cert-manager

Author	SHA1	Message	Date
irbekrm	143c5ce38d	Adds a test for copying the annotations from Certificate Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:24 +01:00
irbekrm	ddf7e130b7	Allow users to specify which annotations should be copied from Certificate to CertificateRequest Default to all being copied except for kubectl, fluxcd, argocd annotations Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:10 +01:00
jetstack-bot	ceb9fdf6ac	Merge pull request #4231 from maelvls/fix-concurrent-read-write Data race: fix concurrent read and write of secret annotations and certificaterequests	2021-07-26 13:34:12 +01:00
jetstack-bot	218408a741	Merge pull request #4112 from JoshVanL/certificate-signing-request=acme CertificateSigningRequest ACME Controller	2021-07-26 11:51:12 +01:00
jetstack-bot	1021b58286	Merge pull request #4233 from maelvls/goroutine-leak Memory leak: fix the scheduler's goroutine leakage	2021-07-23 20:34:19 +01:00
joshvanl	247807162f	Expect event fired when ACME CSR request is not yet approved Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:34:21 +01:00
joshvanl	a81ba4fcb3	Change test name to make it clear it is not a duplicate Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:10:35 +01:00
joshvanl	e18e29ea45	Adds unit tests for CertificateSigningRequest ACME handle owner Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	9e322a4033	Removes old comment which is no longer relevant Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	b84e3edcc9	Review comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	bec5d5be32	Remove CA annotation from ACME CertificateSigningRequest controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	43f002b0f0	Adds CertificateSigningRequest ACME controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
Maël Valais	641960b666	memory leak: clean up scheduler goroutine on certificate deletion Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-23 16:57:10 +02:00
Maël Valais	af9a1e434f	data race: fix certificate requests in cache being mutated Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-20 19:50:26 +02:00
Maël Valais	a96dc55e1e	data race: fix concurrent read and write of secret annotations This bug can be reproduced using "go run -race" and by creating many Certificates and renewing them continuously. With 5000 Certificate objects, a data race is found in less than a minute. Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-20 19:50:26 +02:00
joshvanl	37dbf770da	Fire event when CertificateSigningRequest hasn't been signed yet Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-20 10:39:27 +01:00
joshvanl	a1a953f40f	More comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 19:29:40 +01:00
joshvanl	0fdd52e603	Adds comments to some func's and changes return err names to be more clear Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	0116bf18bd	Changed Venafi CSR request "the request will be retried" -> "waiting" Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	6e57e1093f	Adds comment about what the pickup ID is in the CSR controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	e0fc320d41	Remove CA annotation being set on Venafi CertificateSigningRequest controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	c4914f7103	Adds venafi CertificateSigningRequest controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
Maël Valais	368c7659ee	gateway-shim: test: two different secrets create two Certificates Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:47 +02:00
Maël Valais	f77954e5e3	gateway-shim: document issuerForIngressLike and translateAnnotations Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:41 +02:00
Maël Valais	30f9c123d3	gateway-shim: add the gateway-shim controller Note that the gateway-shim is only half the work for supporting the Gateway API in cert-manager. The other half is the HTTP01 solver support, which is still worked on. The Gateway API in cert-manager is releases as an experimental feature and needs to be enabled manually with the following flag: --controllers=*,gateway-shim All the annotations supported by ingress-shim are also supported by gateway-shim, with some exceptions: "acme.cert-manager.io/http01-ingress-class" This annotation is not supported on the Gateway resource. Although the Gateway resource also has a "gatewayClass" field, we will need to add another field instead of "ingress-class" to avoid confusion with the ingress-shim. "acme.cert-manager.io/http01-edit-in-place" This annotation is not supported because it is specific to some ingress controllers like ingress-gce. "kubernetes.io/tls-acme" This annotation is not supported because it is a behavior inherited from kube-lego and we chose not to keep this behavior with the Gateway API. Unlike the ingress-shim, you can reuse the same Secret name in multiple TLS configurations on the same Gateway resource. The ingress-shim now shows the exact location of the duplicate secretName when the user gives the same secretName in two separate TLS blocks. Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Jake Sanders <i@am.so-aweso.me>	2021-07-15 20:34:55 +02:00
