weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,086 Commits 45 Branches 0 Tags 96 MiB
0dd3155fb2
Commit Graph

277 Commits

Author SHA1 Message Date
James Munnelly
14cf0d495f Consistent use of glog 2017-10-16 14:50:27 +01:00
James Munnelly
59e2af767a Perform Issuer/ClusterIssuer status updates in controller 2017-10-16 12:59:46 +01:00
James Munnelly
1f278d659b Refactor e2e setup into scripts. Speed up e2e tests. 
Build images whilst services are starting

Exit on setup boulder errors

Install nsenter

Don't build nsenter

Turn up e2e pod verbosity

Set pullPolicy IfNotPresent on HTTP challenge solver
 2017-10-16 12:58:47 +01:00
James Munnelly
9f79eea7d1 Use pods instead of jobs for acme solver 2017-10-13 20:15:53 +01:00
James Munnelly
9d933d9e11 Only update certificate status in the controller package to stop conflicts 2017-10-13 20:15:29 +01:00
James Munnelly
29f44c2ed6 Fix domain authorization check 2017-10-13 18:28:40 +01:00
James Munnelly
a62afaa1e7 Merge pull request #120 from jetstack-experimental/fix-http-cleanup 
Fix ACME HTTP Cleanup function
 2017-10-13 18:09:33 +01:00
James Munnelly
213d895865 Fix ACME HTTP Cleanup function 2017-10-13 17:59:39 +01:00
James Munnelly
a9eb7ee8a7 Check authorizations account URI before attempting to reuse authorization 2017-10-13 16:56:05 +01:00
James Munnelly
01e5833825 Make acmesolver image configurable through CLI. Use tagged version as default. 2017-10-13 16:39:06 +01:00
James Munnelly
c7a83606ce Merge pull request #115 from jetstack-experimental/explicity-challenge-mech 
Add HTTP01 field to issuer.spec. Default HTTP01 challenges to disabled.
 2017-10-13 15:37:39 +01:00
James Munnelly
79c775e389 Add HTTP01 field to issuer.spec. Default HTTP01 challenges to disabled. 2017-10-13 14:54:26 +01:00
James Munnelly
2600cb8e14 Fix up altName->dnsName change 2017-10-13 14:04:14 +01:00
James Munnelly
45a67dc748 Merge pull request #109 from jetstack-experimental/cn-altname 
Use CommonName and AltNames fields on Certificate resource
 2017-10-13 13:21:47 +01:00
James Munnelly
a4b1d346c7 Fix invalid check for empty certificate domains 2017-10-13 13:05:21 +01:00
James Munnelly
e080d1da25 Add LICENSE files for files from github.com/xenolf/lego library 2017-10-13 12:57:31 +01:00
James Munnelly
489f073d3a Require altName or subject name are specified in CA issuer 2017-10-13 12:52:36 +01:00
James Munnelly
187e91f9ae Default commonName to first altName if not specified 2017-10-13 12:50:07 +01:00
James Munnelly
f8107e6fcc Use CommonName and AltNames fields on Certificate resource 2017-10-13 12:50:07 +01:00
James Munnelly
a2d9733f21 Update implementation for new field names/types 2017-10-13 11:43:52 +01:00
James Munnelly
cd4b482410 Check Secret namespace in ClusterIssuer checks. Add TODO. 2017-09-22 09:52:09 +01:00
James Munnelly
7fffd67c86 Fix issuer CA for ClusterIssuer resources 2017-09-22 09:39:03 +01:00
James Munnelly
dc608f709d Support Certificates referencing ClusterIssuers 2017-09-22 01:46:05 +01:00
James Munnelly
852e250a69 Add clusterissuer controller 2017-09-22 00:10:42 +01:00
James Munnelly
7c425ee86f Switch issuer implementations to use GenericIssuer 2017-09-21 23:27:41 +01:00
James Munnelly
c4980baaca Use context throughout issuer implementation 2017-09-21 20:45:43 +01:00
James Munnelly
8d0d8d1e62 Merge pull request #79 from jetstack-experimental/issuer-ca 
Add initial basic CA issuer implementation
 2017-09-14 13:43:15 +01:00
James Munnelly
03acdf3a8c Don't regenerate svcName 2017-09-12 21:57:45 +01:00
James Munnelly
dc29817673 Use shorter names for http solver resources 2017-09-12 21:41:37 +01:00
James Munnelly
d506d35cf1 Don't log issuance & renew success/failure twice 2017-09-11 10:47:59 +01:00
James Munnelly
bef938454b Fix passing public key to obtainCertificate 2017-09-11 10:47:59 +01:00
James Munnelly
87df7a0d81 Update CA issuer to log to Event Recorder 2017-09-11 10:47:59 +01:00
James Munnelly
9ba1a35fa1 Update ACME Issue & Renew methods 2017-09-11 10:47:59 +01:00
James Munnelly
5f061a8c7e Update Certificate Status after Issue & Renew 2017-09-11 10:47:59 +01:00
