Merge pull request #1999 from cert-manager/revert-1996-merge-master-into-release-next

Revert "[release-next] Merge master into release-next"

Author: cert-manager-prow[bot]

.spelling

@@ -594,11 +594,8 @@ v1.18.0.
 v1.19
 v1.19.0
 v1.19.1
-v1.20.0
 v1.19.2
-v1.20.0
 alpha.0
-beta.0
 v1.4.1
 v1.5
 v1.5.0
@@ -864,9 +861,6 @@ example.org
 experimental.cert
 http01-edit-in-place
 http01-ingress-class
-http01-ingress-ingressclassname
-http01-parentrefkind
-http01-parentrefname
 ingress.class
 ip-sans
 kubernetes.io

content/docs/configuration/acme/http01/README.md

@@ -69,9 +69,6 @@ controllers support `ingressClassName`, with the notable exception of
 ingress-gce (as per the page [Configure Ingress for external load
 balancing](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress)).
 
-> You can override the `ingressClassName` on a per-Ingress basis using the
-[`acme.cert-manager.io/http01-ingress-ingressclassname`](https://cert-manager.io/docs/reference/annotations/#acmecert-manageriohttp01-ingress-ingressclassname) annotation.
-
 ### `class`
 
 If the `class` field is specified, a new Ingress resource with a randomly
@@ -82,9 +79,6 @@ value set to the value of the `class` field.
 This field is only recommended with ingress-gce. ingress-gce [doesn't support the
 `ingressClassName` field](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress).
 
-> You can override the `class` on a per-Ingress basis using the
-[`acme.cert-manager.io/http01-ingress-class`](https://cert-manager.io/docs/reference/annotations/#acmecert-manageriohttp01-ingress-class) annotation.
-
 ### `name`
 
