weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,027 Commits 45 Branches 0 Tags 96 MiB
02590d262d
Commit Graph

258 Commits

Author SHA1 Message Date
jetstack-bot
798116152c
Merge pull request #6302 from inteon/update_api_comments 
Review Certificate and CertificateRequest API comments
 2023-09-01 12:38:39 +02:00
Tim Ramlot
b98043f6b8
apply review suggestions 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 12:20:00 +02:00
Tim Ramlot
7c2b4adee7
Rewrite comments in cert-manager API 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 12:19:35 +02:00
jetstack-bot
3216d18f84
Merge pull request #6298 from inteon/feature_gates 
Feature gates: promote StableCertificateRequestName and SecretsFilteredCaching to Beta
 2023-08-30 19:25:45 +02:00
Tim Ramlot
b5dc93c6e3
make myself the owner of StableCertificateRequestName, meaning I will continue developing this feature to GA 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-30 18:36:42 +02:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
882b771f55
promote StableCertificateRequestName and SecretsFilteredCaching to Beta 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 21:32:08 +02:00
Tim Ramlot
c70d9aba08
Rename DontAllowInsecureCSRUsageDefinition feature flag to DisallowInsecureCSRUsageDefinition and make it a Beta flag. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 15:18:14 +02:00
Tim Ramlot
1795c1985f
more clearly indicate that the example is a template 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 14:38:24 +02:00
Tim Ramlot
f158e1dfac
cleanup featuregate comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 09:36:47 +02:00
Tim Ramlot
80a3923fd2
use logsapi.LoggingConfiguration instead of logs.Options 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-17 12:51:19 +02:00
Tim Ramlot
31b5ed6620
Make webhook Logging options configurable using configfile. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-17 12:00:50 +02:00
Tim Ramlot
e8b5b2e354
Fix bug in ControllerConfiguration's defaulting of logging config, where config would not be correctly defaulted in case a partial logging configuration is provided. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-17 11:19:16 +02:00
Tim Ramlot
db1fcdabb1
add comment explaining port 0 behavior 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-16 11:08:36 +02:00
Tim Ramlot
b19d11d267
change the types of ports in the WebhookConfiguration: 
internal: *int -> int32
public: *int -> *int32

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-15 20:53:58 +02:00
guiyong.ou
3d76c20f51 cleanup: some redundant code clean up 
Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>
 2023-08-14 17:36:25 +08:00
jetstack-bot
9d618a17fb
Merge pull request #6242 from inteon/restructure_controller_configfile 
Restructure the controller configfile
 2023-08-10 15:37:09 +02:00
Tim Ramlot
f50167ce31
restructure the controller configfile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-10 11:30:33 +02:00
Tim Ramlot
ae287461d0
prepare cmctl improvements 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-01 10:32:35 +02:00
Cody W. Eilar
282a6d58a9 Preserve internal types 
- Needed to add custom conversion functions to handle conversions from
  public facing types to internal ones.

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
Cody W. Eilar
6212b63e51 Address the non-optional values in internal config 
- This  commit changes the internal config to have fewer number of
  optional parameters.  It changes the types to match the ones that are
  already present in https://github.com/kubernetes/apimachinery/blob/master/pkg/apis/meta/v1/conversion.go
  so that custom converters do not have to be written for types "int"
  and "float32".

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
jetstack-bot
9de9809ac5
Merge pull request #6108 from inteon/ctl_logging 
Use logging library with json support in cmctl (part 1)
 2023-07-27 17:54:51 +02:00
Tim Ramlot
36ddf19e2e
improve Trigger, Readiness and PostIssuance Policy chains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:42:19 +02:00
Tim Ramlot
4d7f6281d0
use pki validation code for CSR validation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-10 12:48:12 +02:00
jetstack-bot
843deed22f
Merge pull request #6199 from inteon/add_validation_to_pki 
Add validation to pki CertificateTemplate functions
 2023-07-07 09:32:14 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
jetstack-bot
914944c020
Merge pull request #6176 from inteon/reconcile_managed_annotations_and_labels 
Reconcile when managed annotations/ labels are out-of-sync
 2023-07-04 11:55:29 +02:00
Tim Ramlot
bfa61c7804
add comments explaining what the label and annotation checks do 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:28 +02:00
Tim Ramlot
c16a34e0b1
use .Delete() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:24 +02:00
Tim Ramlot
1649730a0d
Update internal/controller/certificates/policies/checks.go 
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 12:54:20 +01:00
Tim Ramlot
2f56c3c89a
add DontAllowInsecureCSRUsageDefinition feature gate to disable the strict CSR validation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-28 11:11:32 +02:00
Tim Ramlot
63387015d0
make CertificateRequest webhook validation more strict (the Usages array should always be the source of truth) 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-26 10:08:13 +02:00
Tim Ramlot
a9339849e5
improve label and annotation checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 17:05:42 +02:00
Tim Ramlot
229f99c197
update testcase based on feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 09:14:38 +02:00
Tim Ramlot
19377b43b1
fix feedback from @wallrj 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-21 15:31:20 +02:00
Tim Ramlot
d310d8597c
improve comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-20 16:48:56 +02:00
Tim Ramlot
22440e8710
add SecretPublicKeysDiffersFromCurrentCertificateRequest check 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-20 16:48:50 +02:00
Tim Ramlot
9c9e833c5a
add TODO comment that explains that we don't understand the reason for the current behaviour 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 14:51:07 +02:00
Tim Ramlot
3aa7b82e43
Update internal/controller/certificates/policies/checks.go 
Co-authored-by: EDDIE-DAV <136573637+EDDIE-DAV@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 10:19:52 +01:00
Tim Ramlot
8ddf016b00
fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-13 16:54:32 +02:00
cui fliter
4723347260 fix function name in comments 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2023-06-07 17:17:07 +08:00
Tim Ramlot
3490a005b1
prepare cmctl libraries to support logging 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-30 18:35:45 +02:00
jetstack-bot
c5e6bf39d6
Merge pull request #6054 from inteon/correct_versions 
Use Version 3 for *x509.Certificate
 2023-05-26 13:57:32 +01:00
irbekrm
8a34cbc0a0 Adds some warnings for folks to not import feature gates into shared code 
Really we should restructure this to remove the possibility of accidentally overwriting other component's feature gates

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:02:55 +01:00
Tim Ramlot
e7530880ce
use Version 3 for all Certificates and Version 0 for all CertificateRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:21:55 +02:00
Tim Ramlot
0cf0f80b40
switch to non-deprecated functions in source code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
jetstack-bot
a64088792d
Merge pull request #5991 from inteon/pr/JoshVanL/4810 
Server Side Apply: Adds support for CA Injector controller
 2023-05-05 14:21:07 +01:00
jetstack-bot
5035dda25e
Merge pull request #6006 from vidarno/cache-private-key-hash-on-issuer-status 
Cache private key hash on issuer status
 2023-05-05 08:05:07 +01:00
Tim Ramlot
bce882b477
use cainjector feature flags 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-03 19:52:13 +02:00