cert-manager

Author	SHA1	Message	Date
Tim Ramlot	31b5ed6620	Make webhook Logging options configurable using configfile. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-17 12:00:50 +02:00
Tim Ramlot	b19d11d267	change the types of ports in the WebhookConfiguration: internal: int -> int32 public: int -> *int32 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-15 20:53:58 +02:00
Cody W. Eilar	1243fe285b	Add to ability to start controller with config file Signed-off-by: Cody W. Eilar <ecody@vmware.com>	2023-07-27 16:44:38 -07:00
Luca Comellini	3ff638b6f3	Bump k8s.io dependencies Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-07-20 10:35:20 -07:00
Tim Ramlot	e7530880ce	use Version 3 for all Certificates and Version 0 for all CertificateRequests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:21:55 +02:00
jetstack-bot	308c1472aa	Merge pull request #6031 from inteon/remove_deprecated_3 Replace deprecated wait.PollUntil and wait.Poll	2023-05-10 17:52:54 +01:00
Ashley Davis	209c252005	Move webhook testing package to core module This package was used by at least one external importer [1] and so the change to make the webhook live in a separate package caused an issue which @irbekrm reported on slack. [2] This PR moves the webhook testing code into the core cert-manager module so it'll be importable anywhere (albeit under a new name). This change also requires moving the webhook options into the core cert-manager module since they're required by the webhook testing logic. [1] `268cd2fdba/test/env/env.go (L25)` [2] https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1683650224483169 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-05-09 18:40:03 +01:00
Tim Ramlot	e08a13496d	replace deprecated wait.PollUntil() and wait.Poll() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-09 17:47:53 +02:00
Tim Ramlot	d656b2d9da	replace deprecated PollImmediateUntil with PollUntilContextCancel Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-07 10:15:46 +02:00
Luca Comellini	1bfc131e6a	Bump sigs.k8s.io/controller-tools to v0.12.0 Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-05-05 16:32:25 +01:00
Tobo Atchou	ee638a91ff	cert-manager-webhook to provide logs when handling request Signed-off-by: Tobo Atchou <tobo.atchou@gmail.com>	2023-04-22 10:41:44 +02:00
Tim Ramlot	415da885a1	remove ioutil Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-07 11:19:52 +02:00
Luca Comellini	0f64e055ae	Bump k8s.io dependencies Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-03-10 14:55:26 -08:00
Luca Comellini	dbd6dc9b16	Bump sigs.k8s.io deps Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-12-21 09:47:41 -08:00
Tim Ramlot	39fa9f51b4	upgrade dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-09-26 11:43:12 +02:00
Tim Ramlot	93caba980e	apply go fmt for go1.19 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-08-04 09:51:57 +00:00
Ashley Davis	fb231ab641	Remove bazel 🎉 This removes all .bazel and .bzl files, and a bunch of scripts relating to bazel, now that it's been entirely replaced. There are still a few places where traces could be removed, but this removes the brunt of the bazel stuff that remains. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-07-26 11:38:50 +01:00
Ashley Davis	eccde015ac	add CRD generation to makefile, replacing bazel - includes a run of make update-crds which causes some trivial changes - updates version of YQ to latest - makes hack/update-crds.sh just call make - makes hack/verify-crds.sh just call make - moves functionality of hack/verify-crds.sh to hack/check-crds.sh, using the makefile for generating alternative CRDs for comparison - removes the bazel test associated with CRDs Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-06-27 13:25:18 +01:00
Luca Comellini	091549620b	Bump Go to 1.18 Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-06-02 15:50:13 -07:00
Cody W. Eilar	2da5974fb4	Improve logging output for webhook cert renewal - Make "cert-manager certificate" explicit in log output - Include DNSNames for context Signed-off-by: Cody W. Eilar <ecody@vmware.com>	2022-05-24 12:48:45 -07:00
Ashley Davis	6420aa4bfa	fix imports in a few files this is according to our policy on organizing imports, see: https://cert-manager.io/docs/contributing/coding-conventions/#organizing-imports Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-18 17:42:45 +00:00
Ashley Davis	3a055cc2f5	rename all uses of github.com/jetstack/cert-manager This was done by running the following command twice: ```bash grep -Ri "github.com/jetstack/cert-manager" . \| \ cut -d":" -f1 \| \ sort \| \ uniq \| \ xargs sed -i "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/" ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-02 09:08:31 +00:00
James Munnelly	787ff34e38	Add copyright attribution Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 11:07:49 +00:00
James Munnelly	fa61625d5f	Regenerate test CRDs Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 10:56:51 +00:00
James Munnelly	65b8994330	Avoid defaulting objects before validation Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 10:56:51 +00:00
