the DNS01 self check to take longer // due to caching performed by the recursive nameservers. - DNS01RecursiveNameserversOnly *bool `json:"dns01RecursiveNameserversOnly,omitempty"` - - // Whether to set the certificate resource as an owner of secret where the - // tls certificate is stored. When this flag is enabled, the secret will be - // automatically removed when the certificate resource is deleted. - EnableCertificateOwnerRef *bool `json:"enableCertificateOwnerRef,omitempty"` - - // The number of concurrent workers for each controller. - NumberOfConcurrentWorkers *int32 `json:"numberOfConcurrentWorkers,omitempty"` - - // The maximum number of challenges that can be scheduled as 'processing' at once. - MaxConcurrentChallenges *int32 `json:"maxConcurrentChallenges,omitempty"` - - // The host and port that the metrics endpoint should listen on. - MetricsListenAddress string `json:"metricsListenAddress,omitempty"` - - // The host and port address, separated by a ':', that the healthz server - // should listen on. - HealthzListenAddress string `json:"healthzListenAddress,omitempty"` - - // Leader election healthz checks within this timeout period after the lease - // expires will still return healthy. - HealthzLeaderElectionTimeout time.Duration `json:"healthzLeaderElectionTimeout,omitempty"` - - // The host and port that Go profiler should listen on, i.e localhost:6060. - // Ensure that profiler is not exposed on a public address. Profiler will be - // served at /debug/pprof. - PprofAddress string `json:"pprofAddress,omitempty"` - // Enable profiling for controller. - EnablePprof *bool `json:"enablePprof"` - - // https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration - Logging *logs.Options `json:"logging,omitempty"` + RecursiveNameserversOnly *bool `json:"recursiveNameserversOnly,omitempty"` // The duration the controller should wait between a propagation check. Despite // the name, this flag is used to configure the wait period for both DNS01 and @@ -197,19 +250,5 @@ type ControllerConfiguration struct { // For HTTP01 challenges the propagation check verifies that the challenge // token is served at the challenge URL. This should be a valid duration // string, for example 180s or 1h - DNS01CheckRetryPeriod time.Duration `json:"dns01CheckRetryPeriod,omitempty"` - - // Specify which annotations should/shouldn't be copied from Certificate to - // CertificateRequest and Order, as well as from CertificateSigningRequest to - // Order, by passing a list of annotation key prefixes. A prefix starting with - // a dash(-) specifies an annotation that shouldn't be copied. Example: - // '*,-kubectl.kuberenetes.io/'- all annotations will be copied apart from the - // ones where the key is prefixed with 'kubectl.kubernetes.io/'. - CopiedAnnotationPrefixes []string `json:"copiedAnnotationPrefixes,omitempty"` - - // featureGates is a map of feature names to bools that enable or disable experimental - // features. - // Default: nil - // +optional - FeatureGates map[string]bool `json:"featureGates,omitempty"` + CheckRetryPeriod time.Duration `json:"checkRetryPeriod,omitempty"` } diff --git a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go index 30f9220ae0a..722a2bf35b3 100644 --- a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go @@ -26,6 +26,58 @@ import ( v1 "k8s.io/component-base/logs/api/v1" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEDNS01Config) DeepCopyInto(out *ACMEDNS01Config) { + *out = *in + if in.RecursiveNameservers != nil { + in, out := &in.RecursiveNameservers, &out.RecursiveNameservers + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.RecursiveNameserversOnly != nil { + in, out := &in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEDNS01Config. +func (in *ACMEDNS01Config) DeepCopy() *ACMEDNS01Config { + if in == nil { + return nil + } + out := new(ACMEDNS01Config) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEHTTP01Config) DeepCopyInto(out *ACMEHTTP01Config) { + *out = *in + if in.SolverRunAsNonRoot != nil { + in, out := &in.SolverRunAsNonRoot, &out.SolverRunAsNonRoot + *out = new(bool) + **out = **in + } + if in.SolverNameservers != nil { + in, out := &in.SolverNameservers, &out.SolverNameservers + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEHTTP01Config. +func (in *ACMEHTTP01Config) DeepCopy() *ACMEHTTP01Config { + if in == nil { + return nil + } + out := new(ACMEHTTP01Config) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { *out = *in @@ -40,56 +92,32 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { *out = new(int32) **out = **in } - if in.LeaderElect != nil { - in, out := &in.LeaderElect, &out.LeaderElect - *out = new(bool) - **out = **in - } + in.LeaderElectionConfig.DeepCopyInto(&out.LeaderElectionConfig) if in.Controllers != nil { in, out := &in.Controllers, &out.Controllers *out = make([]string, len(*in)) copy(*out, *in) } - if in.ACMEHTTP01SolverRunAsNonRoot != nil { - in, out := &in.ACMEHTTP01SolverRunAsNonRoot, &out.ACMEHTTP01SolverRunAsNonRoot + if in.IssuerAmbientCredentials != nil { + in, out := &in.IssuerAmbientCredentials, &out.IssuerAmbientCredentials *out = new(bool) **out = **in } - if in.ACMEHTTP01SolverNameservers != nil { - in, out := &in.ACMEHTTP01SolverNameservers, &out.ACMEHTTP01SolverNameservers - *out = make([]string, len(*in)) - copy(*out, *in) - } if in.ClusterIssuerAmbientCredentials != nil { in, out := &in.ClusterIssuerAmbientCredentials, &out.ClusterIssuerAmbientCredentials *out = new(bool) **out = **in } - if in.IssuerAmbientCredentials != nil { - in, out := &in.IssuerAmbientCredentials, &out.IssuerAmbientCredentials + if in.EnableCertificateOwnerRef != nil { + in, out := &in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef *out = new(bool) **out = **in } - if in.DefaultAutoCertificateAnnotations != nil { - in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.DNS01RecursiveNameservers != nil { - in, out := &in.DNS01RecursiveNameservers, &out.DNS01RecursiveNameservers + if in.CopiedAnnotationPrefixes != nil { + in, out := &in.CopiedAnnotationPrefixes, &out.CopiedAnnotationPrefixes *out = make([]string, len(*in)) copy(*out, *in) } - if in.DNS01RecursiveNameserversOnly != nil { - in, out := &in.DNS01RecursiveNameserversOnly, &out.DNS01RecursiveNameserversOnly - *out = new(bool) - **out = **in - } - if in.EnableCertificateOwnerRef != nil { - in, out := &in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef - *out = new(bool) - **out = **in - } if in.NumberOfConcurrentWorkers != nil { in, out := &in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers *out = new(int32) @@ -110,11 +138,6 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { *out = new(v1.LoggingConfiguration) (*in).DeepCopyInto(*out) } - if in.CopiedAnnotationPrefixes != nil { - in, out := &in.CopiedAnnotationPrefixes, &out.CopiedAnnotationPrefixes - *out = make([]string, len(*in)) - copy(*out, *in) - } if in.FeatureGates != nil { in, out := &in.FeatureGates, &out.FeatureGates *out = make(map[string]bool, len(*in)) @@ -122,6 +145,9 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { (*out)[key] = val } } + in.IngressShimConfig.DeepCopyInto(&out.IngressShimConfig) + in.ACMEHTTP01Config.DeepCopyInto(&out.ACMEHTTP01Config) + in.ACMEDNS01Config.DeepCopyInto(&out.ACMEDNS01Config) return } @@ -142,3 +168,66 @@ func (in *ControllerConfiguration) DeepCopyObject() runtime.Object { } return nil } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressShimConfig) DeepCopyInto(out *IngressShimConfig) { + *out = *in + if in.DefaultAutoCertificateAnnotations != nil { + in, out := &in.DefaultAutoCertificateAnnotations, &out.DefaultAutoCertificateAnnotations + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressShimConfig. +func (in *IngressShimConfig) DeepCopy() *IngressShimConfig { + if in == nil { + return nil + } + out := new(IngressShimConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeConfig) DeepCopyInto(out *KubeConfig) { + *out = *in + if in.CurrentContext != nil { + in, out := &in.CurrentContext, &out.CurrentContext + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeConfig. +func (in *KubeConfig) DeepCopy() *KubeConfig { + if in == nil { + return nil + } + out := new(KubeConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig. +func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { + if in == nil { + return nil + } + out := new(LeaderElectionConfig) + in.DeepCopyInto(out) + return out +}