weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,801 Commits 45 Branches 0 Tags 96 MiB
0d93b93fc5
Commit Graph

5801 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jake Sanders
0d93b93fc5
Feature: Support both v1 and v1beta1 ingresses. 
Kubernetes is removing support for the v1beta1 Ingress type in 1.22: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/#api-changes
However, we still wish to support k8s v1.16 until mid 2022 when Openshift 3 becomes out of support.

cert-manager will now use v1 Ingress if available by using the discovery API.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:42 +01:00
jetstack-bot
da702acb58
Merge pull request #3646 from JoshVanL/design-certificates.k8s.io-adoption 
DESIGN: certificates.k8s.io Adoption
 2021-07-26 17:14:13 +01:00
jetstack-bot
f278903c4e
Merge pull request #4239 from inteon/fix_flakes 
Resolve test flakes "the object has been modified"
 2021-07-26 14:47:12 +01:00
joshvanl
696356b702 Update certificates.k8s.io-adoption design to include changes which have 
been implemented

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 14:20:18 +01:00
jetstack-bot
ceb9fdf6ac
Merge pull request #4231 from maelvls/fix-concurrent-read-write 
Data race: fix concurrent read and write of secret annotations and certificaterequests
 2021-07-26 13:34:12 +01:00
joshvanl
68a065e34f Updates from meeting 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 13:29:50 +01:00
joshvanl
eeef422165 Adds some minor spelling and grammar 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 13:29:50 +01:00
joshvanl
52a2ae599d Updates the design proposal from team discussions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 13:29:50 +01:00
joshvanl
686a33ca74 Add a section as to _why_ I am proposing this approach 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 13:29:49 +01:00
joshvanl
5f98ba69f4 Adds certificates.k8s.io Adoptions Design Document 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 13:29:49 +01:00
jetstack-bot
218408a741
Merge pull request #4112 from JoshVanL/certificate-signing-request=acme 
CertificateSigningRequest ACME Controller
 2021-07-26 11:51:12 +01:00
jetstack-bot
1021b58286
Merge pull request #4233 from maelvls/goroutine-leak 
Memory leak: fix the scheduler's goroutine leakage
 2021-07-23 20:34:19 +01:00
joshvanl
247807162f Expect event fired when ACME CSR request is not yet approved 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:34:21 +01:00
jetstack-bot
77c5c2fb16
Merge pull request #4184 from inteon/kubectl_certmanager_install_tests 
Add basic tests to kubectl cert-manager x install
 2021-07-23 16:16:19 +01:00
joshvanl
a81ba4fcb3 Change test name to make it clear it is not a duplicate 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:10:35 +01:00
joshvanl
e18e29ea45 Adds unit tests for CertificateSigningRequest ACME handle owner 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
9e322a4033 Removes old comment which is no longer relevant 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
b84e3edcc9 Review comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
bec5d5be32 Remove CA annotation from ACME CertificateSigningRequest controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
2a1952c918 Adds ACME CSR to E2E conformance test suite 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
1284f358d0 Adds missing required feature to CommonName CSR E2E test 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
c9f5cbd0bc Adds more modifier funcs to Order in unit gen 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
b041a8fb3d Wires up ACME CSR controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
43f002b0f0 Adds CertificateSigningRequest ACME controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
Maël Valais
641960b666 memory leak: clean up scheduler goroutine on certificate deletion 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-23 16:57:10 +02:00
Inteon
0ed0135930
Improvements based on reviewer's feedback 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-23 15:29:43 +02:00
jetstack-bot
9ad9e220f3
Merge pull request #4230 from inteon/fix_exit_codes 
set correct exit codes
 2021-07-23 13:06:09 +01:00
jetstack-bot
3ee37e893d
Merge pull request #4229 from JoshVanL/certificate-signing-request=event-not-approved 
Fire event when CertificateSigningRequest hasn't been Approved yet
 2021-07-23 12:23:08 +01:00
jetstack-bot
5ebcbced5c
Merge pull request #4240 from irbekrm/k8s_1_22 
Adds an option to build k8s 1.22 kind cluster
 2021-07-23 09:26:09 +01:00
irbekrm
5edad74e8a Ensure jq is available 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-22 20:53:39 +01:00
Inteon
50daf04118
rename cmdutil to k8scmdutil 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-22 21:43:53 +02:00
Maël Valais
62bc854467 e2e: sample-external-issuer v0.1.0 -> v0.1.1 (1.22 compatibility) 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-22 21:13:39 +02:00
irbekrm
63873ab8a9 Bump e2e test NGINX ingress Helm chart version 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-22 20:08:05 +01:00
irbekrm
5e83e35b7c Allow for ./setup-e2e-deps.sh script to be run locally against k8s v1.22 
Without specifying Kubernetes version

