weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,109 Commits 45 Branches 0 Tags 96 MiB
2264de13f3
Commit Graph

144 Commits

Author SHA1 Message Date
Tim Ramlot
ef3bd7d3b2
upgrade all dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-28 12:07:27 +02:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
31b5ed6620
Make webhook Logging options configurable using configfile. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-17 12:00:50 +02:00
Tim Ramlot
b19d11d267
change the types of ports in the WebhookConfiguration: 
internal: *int -> int32
public: *int -> *int32

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-15 20:53:58 +02:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
Luca Comellini
3ff638b6f3
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-07-20 10:35:20 -07:00
Tim Ramlot
e7530880ce
use Version 3 for all Certificates and Version 0 for all CertificateRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:21:55 +02:00
jetstack-bot
308c1472aa
Merge pull request #6031 from inteon/remove_deprecated_3 
Replace deprecated wait.PollUntil and wait.Poll
 2023-05-10 17:52:54 +01:00
Ashley Davis
209c252005
Move webhook testing package to core module 
This package was used by at least one external importer [1] and so the
change to make the webhook live in a separate package caused an issue
which @irbekrm reported on slack. [2]

This PR moves the webhook testing code into the core cert-manager module
so it'll be importable anywhere (albeit under a new name). This change
also requires moving the webhook options into the core cert-manager
module since they're required by the webhook testing logic.

[1] 268cd2fdba/test/env/env.go (L25)

[2] https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1683650224483169

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-05-09 18:40:03 +01:00
Tim Ramlot
e08a13496d
replace deprecated wait.PollUntil() and wait.Poll() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 17:47:53 +02:00
Tim Ramlot
d656b2d9da
replace deprecated PollImmediateUntil with PollUntilContextCancel 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-07 10:15:46 +02:00
Luca Comellini
1bfc131e6a Bump sigs.k8s.io/controller-tools to v0.12.0 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
Tobo Atchou
ee638a91ff cert-manager-webhook to provide logs when handling request 
Signed-off-by: Tobo Atchou <tobo.atchou@gmail.com>
 2023-04-22 10:41:44 +02:00
Tim Ramlot
415da885a1
remove ioutil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-07 11:19:52 +02:00
Luca Comellini
0f64e055ae
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-03-10 14:55:26 -08:00
Luca Comellini
dbd6dc9b16
Bump sigs.k8s.io deps 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-12-21 09:47:41 -08:00
Tim Ramlot
39fa9f51b4 upgrade dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-09-26 11:43:12 +02:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Ashley Davis
eccde015ac
add CRD generation to makefile, replacing bazel 
- includes a run of make update-crds which causes some trivial changes
- updates version of YQ to latest
- makes hack/update-crds.sh just call make
- makes hack/verify-crds.sh just call make
- moves functionality of hack/verify-crds.sh to hack/check-crds.sh,
  using the makefile for generating alternative CRDs for comparison
- removes the bazel test associated with CRDs

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-27 13:25:18 +01:00
Luca Comellini
091549620b
Bump Go to 1.18 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-02 15:50:13 -07:00
Cody W. Eilar
2da5974fb4 Improve logging output for webhook cert renewal 
- Make "cert-manager certificate" explicit in log output
- Include DNSNames for context

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2022-05-24 12:48:45 -07:00
Ashley Davis
6420aa4bfa
fix imports in a few files 
this is according to our policy on organizing imports, see:
https://cert-manager.io/docs/contributing/coding-conventions/#organizing-imports

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-18 17:42:45 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
James Munnelly
787ff34e38 Add copyright attribution 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 11:07:49 +00:00
James Munnelly
fa61625d5f Regenerate test CRDs 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
65b8994330 Avoid defaulting objects before validation 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
0bba671152 Ensure defaulting is applied in the correct API version during mutation 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
07a0171e98 Use regular discovery client instead of cache 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
e13c879681 Remove old handlers & admission plugins 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
708de3c580 webhook: use new admission-plugin backed validation and mutation handlers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:46 +00:00
James Munnelly
572aecd48d Add webhook admission package to implement admission control in a clearer manner 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:54:18 +00:00
James Munnelly
5d7df17a24 pkg/webhook/authority: extract logger from context 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:52:26 +00:00
James Munnelly
bdb06ae55b Fix failing unit test 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:32:27 +00:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
Richard Wall
4eedf4fcfd Test conversion code using sample CRDs and remove conversion configuration from cert-manager CRDs 
* Generate CRDs for the sample API types
* Allow alternative CRDs to be loaded into the envtest API server
* Override the conversion configuration of the CRDs
* Show webhook server logs in tests
* Simplify the loading of the test API CRDs
* Allow the ConversionHandler to be overridden in tests

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:33:22 +00:00
James Munnelly
1a96d9f32d config.cert-manager.io -> webhook.config.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
71a69cc488 Add unit tests for configfile loading 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
0e1d603c93 Add support for reading config from WebhookConfiguration object 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
jetstack-bot
f61d534975
Merge pull request #4550 from irbekrm/pprof 
Pprof
 2021-10-26 11:20:40 +01:00
irbekrm
73a696ddb3 Pprof addr for webhook defaults to localhost 
Also whether it is enabled and the address can now be configured via commandline flags

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-10-26 12:18:32 +03:00
James Munnelly
e7dea9f2a2 Replace all references to pkg/internal with internal 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:27:04 +01:00
irbekrm
cb6a746726 Runs ./hack/update-all.sh 
New format of Go build tags gets added

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-09-30 10:08:19 +01:00
Eng Zer Jun
54e70d2cc4
refactor: move from io/ioutil to io and os package 
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-08-23 19:50:42 +08:00
Ashley Davis
68f5ceb3b4
Fix manually specified Certificate and CertificateRequest versions 
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.

For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.

This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.

Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.

Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958

Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534

PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4

X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-19 14:48:12 +01:00
Inteon
91ec4c773a
use correct contexts everywhere & don't restart apiserver to add crds 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-12 20:05:01 +02:00
Inteon
abc39053b2
resolve .Stop() failures 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-07 10:19:07 +02:00
jetstack-bot
b04e42c437
Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 
Conversion: Apiextensions v1beta1 -> v1
 2021-07-30 15:49:49 +01:00
joshvanl
8470ba96f0 Change webhook admission/mutation to no longer understand and reject anything which is not 
v1 (remove v1beta1)

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-29 11:10:24 +01:00
joshvanl
be2ad9ed15 Update sample ACME webhook to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:04:35 +01:00