Skip to content

Commit

Permalink
Configure gsoci.azurecr.io as the registry to use by default (#399)
Browse files Browse the repository at this point in the history 
* Update default registry domain in values.yaml

* Replace docker.io again
  • Loading branch information
@marians
marians authored Dec 6, 2023
1 parent 4c004a2 commit 4d56335
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 65 deletions.
5 changes: 4 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s

## [Unreleased]

### Changed

- Configure `gsoci.azurecr.io` as the default container image registry.

## [3.6.0] - 2023-11-22

### Added
Expand Down Expand Up @@ -35,7 +39,6 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
### Added
- Introduced `acme-solvers-networkpolicy` and `acme-solvers-ciliumnetworkpolicy` for enhanced network security and control.


## [3.5.0] - 2023-10-12

### Added
Expand Down
2 changes: 1 addition & 1 deletion helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
name: cert-manager-giantswarm-clusterissuer

image:
registry: docker.io
registry: gsoci.azurecr.io
repository: giantswarm/docker-kubectl
tag: ""

Expand Down
126 changes: 63 additions & 63 deletions helm/cert-manager/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ featureGates: ""
maxConcurrentChallenges: 60

image:
registry: &registry docker.io
registry: &registry gsoci.azurecr.io
repository: giantswarm/cert-manager-controller

# Override the image tag to deploy by setting this variable.
Expand Down Expand Up @@ -184,7 +184,7 @@ containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true

Expand Down Expand Up @@ -241,22 +241,22 @@ prometheus:
honorLabels: false
endpointAdditionalProperties:
relabelings:
- action: replace
regex: ;(.*)
replacement: $1
separator: ;
sourceLabels:
- namespace
- __meta_kubernetes_namespace
targetLabel: namespace
- action: replace
sourceLabels:
- __meta_kubernetes_pod_label_app
targetLabel: app
- action: replace
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
- action: replace
regex: ;(.*)
replacement: $1
separator: ;
sourceLabels:
- namespace
- __meta_kubernetes_namespace
targetLabel: namespace
- action: replace
sourceLabels:
- __meta_kubernetes_pod_label_app
targetLabel: app
- action: replace
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node

# Use these variables to configure the HTTP_PROXY environment variables
# http_proxy: "http://proxy:8080"
Expand Down Expand Up @@ -284,10 +284,10 @@ affinity: {}
# value: master
# effect: NoSchedule
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule

# A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core
# for example:
Expand Down Expand Up @@ -371,7 +371,7 @@ webhook:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true

Expand Down Expand Up @@ -430,25 +430,25 @@ webhook:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: apps.giantswarm.io/affinity
operator: In
values:
- cert-manager-webhook
- key: app.kubernetes.io/component
operator: In
values:
- "webhook"
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: apps.giantswarm.io/affinity
operator: In
values:
- cert-manager-webhook
- key: app.kubernetes.io/component
operator: In
values:
- "webhook"
topologyKey: kubernetes.io/hostname
weight: 100

tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule

topologySpreadConstraints: []

Expand Down Expand Up @@ -521,26 +521,26 @@ webhook:
networkPolicy:
enabled: true
ingress:
- from:
- ipBlock:
cidr: 0.0.0.0/0
- from:
- ipBlock:
cidr: 0.0.0.0/0
egress:
- ports:
- port: 80
protocol: TCP
- port: 443
protocol: TCP
- port: 53
protocol: TCP
- port: 53
protocol: UDP
- ports:
- port: 80
protocol: TCP
- port: 443
protocol: TCP
- port: 53
protocol: TCP
- port: 53
protocol: UDP
# On OpenShift and OKD, the Kubernetes API server listens on
# port 6443.
- port: 6443
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
- port: 6443
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0

volumes: []
volumeMounts: []
Expand Down Expand Up @@ -582,7 +582,7 @@ cainjector:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true

Expand Down Expand Up @@ -693,7 +693,7 @@ startupapicheck:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true

Expand Down Expand Up @@ -727,10 +727,10 @@ startupapicheck:
affinity: {}

tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule

# Optional additional labels to add to the startupapicheck Pods
podLabels: {}
Expand Down

0 comments on commit 4d56335

Please sign in to comment.