Maël Valais	b13b751d63	PR review with Irbe: re-queue Ingress on "Update" and "Add" of certs Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Irbe Krumina <irbekrm@gmail.com>	2021-07-13 19:06:10 +02:00
Maël Valais	e12173b4c2	ingress-shim: unit-test certificateDeleted, only call on deletion The func certificateDeleted was being called on every possible event (deleted, created, updated). Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:30:01 +02:00
Maël Valais	59051432e3	ingress-shim: remove unused issuer and clusterissuer listers Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:58 +02:00
Maël Valais	c119b64fdf	ingress-shim: I was syncing on Issuers instead of Ingresses Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:50 +02:00
Maël Valais	30ad33784d	ingress-shim: remove unecessary/verbose comment Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 18:27:08 +02:00
Maël Valais	1cb39d1efe	ingress-shim: remove duplicate line Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:43:01 +02:00
Maël Valais	0b12a5cf5f	ingress-shim: explain why the owner ref does not have a namespace Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:42:48 +02:00
Maël Valais	75b9bd6598	ingress-shim: untangle logic for "looking for cert owners" Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-07 13:27:30 +02:00
Maël Valais	26b074241a	issuing controller test: check w.Register error Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>	2021-07-06 12:51:01 +02:00
Maël Valais	37bee71d68	static analysis party: fix errcheck warnings Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	98bf0b6478	DataForCertificate: explain what the "current" and "next" CRs are used for Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-05 13:32:32 +02:00
joshvanl	2c217f0377	Remove CA field from Vault CertificateSigningRequest controllers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:50:33 +01:00
joshvanl	d0e7ccd805	Update some CSR comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	f5b609e446	Adds Vault CertificateSigningRequest Issuer controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 09:11:43 +01:00
joshvanl	7e8bf731b2	Remove the `experimental.cert-manager.io/ca` annotation from the CertificateSigningRequest Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-25 16:02:37 +01:00
irbekrm	fd61e1ccc7	Delete 'next' CertificateRequests that failed in last issuance cycle So that the issuance is retried Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 07:28:06 +01:00
irbekrm	feb62b1fe5	Make the back off period const public Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:37:07 +01:00
irbekrm	428c280f76	Pass clock to request manager controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:36:26 +01:00
jetstack-bot	fbd2a6d06a	Merge pull request #4105 from kit837/add-clock-time-seconds Add clock_time_seconds metric	2021-06-15 21:00:53 +01:00
kit837	0f97e6d19d	pass in clock.Clock for better test Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>	2021-06-15 17:48:20 +00:00
jetstack-bot	02d90248de	Merge pull request #4079 from annerajb/support-ed25519 support-ed25519	2021-06-15 16:17:53 +01:00
jetstack-bot	91540b14a2	Merge pull request #4100 from JoshVanL/certificate-signing-request-selfsigned CertificateSigningRequest selfsigned controller	2021-06-15 12:36:39 +01:00
joshvanl	19f94c877d	Remove references to CA private key from SelfSigned CSR controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-15 12:13:52 +01:00
Anner J. Bonilla	9546a357a5	Add support for certificates with ed25519 private keys Note that using ed25519 on the public internet is not currently recommended, since it's not widely supported. You'd likely not be able to use an Ed25519 cert with an ACME issuer today. Ed25519 certs might be useful for internal PKI, though - an ed25519 CA issuer, say - or for testing ed25519 certs before they become more widely available on the public internet. They're not currently supported by Vault, Venafi or ACME (Letsencrypt) issuers. Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com> Signed-off-by: Anner J. Bonilla <annerjb@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-06-14 11:17:35 +01:00
joshvanl	d5007c2e37	Adds the CertificateSigningRequest selfsigned controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-14 10:18:54 +01:00

1 2 3 4 5 ...

1083 Commits