cert-manager: bump to v0.9.1
We just got this email:
We've been working with Jetstack, the authors of cert-manager, on a
series of fixes to the client. Cert-manager sometimes falls into a
traffic pattern where it sends really excessive traffic to Let's
Encrypt's servers, continuously. To mitigate this, we plan to start
blocking all traffic from cert-manager versions less than 0.8.0 (the
current semver minor release), as of November 1, 2019. Please upgrade
all of your cert-manager instances before then.
We're sending this email because this is the contact address of your
cert-manager instance at:
185.236.240.37 .
Version 0.8.0 is much better but we still observe excessive traffic in
some cases. We're working with Jetstack to improve these cases. As new
versions of cert-manager are released, we will add the non-current
versions to our block list after 3 months. We strongly encourage
cert-manager users to stay up-to-date with new versions.
Also, there is an opportunity to help both Jetstack and Let's Encrypt.
Once you've upgraded, please check the logs for your cert-manager
instances from time to time. Are they making excessive requests to Let's
Encrypt (more than, say, 10 per day over multiple days)? If so, please
share details at https://github.com/jetstack/cert-manager/issues/1948 .
Thanks,
Let's Encrypt Team
Change-Id: Ic7152150ac1c96941423878c6d4b6209e07429cf
diff --git a/cluster/kube/lib/cert-manager.libsonnet b/cluster/kube/lib/cert-manager.libsonnet
index 2598798..e9e4a4b 100644
--- a/cluster/kube/lib/cert-manager.libsonnet
+++ b/cluster/kube/lib/cert-manager.libsonnet
@@ -11,6 +11,7 @@
cfg:: {
namespace: "cert-manager",
enableWebhook: false,
+ version: "v0.9.1",
},
metadata:: {
@@ -389,7 +390,7 @@
serviceAccountName: env.sas.cainjector.metadata.name,
containers_: {
cainjector: kube.Container("cainjector") {
- image: "quay.io/jetstack/cert-manager-cainjector:v0.7.0",
+ image: "quay.io/jetstack/cert-manager-cainjector:" + cfg.version,
args: [
"--leader-election-namespace=%s" % [cfg.namespace],
],
@@ -415,7 +416,7 @@
serviceAccountName: env.sas.webhook.metadata.name,
containers_: {
webhook: kube.Container("webhook") {
- image: "quay.io/jetstack/cert-manager-webhook:v0.7.0",
+ image: "quay.io/jetstack/cert-manager-webhook:" + cfg.version,
args: [
"--v=12",
"--secure-port=6443",
@@ -452,7 +453,7 @@
serviceAccountName: env.sas.certmanager.metadata.name,
containers_: {
webhook: kube.Container("cert-manager") {
- image: "quay.io/jetstack/cert-manager-controller:v0.7.0",
+ image: "quay.io/jetstack/cert-manager-controller:" + cfg.version,
args: [
"--cluster-resource-namespace=%s" % [cfg.namespace],
"--leader-election-namespace=%s" % [cfg.namespace],