James Munnelly	0bba671152	Ensure defaulting is applied in the correct API version during mutation Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 10:56:50 +00:00
James Munnelly	07a0171e98	Use regular discovery client instead of cache Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 10:56:50 +00:00
James Munnelly	e13c879681	Remove old handlers & admission plugins Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 10:56:50 +00:00
James Munnelly	708de3c580	webhook: use new admission-plugin backed validation and mutation handlers Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 10:56:46 +00:00
James Munnelly	572aecd48d	Add webhook admission package to implement admission control in a clearer manner Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-20 10:54:18 +00:00
James Munnelly	5d7df17a24	pkg/webhook/authority: extract logger from context Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-12-17 18:52:26 +00:00
James Munnelly	bdb06ae55b	Fix failing unit test Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-12-17 18:32:27 +00:00
James Munnelly	81f22fd49c	Upgrade k8s.io dependencies to v0.23.1 Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-12-17 16:27:47 +00:00
Richard Wall	4eedf4fcfd	Test conversion code using sample CRDs and remove conversion configuration from cert-manager CRDs * Generate CRDs for the sample API types * Allow alternative CRDs to be loaded into the envtest API server * Override the conversion configuration of the CRDs * Show webhook server logs in tests * Simplify the loading of the test API CRDs * Allow the ConversionHandler to be overridden in tests Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-12-14 17:33:22 +00:00
James Munnelly	1a96d9f32d	config.cert-manager.io -> webhook.config.cert-manager.io Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-12-01 12:57:08 +00:00
James Munnelly	71a69cc488	Add unit tests for configfile loading Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-11-26 14:12:54 +00:00
James Munnelly	0e1d603c93	Add support for reading config from WebhookConfiguration object Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-11-26 14:12:54 +00:00
jetstack-bot	f61d534975	Merge pull request #4550 from irbekrm/pprof Pprof	2021-10-26 11:20:40 +01:00
irbekrm	73a696ddb3	Pprof addr for webhook defaults to localhost Also whether it is enabled and the address can now be configured via commandline flags Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-10-26 12:18:32 +03:00
James Munnelly	e7dea9f2a2	Replace all references to pkg/internal with internal Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-10-21 12:27:04 +01:00
irbekrm	cb6a746726	Runs ./hack/update-all.sh New format of Go build tags gets added Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-09-30 10:08:19 +01:00
Eng Zer Jun	54e70d2cc4	refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated in Go 1.16. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2021-08-23 19:50:42 +08:00
Ashley Davis	68f5ceb3b4	Fix manually specified Certificate and CertificateRequest versions Basically all modern X.509 certs are version 3, but confusingly to specify "version 3" in an encoded cert, the version number is actually 2. For PKCS#10 CSRs, the only valid version is 1, which again confusingly has the value "0" when encoded. This was incorrect in many places, including one place in which the version number on a CSR was used as a certificate's version number, when the two are entirely unrelated. Go ignores these values, so there's no functional changes here; still, it's better to be accurate. Go ignoring CSR version and specifying 0: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958 Go ignoring Certificate version and specifying 2: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534 PKCS#10 CSR specification in RFC 2986 section 4.1: https://datatracker.ietf.org/doc/html/rfc2986#section-4 X.509 Cert specification in RFC 5280 section 4.1.2.1: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-08-19 14:48:12 +01:00
Inteon	91ec4c773a	use correct contexts everywhere & don't restart apiserver to add crds Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-08-12 20:05:01 +02:00
Inteon	abc39053b2	resolve .Stop() failures Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-08-07 10:19:07 +02:00
jetstack-bot	b04e42c437	Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 Conversion: Apiextensions v1beta1 -> v1	2021-07-30 15:49:49 +01:00
joshvanl	8470ba96f0	Change webhook admission/mutation to no longer understand and reject anything which is not v1 (remove v1beta1) Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-29 11:10:24 +01:00
joshvanl	be2ad9ed15	Update sample ACME webhook to use apiextensions v1beta1 -> v1 Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-26 17:04:35 +01:00
joshvanl	5762b5706e	Update Conversion webhook to no longer understand v1beta1, only v1 Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-26 17:02:18 +01:00
Inteon	632459c6d9	resolve bug & cleanup Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-23 15:41:24 +02:00

1 2 3

142 Commits