cert-manager

Author	SHA1	Message	Date
Tim Ramlot	0cf0f80b40	switch to non-deprecated functions in source code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
Tim Ramlot	e08a13496d	replace deprecated wait.PollUntil() and wait.Poll() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-09 17:47:53 +02:00
Tim Ramlot	dc12a5d0a0	revert setting flags for logging tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Tim Ramlot	5091a3bff4	use same logging flags for every cli and simplify flag logic Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Michael Malov	99e23d5e93	Add support for json logging format Signed-off-by: Michael Malov <14035243+malovme@users.noreply.github.com>	2023-05-05 18:01:16 +02:00
irbekrm	3d1134a975	Update cainjector inejctable setup To work with latest controller runtime Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-05 16:32:25 +01:00
Luca Comellini	df6ec95cd1	Update OnAdd Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-05-05 16:32:25 +01:00
Tim Ramlot	a3dbd22752	only apply patch if patch is != nil Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 15:01:57 +02:00
Tim Ramlot	bce882b477	use cainjector feature flags Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-03 19:52:13 +02:00
Tim Ramlot	4d81f1877a	resolve feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-03 11:18:10 +02:00
Tim Ramlot	927cef3c22	switch to SSA for cainjector Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-26 17:04:11 +02:00
irbekrm	300fe72ff0	Code review Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 13:45:06 +01:00
irbekrm	0d1d66d900	Fixes tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 06:20:58 +01:00
irbekrm	3d82e94789	Ensures metadata only is cached for pods and services Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 06:20:58 +01:00
jetstack-bot	bfa7eaaf0d	Merge pull request #5766 from irbekrm/cainjector_limit_controllers Cainjector limit controllers	2023-04-18 11:14:21 +01:00
jetstack-bot	50501d2f64	Merge pull request #5824 from irbekrm/controller_partial_metadata Controller partial metadata	2023-04-06 15:38:02 +01:00
irbekrm	7e6f2be820	Fixes goimports Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:29:41 +01:00
irbekrm	8217ff8714	Adds some extra unit tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	dba18119aa	Ensures that key for an ACME challenge is only retrieved from the ACME server once Thus reducing the number of HTTP01ChallengeResponse/DNS01ChallengeResponse calls Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	202d75ffe6	Updates code comment Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	0964d6d03d	Removes extra GET calls for ACME order resource In cases where a synced Order does not require any processing from this controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	de34694516	Makes some updates to CertificateRequests design The design is out of date in general though Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-27 09:57:44 +01:00
irbekrm	6e294ae359	Certificate-requests controller does not process invalid certificaterequests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-24 15:38:34 +00:00
irbekrm	f5ea958317	Issuing controller fails issuances for denied/invalid CRs This is not necessarily a breaking change as this appears to have been the current behaviour in most cases due to the race condition that this commit fixes Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-24 15:37:57 +00:00
irbekrm	26563feae1	remove invalid check GVK cannot be reliably checked here, see TODO, this is not expected to cause issues Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	c3bd14ead7	Uses the filtered informer factory if the SecretsFilteredCaching feature is enabled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	7d592a8270	Swap upstream core informers factory with out wrapper This does not actually change how the informers work. This also adds a partial metadata client to root context Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	a7e2abe5fa	Allows secrets event handler predicate to accept partial metadata This will only be needed by the SecretsFilteredCaching feature, but I cannot think of any harm by adding it to general path Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	5d7614ddd4	Passes controller context into all NewController funcs Instead of individual arguments. For readability and consistency. Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Avi Sharma	a62f92e33d	Add testcases for foreground deletion sync Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:53 +05:30
Avi Sharma	e5d9745078	Skip syncing resources deleted via foreground cascading Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:28 +05:30
Maël Valais	76eef68730	serviceAccountRef: the vault issuer can now use bound SA tokens Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-06 18:28:49 +01:00
irbekrm	56cf4dfd3c	Allows to modify configured injectable kinds for cainjector via flags Also changes name of --watch-certs flag to --enable-certificate-data-source Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	0c64cebfc5	Rename injector.go -> injectables.go To reduce the variations of naming Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	767aa39ddb	Simplify injectable logic Reduce the amount of interfaces enclosing the injectable instance from 3 to 1. Also some minor renaming and comments cleanup Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	3e58a442b7	Cleanup reconciler logic Make the file structure and struct naming more intuitive, add some comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	74b258c3be	Code review feedback Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 08:53:27 +00:00
irbekrm	7e4dea1c2e	Clarify the error message when secret annotation is missing namespace prefix Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 11:12:31 +00:00
irbekrm	24040c4989	Ensure that updates to injectables are caught Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 10:49:56 +00:00
irbekrm	a174f0faa4	Filter injectables that trigger reconciles Only trigger reconciles for events on injectable types that are annotated, not random unrelated resources Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-30 11:27:15 +00:00
irbekrm	7a5c71a1ed	Cleanup, better comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-30 11:26:07 +00:00
jetstack-bot	9f7a4053ab	Merge pull request #5746 from irbekrm/cainjector_remove_duplicate_cache Remove the double cache mechanism for cainjector	2023-01-25 15:05:57 +00:00
irbekrm	3aba8ed32d	Makes cainjector Certificate watch optional Configurable via a flag, true by default Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-24 13:52:45 +00:00
irbekrm	4776597cb4	Remove the double cache mechanism for cainjector Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-23 17:38:46 +00:00
Tim Ramlot	191e7ca305	add (deprecated) stub functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:26:37 +01:00
Tim Ramlot	23de5240e9	move utility functions to reduce fragmentation and rename functions for consistency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:19:39 +01:00
jetstack-bot	1038ca4494	Merge pull request #4502 from ctrought/master support subject and email annotations for ingress/gateway	2023-01-20 14:35:37 +00:00
ctrought	575e3155c2	fix: goimports Signed-off-by: ctrought <k8s@trought.ca>	2023-01-19 14:57:10 -05:00
jetstack-bot	aa7fe1130c	Merge pull request #5660 from irbekrm/certificate_labels Ensures that certificate.spec.secretName and temporary private key Secrets are labelled	2023-01-09 10:57:30 +00:00
irbekrm	5e8fd7dc41	Policy check ensures that cert.sepc.secretName secret gets labelled Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:31:31 +00:00

1 2 3 4 5 ...

1367 Commits