feat: upgrade to k8s 1.22 and cert-manager 1.54 (#10)

* feat: upgrade to k8s 1.22 and cert-manager 1.54

* feat: add more readme

Author: AtarisMio

README.md

@@ -25,7 +25,7 @@ The name of solver to use is `alidns-solver`. You can create an issuer as below
 ```
 apiVersion: v1
 items:
-- apiVersion: cert-manager.io/v1alpha2
+- apiVersion: cert-manager.io/v1
   kind: Issuer
   metadata:
     name: letsencrypt
@@ -52,12 +52,56 @@ items:
         selector:
           dnsNames:
           - '*.example.com'
+```
 
+Or you can create an ClusterIssuer as below :
 ```
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: contact@example.com
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt
+    solvers:
+    - dns01:
+        webhook:
+            config:
+              accessTokenSecretRef:
+                key: access-token
+                name: alidns-secrets
+              regionId: cn-beijing
+              secretKeySecretRef:
+                key: secret-key
+                name: alidns-secrets
+            groupName: example.com
+            solverName: alidns-solver
+```
+
 See cert-manager documentation for more information : https://cert-manager.io/docs/configuration/acme/dns01/
 
 ### Create the certification
 
+Create an certification using ClusterIssuer as below :
+```
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: example-tls
+spec:
+  secretName: example-com-tls
+  commonName: example.com
+  dnsNames:
+  - example.com
+  - "*.example.com"
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+```
+
 Then create the certificate which will use this issuer : https://cert-manager.io/docs/usage/certificate/
 
 ## Tests

charts/alidns-webhook/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "0.2.0"
 description: Deploys alidns webhook for cert-manager.
 name: alidns-webhook
-version: 0.5.0
+version: 0.6.0

charts/alidns-webhook/templates/apiservice.yaml

@@ -1,4 +1,4 @@
-apiVersion: apiregistration.k8s.io/v1beta1
+apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
   name: v1alpha1.{{ .Values.groupName }}

charts/alidns-webhook/templates/pki.yaml

@@ -1,7 +1,7 @@
 ---
 # Create a selfsigned Issuer, in order to create a root CA certificate for
 # signing webhook serving certificates
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: {{ include "alidns-webhook.selfSignedIssuer" . }}
@@ -17,7 +17,7 @@ spec:
 ---
 
 # Generate a CA Certificate used to sign certificates for the webhook
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ include "alidns-webhook.rootCACertificate" . }}
@@ -38,7 +38,7 @@ spec:
 ---
 
 # Create an Issuer that uses the above generated CA certificate to issue certs
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: {{ include "alidns-webhook.rootCAIssuer" . }}
@@ -55,7 +55,7 @@ spec:
 ---
 
 # Finally, generate a serving certificate for the webhook to use
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ include "alidns-webhook.servingCertificate" . }}

charts/alidns-webhook/templates/rbac.yaml

@@ -51,7 +51,7 @@ subjects:
 # Grant the webhook permission to read the ConfigMap containing the Kubernetes
 # apiserver's requestheader-ca-certificate.
 # This ConfigMap is automatically created by the Kubernetes apiserver.
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ include "alidns-webhook.fullname" . }}:webhook-authentication-reader
@@ -73,7 +73,7 @@ subjects:
 ---
 # apiserver gets the auth-delegator role to delegate auth decisions to
 # the core apiserver
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "alidns-webhook.fullname" . }}:auth-delegator
@@ -93,7 +93,7 @@ subjects:
     namespace: {{ .Release.Namespace }}
 ---
 # Grant cert-manager permission to validate using our apiserver
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ include "alidns-webhook.fullname" . }}:domain-solver
@@ -110,7 +110,7 @@ rules:
     verbs:
       - 'create'
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "alidns-webhook.fullname" . }}:domain-solver