James Munnelly
e26ddc8307 Fix UpdateStatusCondition call 2017-09-11 10:47:58 +01:00
James Munnelly
54a850383f Use SecretTLSKey/SecretTLSCert functions 2017-09-11 10:47:58 +01:00
James Munnelly
ae3171b8bf Add initial CA issuer work 2017-09-11 10:47:58 +01:00
James Munnelly
ac8e0c6918 Make authorization chan buffered 2017-09-11 02:19:17 +01:00
James Munnelly
98daf0b1ba Add events for ACME prepare method 2017-09-11 02:02:00 +01:00
James Munnelly
d0e02d3d4e Make UpdateStatusCondition work on a *Issuer 2017-09-10 23:07:06 +01:00
James Munnelly
89588bb281 Split GetKeyPair method into two methods 2017-09-10 22:54:55 +01:00
James Munnelly
2e551f58b5 Update ACME implementation for new structure. Add util/pki. 2017-09-10 21:13:37 +01:00
James Munnelly
dc4335754f Move kube related utilities out of cmd 2017-09-10 21:11:34 +01:00
James Munnelly
f66855bd03 Add event recording. Split out cmd entrypoint. 2017-09-09 18:27:35 +01:00
James Munnelly
51971e921d Remove unused function 2017-09-09 11:49:04 +01:00
James Munnelly
35d672ef39 Add comments to top level packages 2017-09-09 11:42:50 +01:00
James Munnelly
7540beb74b Update imports 2017-09-09 02:13:03 +01:00
James Munnelly
a958f4462d Switch to using Conditions for Issuer status 2017-09-08 22:22:00 +01:00
James Munnelly
00389b6da3 Refactor Issuer interface to allow returning updated Status 2017-09-08 21:41:15 +01:00
Martell Malone
c4d07a3d51 Fix cloudflare error message 2017-09-04 17:34:16 +01:00
James Munnelly
ddd6151d4a Update acme http solver image 2017-08-31 12:28:08 +01:00
James Munnelly
95aa3aab95 Update references to cert-manager informers 2017-08-22 12:13:13 +01:00
Christian Simon
32dff6079c Fix secret access key link 2017-08-12 14:54:53 +01:00
Christian Simon
301edc7812 Implement provider route 53 2017-08-09 12:17:56 +01:00
Christian Simon
8c2e92a5d1 Adds upstream DNS provider route53 2017-08-08 22:53:03 +01:00
James Munnelly
ee8d34c16f Add cloudflare dns01 provider 2017-08-07 18:28:35 +01:00
James Munnelly
cf6faacd56 Update Issuer CloudDNS config service account to use a SecretKeySelector 2017-08-07 18:07:33 +01:00
James Munnelly
7937b0384c Update import paths 2017-08-07 14:46:58 +01:00
James Munnelly
3503100676 Clean up job resource after validation attempt 2017-08-07 13:52:21 +01:00
James Munnelly
54f708c7c9 Add comments. Remove unused code. 2017-08-07 12:07:32 +01:00
James Munnelly
5e0eb7102f Fix ingress path 2017-08-07 01:57:41 +01:00
James Munnelly
a02f2ba03d Add CleanUp functions for HTTP01 solver 2017-08-07 01:36:42 +01:00
James Munnelly
7d8683bd16 Move solver into standalone binary. Launch Jobs to solve HTTP01 challenges. 2017-08-06 23:51:10 +01:00
James Munnelly
dc80101476 Check for DNS propagation before accept authorization from ACME 2017-08-05 17:39:56 +01:00
James Munnelly
45a1ab2f2b Initial support for CloudDNS 2017-08-05 02:53:37 +01:00
James Munnelly
deeff88b03 Use ACMeStatus() helper 2017-08-05 01:21:14 +01:00
James Munnelly
42a5321510 Watch for certificate and ingress deletion in Certificate controller 2017-08-05 01:00:40 +01:00
James Munnelly
3fb49ad049 Refactor control loops to be more akin to kube-controller-manager 2017-08-05 00:35:54 +01:00
James Munnelly
92d4fef10e Update k8s.io dependencies. Update to new DeepCopy generator. 2017-07-22 13:47:38 +01:00
James Munnelly
630654a6d4 Update import paths 2017-07-22 12:19:40 +01:00
James Munnelly
268ae4ee89 Refactor common functions into util. Add renewals. 2017-07-22 11:45:30 +01:00
James Munnelly
2d55f48328 Implement basic certificate issuer 2017-07-22 02:54:06 +01:00
James Munnelly
6ae604a66a Add temporary static http01 solver 2017-07-22 02:53:46 +01:00
James Munnelly
2075a737b4 Return privateKeyPem in generatePrivateKey 2017-07-22 02:52:21 +01:00
James Munnelly
b0c6b59c51 Fix up acme certificate authorization 2017-07-22 02:51:49 +01:00
James Munnelly
afbe0ba9c5 add start of authorization 2017-07-22 01:23:25 +01:00
James Munnelly
95cba8ab5f Add acme issuer. Implement 'Setup' method. Now manages ACME accounts. 2017-07-21 15:18:39 +01:00