weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,151 Commits 45 Branches 0 Tags 96 MiB
00a20097b6
Commit Graph

7151 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nils Mueller
00a20097b6 Add option to load Vault CA bundle from Kubernetes Secret 
Vault distributions like "Bank Vaults" automatically configure
and provision Vault and provide the CA bundle via a Kubernetes
Secret. Having to hard-code the bundle in the Issuer instead
of dynamically referencing it through the Secret requires
a manual second step when using a GitOps workflow.

Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-15 03:10:51 +03:00
jetstack-bot
6947696b12
Merge pull request #5382 from irbekrm/solver_pod_config 
Document that pod template spec should be used instead of flags
 2022-08-10 12:02:51 +01:00
jetstack-bot
34ea128fd3
Merge pull request #5368 from hawksight/pf/lease 
docs: Correct reference to lease not config map
 2022-08-09 17:04:05 +01:00
jetstack-bot
3440786c03
Merge pull request #5377 from jahrlin/cainjector-flaky-test 
Flaky test: add random suffix to webhooks in CA Injector e2e tests
 2022-08-09 16:26:06 +01:00
irbekrm
584147df37 Document that pod template spec should be used instead of flags 
For configuring ACME HTTP-01 solver pod

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-08-09 15:26:10 +01:00
Joakim Ahrlin
1501449e3e use GenerateName instead 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-08-09 12:41:31 +02:00
jetstack-bot
58b226e06c
Merge pull request #5163 from james-callahan/webhook-dynamic-serving-dns-names 
Webhook dynamic serving dns names
 2022-08-08 13:57:50 +01:00
Joakim Ahrlin
de0f39e553 add random suffix to webhooks in CA Injector e2e tests 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-08-08 12:52:52 +02:00
jetstack-bot
07677c57bc
Merge pull request #5366 from munnerz/privatekey-regen-test 
Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried
 2022-08-05 16:23:30 +01:00
James Munnelly
ddc19a1c57 Fix comment 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-05 15:52:52 +01:00
jetstack-bot
88bda66693
Merge pull request #5345 from inteon/ginkgo_v2 
Upgrade to Ginkgo v2
 2022-08-04 21:06:15 +01:00
Peter Fiddes
9b8d279193
docs: Change values.yaml wording to reference correct resource 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2022-08-04 15:11:32 +01:00
jetstack-bot
f058c815a3
Merge pull request #5364 from inteon/go1.19_fmt 
Apply go fmt for go1.19
 2022-08-04 14:42:14 +01:00
James Munnelly
2de5135e18 Fix test flake 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 14:15:49 +01:00
jetstack-bot
b52d116fa4
Merge pull request #5363 from inteon/gotestsum_junit 
Output junit xml using gotestsum
 2022-08-04 12:46:14 +01:00
James Munnelly
7b4d04cdef bugfix: fix issue where CertificateRequests marked InvalidRequest were not properly marked as Failed 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
e62bfaf367 Add test to check InvalidRequest handling for certificates 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
51014e5752 Add integration test for regenerating private key for each CR upon failure 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
099a52ffe3 integration framework: add StartInformersAndControllers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
11ada1d3d3 rename policyEvaluator->BuildReadyConditionFromChain 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
Tim Ramlot
ba9a6bd5b3 add pruning logic for gotestsum junit xml output 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 11:15:18 +00:00
jetstack-bot
b7c47298a0
Merge pull request #5362 from inteon/simplify_manifest 
Simplify static manifest generation
 2022-08-04 11:25:14 +01:00
Tim Ramlot
a8743628a4 only print Helm install output on error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:21:27 +00:00
Tim Ramlot
501277bb62 bugfix ginkgo: make tests deterministic, don't use maps to define testCases 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:16:29 +00:00
Tim Ramlot
9897f2355c upgrade ginkgo to v2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:16:29 +00:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
jetstack-bot
fda92d7c80
Merge pull request #5358 from SgtCoDFish/checkvulns 
Add Trivy scanning make targets
 2022-08-04 10:27:14 +01:00
Tim Ramlot
aabe2fc5d1 simplify static manifest generation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 06:54:11 +00:00
Tim Ramlot
f6a381d247 replace 'github.com/onsi/ginkgo' with 'github.com/onsi/ginkgo/v2' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-03 15:28:23 +00:00
jetstack-bot
12342d88e5
Merge pull request #5361 from SgtCoDFish/fixcves 
Fix containerd / go-restful CVEs
 2022-08-03 16:17:16 +01:00
Ashley Davis
ea9a46a16a
add trivy scan targets 
These enable scanning of each of our container images on linux/amd64
to check for vulnerabilities. These targets can then be used in CI as
an indicator that we might need to take a look at upgrading dependencies
or base images.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 15:57:28 +01:00
Ashley Davis
2636a638bf
replace go-restful version with patched version 
for details, see the comment on the `replace` directive

see also this slack thread:

https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1659536441504649?thread_ts=1659532155.184479&cid=CDEQJ0Q8M

