cert-manager

Author	SHA1	Message	Date
irbekrm	09d8cb9cf8	Adds some more test cases Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-23 09:20:21 +00:00
irbekrm	661abb133f	Set CSR as failed if annotation duration is not a valid time Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 18:04:21 +00:00
irbekrm	d384aef754	Enforce minimum value of experimental.cert-manager.io/request-duration to 600s To ensure compatibility with CSR's spec.expirationSeconds Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 18:04:21 +00:00
jetstack-bot	0631806082	Merge pull request #4974 from irbekrm/fix_csr_events Use client-go scheme with core types added as event recorder scheme	2022-03-22 17:49:51 +00:00
irbekrm	a5ed48a324	Adds a unit test for certificatesigningrequests sync function Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 15:09:33 +00:00
jetstack-bot	dc24503939	Merge pull request #4958 from irbekrm/tsig_provider Use our own implementation of miekg/dns.TsigProvider interface	2022-03-22 12:18:51 +00:00
jetstack-bot	be15ce2279	Merge pull request #4953 from ajvn/feature/allow-privilege-escalation update: Setting allowPrivilegeEscalation to false	2022-03-22 11:01:47 +00:00
jetstack-bot	0c454ea72e	Merge pull request #4758 from JoshVanL/design-server-side-apply Design Server Side Apply	2022-03-22 10:14:46 +00:00
irbekrm	cec0a6cde8	Use client-go scheme with core types added as event recorder scheme Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 09:47:46 +00:00
jetstack-bot	cbf6d8720d	Merge pull request #4971 from SgtCoDFish/metabuilder Add a build source indicator to metadata	2022-03-22 06:54:46 +00:00
Ashley Davis	5d17ec5d2d	add a build source indicator to metadata This makes it easier to tell when a build was made by the makefile workflow and therefore to adjust `cmrel publish` to adapt to changes Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-03-21 21:37:03 +00:00
jetstack-bot	ca32961253	Merge pull request #4772 from irbekrm/exp_backoff Exponential backoff for retrying failed certificate issuances	2022-03-21 20:31:23 +00:00
jetstack-bot	59b593b9a3	Merge pull request #4957 from enj/enj/f/exp_sec Use Kubernetes CSR spec.expirationSeconds to express cert duration	2022-03-21 19:38:23 +00:00
Ivan	5c857d3737	update: Setting allowPrivilegeEscalation to false for controller, cainjector, webhook containers and for startupapicheck job Signed-off-by: Ivan <ivans@vaskir.co>	2022-03-21 17:17:28 +01:00
Monis Khan	2a33c7a5c2	Use Kubernetes CSR spec.expirationSeconds to express cert duration This change adds the ability to express certificate duration using the Kubernetes CSR spec.expirationSeconds field alongside the existing approach of using the experimental.cert-manager.io/request-duration annotation. Both approaches are supported as the expirationSeconds field requires Kubernetes v1.22+. Signed-off-by: Monis Khan <mok@vmware.com>	2022-03-21 09:40:32 -04:00
jetstack-bot	068c5f0870	Merge pull request #4955 from andreadecorte/4954 Add permissions to update certificates/status to allow namespace admins to renew manually a Certificate	2022-03-21 12:09:23 +00:00
Andrea Decorte	f6d8c4fb5b	Add permissions to update certificates/status to allow namespace admins to renew manually a Certificate. Fixes #4954 Signed-off-by: Andrea Decorte <adecorte@gmail.com>	2022-03-21 12:08:11 +01:00
jetstack-bot	3266d13578	Merge pull request #4937 from illrill/feature/optional-rbac-aggregation Make aggregation to user-facing ClusterRoles optional	2022-03-21 09:00:23 +00:00
irbekrm	dbad3d98f3	Rename issuanceAttempts -> failedIssuanceAttempts In an attempt to convey the meaning of the field better Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	4c901aefab	Code review comments Adds test conditions to certs via patch API call instead of update to avoid conflicts Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	8e81e01932	Adds an integration test for exponential backoff Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	739c3298e8	Trigger controller backs off from issuance with an exponential backoff Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	9824ab0949	certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed This field tracks the number of continuous failures and is used to implement exponential backoff Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	affb5e86ef	Adds IssuanceAttempts field to Certificate's status Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	2722e635dd	Code review comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:09:29 +00:00
