Add minimal cert-manager addon

docs/cluster_spec.md

@@ -692,6 +692,21 @@ spec:
 
 Read more about cluster autoscaler in the [official documentation](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler).
 
+## Cert-manager
+{{ kops_feature_table(kops_added_default='1.20', k8s_min='1.16') }}
+
+Cert-manager handles x509 certificates for your cluster.
+
+```yaml
+spec:
+  certManager:
+    enabled: true
+```
+
+**Warning: cert-manager only supports one installation per cluster. If you are already running cert-manager, you need to remove this installation prior to enabling this addon. As long as you are using v1 versions of the cert-manager resources, it is safe to remove existing installs and replace it with this addon**
+
+Read more about cert-managre in the [official documentation](https://cert-manager.io/docs/)
+
 ###  Feature Gates
 
 Feature gates can be configured on the kubelet.

k8s/crds/kops.k8s.io_clusters.yaml

@@ -167,6 +167,13 @@ spec:
                   rbac:
                     type: object
                 type: object
+              certManager:
+                description: CertManager determines the metrics server configuration.
+                properties:
+                  enabled:
+                    description: 'Enabled enables the cert manager. Default: false'
+                    type: boolean
+                type: object
               channel:
                 description: The Channel we are following
                 type: string
@@ -2132,7 +2139,7 @@ spec:
                 description: MasterPublicName is the external DNS name for the master nodes
                 type: string
               metricsServer:
-                description: MetricsServerConfig determines the metrics server configuration.
+                description: MetricsServer determines the metrics server configuration.
                 properties:
                   enabled:
                     description: 'Enabled enables the metrics server. Default: false'
@@ -2738,7 +2745,7 @@ spec:
                   type: string
                 type: array
               nodeTerminationHandler:
-                description: NodeTerminationHandlerConfig determines the cluster autoscaler configuration.
+                description: NodeTerminationHandler determines the cluster autoscaler configuration.
                 properties:
                   enableScheduledEventDraining:
                     description: 'EnableScheduledEventDraining makes node termination handler drain nodes before the maintenance window starts for an EC2 instance scheduled event. Default: false'

pkg/apis/kops/cluster.go

@@ -158,10 +158,12 @@ type ClusterSpec struct {
 	CloudConfig                    *CloudConfiguration           `json:"cloudConfig,omitempty"`
 	ExternalDNS                    *ExternalDNSConfig            `json:"externalDns,omitempty"`
 
-	// NodeTerminationHandlerConfig determines the cluster autoscaler configuration.
+	// NodeTerminationHandler determines the cluster autoscaler configuration.
 	NodeTerminationHandler *NodeTerminationHandlerConfig `json:"nodeTerminationHandler,omitempty"`
-	// MetricsServerConfig determines the metrics server configuration.
+	// MetricsServer determines the metrics server configuration.
 	MetricsServer *MetricsServerConfig `json:"metricsServer,omitempty"`
+	// CertManager determines the metrics server configuration.
+	CertManager *CertManagerConfig `json:"certManager,omitempty"`
 
 	// Networking configuration
 	Networking *NetworkingSpec `json:"networking,omitempty"`

pkg/apis/kops/componentconfig.go

@@ -830,6 +830,13 @@ type MetricsServerConfig struct {
 	Image *string `json:"image,omitempty"`
 }
 
+// CertManagerConfig determines the cert manager configuration.
+type CertManagerConfig struct {
+	// Enabled enables the cert manager.
+	// Default: false
+	Enabled *bool `json:"enabled,omitempty"`
+}
+
 // HasAdmissionController checks if a specific admission controller is enabled
 func (c *KubeAPIServerConfig) HasAdmissionController(name string) bool {
 	for _, x := range c.AdmissionControl {

pkg/apis/kops/v1alpha2/cluster.go

@@ -157,10 +157,12 @@ type ClusterSpec struct {
 	CloudConfig                    *CloudConfiguration           `json:"cloudConfig,omitempty"`
 	ExternalDNS                    *ExternalDNSConfig            `json:"externalDns,omitempty"`
 
-	// NodeTerminationHandlerConfig determines the cluster autoscaler configuration.
+	// NodeTerminationHandler determines the cluster autoscaler configuration.
 	NodeTerminationHandler *NodeTerminationHandlerConfig `json:"nodeTerminationHandler,omitempty"`
-	// MetricsServerConfig determines the metrics server configuration.
+	// MetricsServer determines the metrics server configuration.
 	MetricsServer *MetricsServerConfig `json:"metricsServer,omitempty"`
+	// CertManager determines the metrics server configuration.
+	CertManager *CertManagerConfig `json:"certManager,omitempty"`
 
 	// Networking configuration
 	Networking *NetworkingSpec `json:"networking,omitempty"`

pkg/apis/kops/v1alpha2/componentconfig.go

@@ -831,6 +831,13 @@ type MetricsServerConfig struct {
 	Image *string `json:"image,omitempty"`
 }
 
+// CertManagerConfig determines the cert manager configuration.
+type CertManagerConfig struct {
+	// Enabled enables the cert manager.
+	// Default: false
+	Enabled *bool `json:"enabled,omitempty"`
+}
+
 // HasAdmissionController checks if a specific admission controller is enabled
 func (c *KubeAPIServerConfig) HasAdmissionController(name string) bool {
 	for _, x := range c.AdmissionControl {