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 15:33:54 +01:00
Ashley Davis
6985cd5e5a
update containerd dependency to fix CVE 
CVE-2022-31030 and GHSA-5ffw-gxpp-mxpf

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 15:25:05 +01:00
jetstack-bot
0c15857645
Merge pull request #5360 from SgtCoDFish/fixxnet 
Fix `/x/net` and `/x/sys`
 2022-08-03 15:17:16 +01:00
Ashley Davis
01d8994f38
remove replacement for /x/net and update /x/net + /x/sys 
the replaced version had several CVEs as reported by Trivy:

CVE-2021-44716 - golang.org/x/net:
golang: net/http: limit growth of header canonicalization cache

CVE-2021-31525 - golang.org/x/net:
golang: net/http: panic in ReadRequest and ReadResponse when reading a
very large header

CVE-2022-29526 - golang.org/x/sys:
golang: syscall: faccessat checks wrong group

this commit fixes those reported CVEs

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 14:44:06 +01:00
Ashley Davis
e4dca7a930
add go.mod and go.sum as sources 
this will trigger binaries to be rebuilt when go.mod and go.sum change

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 14:24:36 +01:00
jetstack-bot
aeae4b35fc
Merge pull request #5354 from cert-manager/add-inteon-as-maintainer 
add inteon to OWNERS
 2022-08-01 15:28:23 +01:00
Joakim Ahrlin
1f6e3aed92
add inteon to ONWERS 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-08-01 14:12:31 +02:00
jetstack-bot
bdaa653a8a
Merge pull request #5352 from SgtCoDFish/straggler 
Remove straggling BUILD.bazel file
 2022-08-01 10:18:22 +01:00
Ashley Davis
d53689c181
remove straggling BUILD.bazel file 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-01 09:40:58 +01:00
jetstack-bot
e58b47f345
Merge pull request #5340 from SgtCoDFish/byebazel 
Remove bazel 🎉
 2022-07-27 09:13:05 +01:00
jetstack-bot
7084236430
Merge pull request #5339 from JoshVanL/5334-route-53-dont-reject-missing-secret 
Remove incorrect Route53 validation on AccessKeyID and SecretAccessKeyID
 2022-07-26 12:28:12 +01:00
joshvanl
4138aa8986 Add code comment which states that it is valid to use neither an 
AccessKeyID or AccessKeySecretRef

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-26 11:56:13 +01:00
joshvanl
0c60503cc3 In PR https://github.com/cert-manager/cert-manager/pull/5194, we 
introduced a validation whereby an issuer would be rejected if it did
not contain AccessKeyID or SecretAccessKeyID when using the route53 DNS
solver. This is incorrect, since neither should need to be defined when
using AWS ambient credentials.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-26 11:51:16 +01:00
Daniel Quackenbush
54e1da255c remove issue error if role is specified 
Signed-off-by: Dan Quackenbush<25692880+danquack@users.noreply.github.com>
 2022-07-26 11:49:57 +01:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
jetstack-bot
ca9e48c7e3
Merge pull request #5323 from JoshVanL/controllers-certificatesigningrequests-selfsigned-no-fail-missing-secret 
[SelfSigned] CertificateSigningRequest: don't mark failed when referenced Secret doesn't exist
 2022-07-21 15:58:56 +01:00
jetstack-bot
a9c1e6aea7
Merge pull request #5329 from JoshVanL/test-flake-controllers-certificates-issuing-internal-manypasswordslengths 
Test Flake: TestManyPasswordLengths: pre-create password test cases outside of concurrent tests
 2022-07-21 10:21:39 +01:00
jetstack-bot
fca26af20c
Merge pull request #5325 from JoshVanL/test-e2e-flake-certificate-request-approval 
E2E test flakes: CertificateRequest Approval
 2022-07-21 09:36:40 +01:00
joshvanl
91e0a5ceca TestManyPasswordLengths: pre-create password test cases outside of 
concurrent tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-21 09:30:28 +01:00