weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,819 Commits 45 Branches 0 Tags 96 MiB
153c0b5fbf
Commit Graph

155 Commits

Author SHA1 Message Date
Florian Liebhart
894e1f99d6 fix error for dns endpoint propagation 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Florian Liebhart
fa2f063c28 rebase master 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
jetstack-bot
19104fcb4a
Merge pull request #5962 from wallrj/5670-controller-manager-liveness-probe 
Report controller-manager as unhealthy if leader election has failed to renew the lease but process is wedged
 2023-04-27 15:09:54 +01:00
Richard Wall
f1bf47f4cc Log the healthz server address on startup 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 12:40:17 +01:00
Richard Wall
4d182e9c7b Add /livez endpoint which reports the leaderElection status 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 07:53:26 +01:00
irbekrm
300fe72ff0 Code review 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-25 13:45:06 +01:00
irbekrm
3d82e94789 Ensures metadata only is cached for pods and services 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-25 06:20:58 +01:00
Tim Ramlot
1c23f408a7
add NumberOfConcurrentWorkers flag 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-11 14:03:59 +02:00
Ashley Davis
6ce6ae839e
separate binaries/tests into separate modules with minimal dependencies 
also add gomod validation in CI, along with a cmrel version bump

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-04-05 10:30:39 +01:00
Tim Ramlot
f36c06f10d
move cmd/util/ to internal/cmd/util/, since it is also imported by packages outside of cmd/ 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-02-28 12:38:59 +01:00
Corey McGalliard
7e6e0940a2 updating to match feedback and adjust the RunAsNonRoot options for http01 solver to be more descriptive 
Signed-off-by: Corey McGalliard <cmcgalliard@redventures.com>
 2022-11-16 11:20:36 -05:00
David Bond
4a4dd03245
Switch leader election to use Lease objects 
Previously, cert-manager supported both ConfigMap & Lease objects for leader election. This commit modifies
the leader-election code to now solely use Lease objects in both the controller & ca-injector. The related
RBAC for ConfigMap resources has also been removed.

This change means that you cannot upgrade to the version containing this commit from cert-manager 1.3.

Related to #3766

Signed-off-by: David Bond <davidsbond93@gmail.com>
 2022-03-10 12:38:50 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
d6c34987ef Updates controller start with ControllerFactory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
jetstack-bot
fa321b6a4b
Merge pull request #4287 from linka-cloud/acme-http-challenge-cutomer-dns 
Acme http challenge custom dns
 2022-01-11 11:24:03 +00:00
James Munnelly
9c04a04c7c Move feature package into internal/controller 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:36 +00:00
Adphi
3375fa0609
http01: add custom nameservers support (#4286) 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-06 21:02:46 +01:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
irbekrm
7b6eeff457 Profiler address for controller can now be configured 
Ensures that pprof is configured for controller in the same way as for cainjector

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-10-26 12:20:42 +03:00
Jake Sanders
ed4ad50b22
Don't start the Gateway Shared Informer Factory if the Gateway API feature is disabled 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-05 15:22:02 +01:00
Jake Sanders
36aa9e2501
The gateway-api support is now gated behind --feature-gate=ExperimentalGatewayAPISupport=true 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-05 14:37:54 +01:00
Jake Sanders
27348a7072
Better error messages when Gateway API CRDs aren't installed 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 14:21:02 +01:00
Jake Sanders
b38869b551
Gateway HTTP01: Make docs better, only enable gateway solver if gateway API is found 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:23 +01:00
Jake Sanders
deb9ccc5a9
HTTP01 solver support for the Gateway API 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:16 +01:00
jetstack-bot
d062176777
Merge pull request #4243 from inteon/improved_go_routines 
Cleanup goroutine management
 2021-07-28 15:36:41 +01:00
Inteon
78d13787e6
remove duplicated error messages & cobra help messages on error 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-28 15:55:14 +02:00
Inteon
d430113666
remove os.Exit from cert-manager controller and make sure LeaderElection ReleaseOnCancel works 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-27 21:40:42 +02:00
jetstack-bot
3b50d78ae4
Merge pull request #4225 from jakexks/ingressv1 
Feature: Support both v1 and v1beta1 ingresses.
 2021-07-27 20:11:37 +01:00
Inteon
48e9c2bd16
exit with exit code 0 on cancel & release leader-election on cancel 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-27 19:43:08 +02:00
Irbe Krumina
3834a8fc0a Code review feedback 
Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:37 +01:00
irbekrm
ddf7e130b7 Allow users to specify which annotations should be copied from Certificate to CertificateRequest 
Default to all being copied except for kubectl, fluxcd, argocd annotations