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-22 20:07:37 +01:00
irbekrm
84f653f01f e2e test setup installs a different version of Ingress depending on k8s version 
This is needed because there are no NGINX ingress release that would support work both on k8s v1.16-v1.18 as well as v1.22

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-22 19:35:57 +01:00
irbekrm
00542dd7f6 Bump apiregistration API version to v1 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-22 17:19:27 +01:00
irbekrm
69afd75e9a Adds an option to build k8s 1.22 kind cluster 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-22 16:08:22 +01:00
Inteon
c377e0e0cd
add comments 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-22 13:08:11 +02:00
Inteon
d6cd6f457d
set correct exit codes when exiting 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-22 12:57:08 +02:00
Inteon
ac677964c1
resolve test flakes 'the object has been modified' 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-22 10:10:39 +02:00
jetstack-bot
05cfd7bb72
Merge pull request #4218 from inteon/verify_upgrade_use_check_api 
Use 'kubectl cert-manager check api' in verify-upgrade.sh
 2021-07-21 20:37:20 +01:00
jetstack-bot
8ea29ba49a
Merge pull request #4237 from SgtCoDFish/parsechaintest 
Fix check for self-signed certs in EncodeX509Chain
 2021-07-21 17:49:20 +01:00
Ashley Davis
17ec9ea8e7
fix check for self-signed certs in EncodeX509Chain 
see also https://github.com/jetstack/cert-manager/issues/4142

EncodeX509Chain checked for self-signed certs by comparing the subject
and issuer of the cert in question, which is invalid since it's
perfectly fine for those to match.

the correct behavior is to use cert.CheckSignatureFrom(cert). this bug
was exposed in 1.4 when ParseSingleCertificateChain started using
EncodeX509Chain in the critical path of several issuers; when end-users
had leaf certificates with subjects matching their issuer's subject, the
bug was triggered.

includes newly written tests for EncodeX509Chain and a test for
ParseSingleCertificateChain

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-07-21 16:45:48 +01:00
jetstack-bot
f489c7df02
Merge pull request #4236 from irbekrm/fix_version_finding 
Fix how last published release version is calculated for upgrade tests
 2021-07-21 15:15:20 +01:00
Ashley Davis
31360580f0
Merge pull request #4232 from SgtCoDFish/cabasicconstraint_e2e 
CA Basic Constraint checks in e2e tests
 2021-07-21 14:10:03 +01:00
irbekrm
48d4f955ea Fix how last published release is calculated 
It should always be the last published non-alpha/beta release

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-21 13:58:44 +01:00
Maël Valais
8e872632f4 memory leak: the afterFunc goroutine now stops properly 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-21 10:25:56 +02:00
Maël Valais
eb947f98ea memory leak: add unit test to show scheduler leaking goroutines 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-21 10:25:49 +02:00
Maël Valais
af9a1e434f data race: fix certificate requests in cache being mutated 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-20 19:50:26 +02:00
Maël Valais
a96dc55e1e data race: fix concurrent read and write of secret annotations 
This bug can be reproduced using "go run -race" and by creating many
Certificates and renewing them continuously. With 5000 Certificate
objects, a data race is found in less than a minute.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-20 19:50:26 +02:00