irbekrm	5c241ec9ef	Adds a basic unit test Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:09:29 +00:00
irbekrm	0b754489d2	Cleanup of the adopted code Don't swallow an error, don't use naked return Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:09:29 +00:00
irbekrm	3a21f961ca	Use our own implementation of github.com/miekg/dns.TsigProvider interface To allow us to both upgrade the upstream library and keep supporting HMACMD5 as RFC2136 TSIG algorithm although it was deprecated in the upstream library Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:09:29 +00:00
jetstack-bot	c0da0894ba	Merge pull request #4961 from SgtCoDFish/phonyitin Tweak release targets	2022-03-18 21:40:23 +00:00
Ashley Davis	a2a5f3f564	clear up the release target a little, ensure all things are built Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-03-18 16:24:20 +00:00
Ashley Davis	e3c3939113	some small QoL tweaks in makefiles Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-03-18 16:14:46 +00:00
Ashley Davis	968aeed6d7	fix phony names for some targets Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-03-18 14:45:50 +00:00
jetstack-bot	49e2b5afbe	Merge pull request #4942 from irbekrm/bump_deps Bumps dependencies	2022-03-18 10:46:20 +00:00
irbekrm	587e02cee9	Replaces dns v0.41 -> v0.34 This is so as to avoid dropping support for HMacMD5 value for issuer.spec.acme.solvers.dns01.rfc2136.tsigAlgorithm Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-17 20:14:55 +00:00
irbekrm	ad746fae10	Bumps a bunch of deps Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-17 20:14:55 +00:00
Ivan	d397aa5462	update: Setting allowPrivilegeEscalation to false Signed-off-by: Ivan <ivans@vaskir.co>	2022-03-17 11:05:46 +01:00
jetstack-bot	af47ae4e5b	Merge pull request #4914 from maelvls/install.mk Make: move the end-to-end tests from Bazel to Make with the new commands "make e2e-setup" and "make e2e"	2022-03-17 09:00:35 +00:00
Maël Valais	d30f47293d	make: warn people about e2e-setup-traefik and e2e-setup-haproxyingress These two targets are not used by our end-to-end tests meaning that they may either be broken or removed in the future. Signed-off-by: Maël Valais <mael@vls.dev>	2022-03-16 17:51:44 +01:00
Joakim Ahrlin	ff2d82f381	make: e2e-setup-haproxyingress: add haproxyingress arm64 image Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>	2022-03-16 17:51:27 +01:00
jetstack-bot	a3d9c172fb	Merge pull request #4946 from erikgb/doc/helm-feature-gate docs: improve featureGates Helm chart value documentation	2022-03-16 16:48:35 +00:00
jetstack-bot	be9f2aeafa	Merge pull request #4925 from maelvls/fix-another-flakiness Retry on conflict for the end-to-end test "CA Injector for api services should update data when the certificate changes"	2022-03-16 14:12:35 +00:00
jetstack-bot	d60a5cf7d6	Merge pull request #4924 from maelvls/fix-flakiness Retry on conflict for the end-to-end test "added an additional dnsName"	2022-03-16 13:36:35 +00:00
Maël Valais	56888639fd	make: e2e-setup-traefik: fix dditionalArguments -> additionalArguments Signed-off-by: Maël Valais <mael@vls.dev>	2022-03-16 14:06:55 +01:00
Maël Valais	9c8cf7564b	docs: suggest -j8 instead of -j to avoid fork bombs Signed-off-by: Maël Valais <mael@vls.dev>	2022-03-16 14:05:07 +01:00
Maël Valais	3ed6ba3621	docs: mention direnv with export PATH=bin/tools Signed-off-by: Maël Valais <mael@vls.dev>	2022-03-16 14:03:38 +01:00
Maël Valais	3f8f12a7af	make: remove comments I re-added when moving release_containers.mk to release.mk Signed-off-by: Maël Valais <mael@vls.dev>	2022-03-16 13:53:42 +01:00
Maël Valais	82190e7656	make: e2e-setup: pebble can now be built on M1 macs Signed-off-by: Maël Valais <mael@vls.dev>	2022-03-16 13:30:21 +01:00
Erik Godding Boye	94d1149760	docs: improve featureGates Helm chart value documentation Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2022-03-15 21:28:46 +01:00
jetstack-bot	8179f68050	Merge pull request #4932 from 4molybdenum2/service-account-labels-helm support serviceAccount.Labels in Helm chart	2022-03-15 17:44:50 +00:00
Maël Valais	0df0a2cf21	make: e2e-ci: export ARTIFACTS so that it goes to make/e2e.sh Signed-off-by: Maël Valais <mael@vls.dev>	2022-03-15 17:04:25 +01:00

1 2 3 4 5 ...

6748 Commits