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:10 +01:00
Jake Sanders
67c6586161
Addressing code review comments in #4225 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:54 +01:00
Jake Sanders
0d93b93fc5
Feature: Support both v1 and v1beta1 ingresses. 
Kubernetes is removing support for the v1beta1 Ingress type in 1.22: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/#api-changes
However, we still wish to support k8s v1.16 until mid 2022 when Openshift 3 becomes out of support.

cert-manager will now use v1 Ingress if available by using the discovery API.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:42 +01:00
Inteon
632459c6d9
resolve bug & cleanup 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-23 15:41:24 +02:00
Inteon
81e216eeba
wait for goroutines to end before exiting 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-23 15:30:26 +02:00
Inteon
d6cd6f457d
set correct exit codes when exiting 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-22 12:57:08 +02:00
Maël Valais
e5436df521 gateway-shim: don't crash cert-manager if the Gateway CRD isn't there 
The Gateway CRD has to be installed, meaning that the CRDs may be
installed after cert-manager. We don't want cert-manager to crash in
that case; instead, we let the user know that cert-manager will keep
retrying looking for the CRDs with this message on startup:

  controller.go:181] cert-manager/controller/build-context "msg"="the
  Gateway API CRDs do not seem to be present, cert-manager will keep
  retrying watching for them"

The user then sees the following message printed (using an exponential
back-off):

  reflector.go:167: Failed to watch *v1alpha1.Gateway: failed to list
  *v1alpha1.Gateway: the server could not find the requested resource
  (get gateways.networking.x-k8s.io)

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:35:47 +02:00
Maël Valais
b5142f84c0 gateway-shim: only discover the gateway api when gateway-shim is enabled 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:35:34 +02:00
Maël Valais
30f9c123d3 gateway-shim: add the gateway-shim controller 
Note that the gateway-shim is only half the work for supporting the
Gateway API in cert-manager. The other half is the HTTP01 solver
support, which is still worked on.

The Gateway API in cert-manager is releases as an experimental feature
and needs to be enabled manually with the following flag:

  --controllers=*,gateway-shim

All the annotations supported by ingress-shim are also supported by
gateway-shim, with some exceptions:

  "acme.cert-manager.io/http01-ingress-class"

This annotation is not supported on the Gateway resource. Although the
Gateway resource also has a "gatewayClass" field, we will need to add
another field instead of "ingress-class" to avoid confusion with the
ingress-shim.

  "acme.cert-manager.io/http01-edit-in-place"

This annotation is not supported because it is specific to some ingress
controllers like ingress-gce.

  "kubernetes.io/tls-acme"

This annotation is not supported because it is a behavior inherited from
kube-lego and we chose not to keep this behavior with the Gateway API.

Unlike the ingress-shim, you can reuse the same Secret name in multiple
TLS configurations on the same Gateway resource.

The ingress-shim now shows the exact location of the duplicate
secretName when the user gives the same secretName in two separate TLS
blocks.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-15 20:34:55 +02:00
kit837
0f97e6d19d pass in clock.Clock for better test 
Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>
 2021-06-15 17:48:20 +00:00
irbekrm
b539cbea89 Use ConfigmapsLeases Multilock for controller's leader election 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-17 18:19:38 +01:00
Jake Sanders
79d8d9cb7b
Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" 
This reverts commit 80f27739b5, reversing
changes made to 96604d02a3.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:25 +01:00
Jake Sanders
423e82b65b
Revert "Merge pull request #3939 from JoshVanL/istio-api-to-internal-apis" 
This reverts commit f2a74ade5e, reversing
changes made to 7ff54e61e9.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:23 +01:00
joshvanl
01716e2907 Fixes stutter: istio.IsIstioInstalled -> istio.IsInstalled 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:42:21 +01:00
joshvanl
3af22cf6c6 Move istio util duncs to pkg/util/istio 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:35:41 +01:00
Inteon
2d7dfcb462 start DynamicSharedInformerFactory unconditionally; only listen for VirtualServices conditionally 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
joshvanl
8f5b03427c Fix options_test.go boilerplate header 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 11:28:01 +00:00
joshvanl
6ef840972c Change controller options to return a set of enabled controllers, and 
log enabled controllers on start

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 11:28:01 +00:00
joshvanl
5c3e02d7a5 Changes the controllers flag to allow disabling controllers. This is the 
same behaviour as kube-controller-manager

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 11:28:01 +00:00