cert-manager

Author	SHA1	Message	Date
jetstack-bot	4d1486bbfc	Merge pull request #6168 from inteon/add_public_key_match Add SecretPublicKeysDiffersFromCurrentCertificateRequest check	2023-06-23 16:55:40 +02:00
Tim Ramlot	19377b43b1	fix feedback from @wallrj Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-21 15:31:20 +02:00
Tim Ramlot	82499eb75b	fix failing TestNewReadinessPolicyChain test Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-20 19:06:02 +02:00
Tim Ramlot	9000a06956	BUGFIX: we incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 21:31:25 +02:00
Tim Ramlot	fe4f4e4aa6	re-add TODO comment and make the message more clear Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 14:51:39 +02:00
Tim Ramlot	8ddf016b00	fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-13 16:54:32 +02:00
cui fliter	4723347260	fix function name in comments Signed-off-by: cui fliter <imcusg@gmail.com>	2023-06-07 17:17:07 +08:00
jetstack-bot	c5e6bf39d6	Merge pull request #6054 from inteon/correct_versions Use Version 3 for *x509.Certificate	2023-05-26 13:57:32 +01:00
irbekrm	b1a59164e0	Don't import controller's feature gate setup into a shared library To prevent controller's feature gates from overwriting other component's feature gates Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-23 12:01:30 +01:00
Tim Ramlot	e7530880ce	use Version 3 for all Certificates and Version 0 for all CertificateRequests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:21:55 +02:00
Tim Ramlot	0cf0f80b40	switch to non-deprecated functions in source code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
Tim Ramlot	e08a13496d	replace deprecated wait.PollUntil() and wait.Poll() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-09 17:47:53 +02:00
Tim Ramlot	dc12a5d0a0	revert setting flags for logging tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Tim Ramlot	5091a3bff4	use same logging flags for every cli and simplify flag logic Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Michael Malov	99e23d5e93	Add support for json logging format Signed-off-by: Michael Malov <14035243+malovme@users.noreply.github.com>	2023-05-05 18:01:16 +02:00
irbekrm	3d1134a975	Update cainjector inejctable setup To work with latest controller runtime Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-05 16:32:25 +01:00
Luca Comellini	df6ec95cd1	Update OnAdd Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-05-05 16:32:25 +01:00
Tim Ramlot	a3dbd22752	only apply patch if patch is != nil Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 15:01:57 +02:00
Tim Ramlot	bce882b477	use cainjector feature flags Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-03 19:52:13 +02:00
Tim Ramlot	4d81f1877a	resolve feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-03 11:18:10 +02:00
Tim Ramlot	927cef3c22	switch to SSA for cainjector Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-26 17:04:11 +02:00
irbekrm	300fe72ff0	Code review Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 13:45:06 +01:00
irbekrm	0d1d66d900	Fixes tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 06:20:58 +01:00
irbekrm	3d82e94789	Ensures metadata only is cached for pods and services Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 06:20:58 +01:00
jetstack-bot	bfa7eaaf0d	Merge pull request #5766 from irbekrm/cainjector_limit_controllers Cainjector limit controllers	2023-04-18 11:14:21 +01:00
jetstack-bot	50501d2f64	Merge pull request #5824 from irbekrm/controller_partial_metadata Controller partial metadata	2023-04-06 15:38:02 +01:00
irbekrm	7e6f2be820	Fixes goimports Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:29:41 +01:00
irbekrm	8217ff8714	Adds some extra unit tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	dba18119aa	Ensures that key for an ACME challenge is only retrieved from the ACME server once Thus reducing the number of HTTP01ChallengeResponse/DNS01ChallengeResponse calls Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	202d75ffe6	Updates code comment Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	0964d6d03d	Removes extra GET calls for ACME order resource In cases where a synced Order does not require any processing from this controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	de34694516	Makes some updates to CertificateRequests design The design is out of date in general though Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-27 09:57:44 +01:00
irbekrm	6e294ae359	Certificate-requests controller does not process invalid certificaterequests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-24 15:38:34 +00:00
irbekrm	f5ea958317	Issuing controller fails issuances for denied/invalid CRs This is not necessarily a breaking change as this appears to have been the current behaviour in most cases due to the race condition that this commit fixes Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-24 15:37:57 +00:00
irbekrm	26563feae1	remove invalid check GVK cannot be reliably checked here, see TODO, this is not expected to cause issues Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	c3bd14ead7	Uses the filtered informer factory if the SecretsFilteredCaching feature is enabled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	7d592a8270	Swap upstream core informers factory with out wrapper This does not actually change how the informers work. This also adds a partial metadata client to root context Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	a7e2abe5fa	Allows secrets event handler predicate to accept partial metadata This will only be needed by the SecretsFilteredCaching feature, but I cannot think of any harm by adding it to general path Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	5d7614ddd4	Passes controller context into all NewController funcs Instead of individual arguments. For readability and consistency. Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Avi Sharma	a62f92e33d	Add testcases for foreground deletion sync Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:53 +05:30
Avi Sharma	e5d9745078	Skip syncing resources deleted via foreground cascading Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:28 +05:30
Maël Valais	76eef68730	serviceAccountRef: the vault issuer can now use bound SA tokens Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-06 18:28:49 +01:00
irbekrm	56cf4dfd3c	Allows to modify configured injectable kinds for cainjector via flags Also changes name of --watch-certs flag to --enable-certificate-data-source Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	0c64cebfc5	Rename injector.go -> injectables.go To reduce the variations of naming Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	767aa39ddb	Simplify injectable logic Reduce the amount of interfaces enclosing the injectable instance from 3 to 1. Also some minor renaming and comments cleanup Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	3e58a442b7	Cleanup reconciler logic Make the file structure and struct naming more intuitive, add some comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 11:43:00 +00:00
irbekrm	74b258c3be	Code review feedback Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 08:53:27 +00:00
irbekrm	7e4dea1c2e	Clarify the error message when secret annotation is missing namespace prefix Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 11:12:31 +00:00
irbekrm	24040c4989	Ensure that updates to injectables are caught Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 10:49:56 +00:00
irbekrm	a174f0faa4	Filter injectables that trigger reconciles Only trigger reconciles for events on injectable types that are annotated, not random unrelated resources Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-30 11:27:15 +00:00

1 2 3 4 5 ...

1377 Commits