 If the `name` field is specified, cert-manager will edit the named

content/docs/configuration/venafi.md

@@ -304,45 +304,3 @@ metadata:
       ]
 ...
 ```
-
-### Issuer Custom Fields
-
-Starting `v1.20`, you can use `venafi.cert-manager.io/custom-fields` annotation on an `Issuer` or `ClusterIssuer` resource.
-This configuration would be applied to all Certificate requests created from `Issuer`.
-
-It is possible to override or append custom configuration to `Certificate` resources via the `Issuer` assigned to it. 
-For example with an `Issuer` such as:
-
-```yaml
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: corp-issuer
-  annotations:
-    venafi.cert-manager.io/custom-fields: |-
-      [
-        {"name": "Environemnt", "value": "Dev"},
-      ]
-```
-
-and a `Certificate` resource:
-
-```yaml
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: example-com-certificate
-  annotations:
-    venafi.cert-manager.io/custom-fields: |-
-      [
-        {"name": "Team", "value": "amber"},
-      ]
-...
-```
-
-Final configuration will be:
-
-```json
-{"name": "Environemnt", "value": "Dev"},
-{"name": "Team", "value": "amber"}
-```

content/docs/installation/best-practice.md

@@ -47,44 +47,6 @@ Or you may prefer to use the custom resources provided by your CNI software.
 > 📖 Learn about the [Kubernetes builtin NetworkPolicy API](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
 > and see [some example policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/#default-policies).
 
-The cert-manager Helm chart allows you to create a `NetworkPolicy` resource for
-each `Deployment`.
-
-By default, it allows inbound traffic to all the listening ports of each component.
-And by default, it allows outbound traffic to:
-- TCP port 443: For connections to the Kubernetes API server and other
-  in-cluster and external HTTPS API servers.
-- TCP port 6443: For connections to the Kubernetes API server on OpenShift.
-- TCP and UDP port 53: To resolve DNS names using the in-cluster DNS and
-  external DNS servers when using DNS01.
-- TCP port 80: So that the controller can perform ACME HTTP01 self-checks before
-  accepting the ACME server challenge.
-
-These are over-permissive defaults to provide a good installation experience.
-
-You should customize the `ingress` and `egress` rules to restrict the inbound
-and outbound traffic to allow only those connections which are necessary for
-your cert-manager configuration.
-
-Example Helm values:
-
-```yaml
-# helm-values.yaml
-networkPolicy:
-  enabled: true
-
-webhook:
-  networkPolicy:
-    enabled: true
-
-cainjector:
-  networkPolicy:
-    enabled: true
-```
-
-There are examples of extended egress rules in the example Helm chart values
-file at the end of this document.
-
 ### Network Requirements
 
 Here is an overview of the network requirements:

content/docs/manifest.json

@@ -21,16 +21,8 @@
               "path": "/docs/releases/README.md"
             },
             {
-              "title": "1.20",
-              "path": "/docs/releases/release-notes/release-notes-1.20.md"
-            },
-            {
-                "title": "Upgrade 1.19 to 1.20",
-                "path": "/docs/releases/upgrading/upgrading-1.19-1.20.md"
-            },
-            {
-                "title": "1.19",
-                "path": "/docs/releases/release-notes/release-notes-1.19.md"
+              "title": "1.19",
+              "path": "/docs/releases/release-notes/release-notes-1.19.md"
             },
             {
                 "title": "Upgrade 1.18 to 1.19",

content/docs/reference/annotations.md

@@ -27,43 +27,12 @@ This is useful for keeping compatibility with the `ingress-gce` component.
 ## acme.cert-manager.io/http01-ingress-class
 - [Ingress](../usage/ingress.md)
 
-Allows the `kubernetes.io/ingress.class` annotation to be configured.
-Customizing this is useful when you are trying
-to secure internal services, and need to solve challenges using a different ingress class
-to that of the ingress. If not specified and the `acme-http01-edit-in-place` annotation is
-not set, this defaults to the `http01.ingress.class` defined in the Issuer resource.
-
-## acme.cert-manager.io/http01-ingress-ingressclassname
-
-- [Ingress](../usage/ingress.md)
-
-Allows the Ingress's `spec.ingressClassName` to be configured.
-Customizing this is useful when you are trying
-to secure internal services, and need to solve challenges using a different ingress class
-to that of the ingress. If not specified and the `acme-http01-edit-in-place` annotation is
-not set, this defaults to the `http01.ingress.ingressClassName` defined in the Issuer resource.
-
-## acme.cert-manager.io/http01-parentrefkind
-
-- [Certificate](../usage/certificate.md)
-
-This annotation is automatically added by cert-manager to Certificate resources
-when they are created from a [Gateway](../usage/gateway.md) or
-[ListenerSet](../usage/gateway.md#listenerset) resource. It stores the kind of
-the parent resource (either `Gateway` or `ListenerSet`) that triggered the
-creation of the Certificate. This is used internally by the ACME HTTP-01 solver
-to know where to attach the temporary HTTPRoute for the challenge.
-
-## acme.cert-manager.io/http01-parentrefname
-
-- [Certificate](../usage/certificate.md)
-
-This annotation is automatically added by cert-manager to Certificate resources
-when they are created from a [Gateway](../usage/gateway.md) or
-[ListenerSet](../usage/gateway.md#listenerset) resource. It stores the name of
-the parent resource that triggered the creation of the Certificate. This is used
-internally by the ACME HTTP-01 solver to know where to attach the temporary
-HTTPRoute for the challenge.
+this annotation allows you to configure the ingress class that will be used to
+solve challenges for this ingress. Customizing this is useful when you are
+trying to secure internal services, and need to solve challenges using a
+different ingress class to that of the ingress. If not specified and the
+`acme-http01-edit-in-place` annotation is not set, this defaults to the ingress
+class defined in the Issuer resource.
 
 ## cert-manager.io/allow-direct-injection
 - `Secret`

content/docs/releases/README.md

@@ -332,7 +332,7 @@ NB: cert-manager 1.12 was a public Long Term Support (LTS) release sponsored by
 
 [s]: #kubernetes-supported-versions
 [test]: #supported-vs-tested
-[1.20]: ./release-notes/release-notes-1.20.md
+[1.20]: https://github.com/cert-manager/cert-manager/milestone/42
 [1.19]: ./release-notes/release-notes-1.19.md
 [1.18]: ./release-notes/release-notes-1.18.md
 [1.17]: ./release-notes/release-notes-1.17.md