Merge "Revert "Test deployment job""
diff --git a/README.md b/README.md
index 1beffdb..85eac92 100644
--- a/README.md
+++ b/README.md
@@ -170,10 +170,8 @@
## Install certmanager
```sh
-kubectl create namespace cert-manager
-kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
-kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
-kubectl apply -n cert-manager -f letsencrypt.yaml
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml
+kubectl apply -n cert-manager -f k8s/letsencrypt.yaml
```
## Install mariadb
diff --git a/k8s/certmanager.yaml b/k8s/certmanager.yaml
index 2cc1c06..ec12a39 100644
--- a/k8s/certmanager.yaml
+++ b/k8s/certmanager.yaml
@@ -1,5 +1,5 @@
---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
@@ -7,21 +7,22 @@
spec:
selfSigned: {}
---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ca-cert
namespace: cert-manager
spec:
+ isCA: true
+ commonName: cacert
# Secret names are always required.
secretName: ca-cert
+ privateKey:
+ algorithm: RSA
+ encoding: PKCS1
+ size: 2048
duration: 87600h # 10y
renewBefore: 360h # 15d
- isCA: true
- keySize: 2048
- keyAlgorithm: rsa
- keyEncoding: pkcs1
- commonName: cacert
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- caroot
@@ -29,7 +30,7 @@
issuerRef:
name: selfsigned-issuer
---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
diff --git a/k8s/letsencrypt.yaml b/k8s/letsencrypt.yaml
index f6742f1..549e67e 100644
--- a/k8s/letsencrypt.yaml
+++ b/k8s/letsencrypt.yaml
@@ -1,5 +1,5 @@
---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
@@ -18,7 +18,7 @@
- http01:
ingress: {}
---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
diff --git a/k8s/zookeeper/certs.yaml b/k8s/zookeeper/certs.yaml
index 684438d..b7494d1 100644
--- a/k8s/zookeeper/certs.yaml
+++ b/k8s/zookeeper/certs.yaml
@@ -4,13 +4,14 @@
metadata:
name: zookeeper
---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: zookeeper-server
namespace: zookeeper
spec:
- keyEncoding: pkcs8
+ privateKey:
+ encoding: PKCS8
secretName: zookeeper-server-tls
commonName: server
usages:
diff --git a/k8s/zuul.yaml b/k8s/zuul.yaml
index 8a66b71..90e7830 100644
--- a/k8s/zuul.yaml
+++ b/k8s/zuul.yaml
@@ -1,11 +1,12 @@
---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: zookeeper-client
namespace: zuul
spec:
- keyEncoding: pkcs8
+ privateKey:
+ encoding: PKCS8
secretName: zookeeper-client-tls
commonName: client
usages:
@@ -317,7 +318,7 @@
requests:
storage: 80Gi
---
-apiVersion: networking.gke.io/v1beta1
+apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: ci-gerritcodereview-com
diff --git a/nodepool/nodepool.yaml b/nodepool/nodepool.yaml
index ac8b2e6..8fc96b2 100644
--- a/nodepool/nodepool.yaml
+++ b/nodepool/nodepool.yaml
@@ -14,9 +14,9 @@
zone: us-central1-a
boot-timeout: 120
cloud-images:
- - name: debian-bookwork
+ - name: debian-bookworm
image-project: debian-cloud
- image-family: debian-11
+ image-family: debian-12
username: zuul
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaTT3+Y6dIh221ZsQ0ki6VwGb6lzd1/CvIS8RX6ZNmxJTXS7UKlvhAVTbGQPtmjdIQbwUyEqZEvIm/bUBr7dNbyeMLiRiRtoN+u1Quq8OAes2N7nUKnjLjGjVnM2mvYHGWHRDbpAQCtmXtbiQkHkfLLzewb+MqntQZ57xap31qriTkv4rdnlMN4kElILb5E/8WOAAJXYrt3b1TrTXwZUx7is1OTa38I9jJTpUMCn2otWGH9LlfeUhz/z8ZPB21wgUZN9CF5NwwBanqCNXy0jHiumOGx9e7Hc7apt641KiDuRt0aWyE6No/aMe6hVYnFR3NMG3rBtortXl+R5birK8l zuul
pools:
