cert-manager

Author	SHA1	Message	Date
Richard Wall	2eef0dad06	Add ko tool Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-12-20 15:38:19 +00:00
jetstack-bot	8a3811314f	Merge pull request #5656 from SgtCoDFish/trivydec Bump golang.org/x/net version to fix trivy vulns	2022-12-20 12:35:52 +00:00
Ashley Davis	12e0e0a9eb	bump golang.org/x/net version to fix trivy vulns Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-20 11:57:39 +00:00
jetstack-bot	c27b7cea6a	Merge pull request #5654 from SgtCoDFish/updatesec Update SECURITY policy to exclude vuln reports	2022-12-19 19:24:35 +00:00
Ashley Davis	1542ea0492	update SECURITY policy to exclude vuln reports Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-19 17:21:59 +00:00
jetstack-bot	501f4928ea	Merge pull request #5646 from SgtCoDFish/k8s1.26 Enable + use k8s 1.26 for e2e tests by default	2022-12-16 17:57:00 +00:00
Ashley Davis	1e419a468f	Enable + use k8s 1.26 for e2e tests by default Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-16 17:06:18 +00:00
jetstack-bot	6806035cb7	Merge pull request #5637 from RomanenkoDenys/fix-kubebuilder-sha fix kubebuilder tools arm64 sha256sum	2022-12-15 11:46:21 +00:00
jetstack-bot	a5a21693bc	Merge pull request #5629 from lucacome/bump-k8s-deps Bump k8s.io deps to v0.26.0	2022-12-15 11:01:20 +00:00
Luca Comellini	bb252356a2	Update controller-runtime to v0.14.0 Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-12-14 21:53:42 -08:00
Tim Ramlot	8baaffc02b	kubebuilder did not yet create a 1.26 release Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-12-14 21:53:42 -08:00
Tim Ramlot	26d04f3d8a	add WithLegacy function to our fake discovery client Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-12-14 21:53:42 -08:00
Luca Comellini	c99c147059	Bump k8s.io deps to v0.26.0 Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-12-14 21:53:42 -08:00
jetstack-bot	19d433da15	Merge pull request #5638 from lvyanru8200/maxconcurrent feat: Add max-concurrent-challenges parameter to helm	2022-12-14 12:01:42 +00:00
jetstack-bot	a1391d6995	Merge pull request #5604 from maelvls/upgrade-vault-in-e2e End-to-end tests: use Vault 1.12.1 instead of the outdated Vault 1.2.3	2022-12-13 14:50:30 +00:00
lv	2f0d492036	feat: Add max-concurrent-challenges parameter to helm Set the max-concurrent-challenges value with -set maxConcurrentChallenges=value when deploying with helm Fixes: https://github.com/cert-manager/cert-manager/issues/5627 Signed-off-by: lvyanru <yanru.lv@daocloud.io>	2022-12-13 18:15:16 +08:00
Denis Romanenko	d62bf032f5	fix kubebuilder tools arm64 sha256sum Signed-off-by: Denis Romanenko <denis.romanenko@flant.com>	2022-12-13 09:41:29 +03:00
jetstack-bot	a72095b800	Merge pull request #5632 from SgtCoDFish/fixtrivy Bump dep versions to fix trivy-reported vulns	2022-12-12 15:32:45 +00:00
Ashley Davis	a099eb306a	bump dep versions to fix trivy-reported vulns ```text { "VulnerabilityID": "CVE-2022-41717", "PkgName": "golang.org/x/net", "InstalledVersion": "v0.0.0-20220921155015-db77216a4ee9", "FixedVersion": "0.4.0", "Layer": { "DiffID": "sha256:629212d4fb1b47585329d1c630cb91f919ddcd6168031a07121953d6c6dbd438" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717", "DataSource": { "ID": "go-vulndb", "Name": "The Go Vulnerability Database", "URL": "https://github.com/golang/vulndb" }, "Title": "An attacker can cause excessive memory growth in a Go server accepting ...", "Description": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "Severity": "UNKNOWN", "References": [ "https://go.dev/cl/455635", "https://go.dev/cl/455717", "https://go.dev/issue/56350", "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "https://pkg.go.dev/vuln/GO-2022-1144" ], "PublishedDate": "2022-12-08T20:15:00Z", "LastModifiedDate": "2022-12-08T22:30:00Z" } ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-12 11:12:33 +00:00
jetstack-bot	7ef91210ae	Merge pull request #5628 from yk/patch-1 Fixed a typo in helm chart values	2022-12-09 16:54:24 +00:00
Yannic Kilcher	5ce5129a3c	Fixed a typo in helm chart values Signed-off-by: Yannic Kilcher <yk@users.noreply.github.com>	2022-12-09 11:55:33 +01:00
jetstack-bot	2f24231383	Merge pull request #5618 from SgtCoDFish/no-licenses-ci-presubmit Remove verify-licenses from ci-presubmit	2022-12-07 11:25:20 +00:00
jetstack-bot	cb4d9b566d	Merge pull request #5619 from SgtCoDFish/bumpgo Bump go to 1.19.4	2022-12-07 10:47:54 +00:00
Ashley Davis	22f3a6152d	bump go to 1.19.4 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-07 10:10:35 +00:00
jetstack-bot	0fa83c3f88	Merge pull request #5597 from sathyanarays/keystore_fix Refreshing secrets if keystore format change	2022-12-07 06:05:54 +00:00
Ashley Davis	79bd127d3b	remove verify-licenses from ci-presubmit see https://github.com/cert-manager/release/pull/111 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-06 16:40:20 +00:00
Sathyanarayanan Saravanamuthu	f719247d2b	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	5aabf62585	Updating CRDs Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	94fa9eeee6	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	4a6bae60be	Update internal/controller/certificates/policies/checks.go Co-authored-by: Richard Wall <wallrj@users.noreply.github.com> Signed-off-by: Sathyanarayanan Saravanamuthu <107846526+sathyanarays@users.noreply.github.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	42ae76ae30	Refreshing secrets when the keystore fields change Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
jetstack-bot	37ae8b2773	Merge pull request #5595 from irbekrm/update_gwapi_install Updates Gateway API test setup	2022-12-06 10:51:03 +00:00
irbekrm	c60a181baf	Gateway and GatewayClass for tests are created against beta Gateway API Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:05:47 +00:00
irbekrm	0c8aa75b18	Corrects test Gateway resources TLS block is only valid for TLS listeners Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:05:45 +00:00
irbekrm	9709833bb6	Removes unused check current cert-manager version no longer supports Kubernetes 1.19 Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:04:18 +00:00
irbekrm	75e2d1145a	Updates Gateway API test dependency Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:04:18 +00:00
irbekrm	608c3a1df0	Bumps Contour Helm chart version Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:04:18 +00:00
irbekrm	bc70233256	Tests download Gateway installation bundle Rather than whole gateway git repo Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:04:18 +00:00
irbekrm	486c72f122	Update reference to HTTPRoute docs Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:04:18 +00:00
jetstack-bot	6ec8da3366	Merge pull request #5583 from lvyanru8200/uodateGwVerison feature: update gateway api to v1beta1	2022-12-05 14:52:48 +00:00
lv	a13c76d312	feature: update gateway api to v1beta1 Signed-off-by: lvyanru <yanru.lv@daocloud.io> feature: update gateway api to v1beta1 Signed-off-by: lvyanru <1113706590@qq.com>	2022-12-05 14:03:21 +00:00
jetstack-bot	3ed4621c02	Merge pull request #5613 from mmontes11/master Return error when Gateway has a cross-namespace secret ref	2022-12-05 10:28:16 +00:00
Maël Valais	f4f72c16e6	e2e: use Vault 1.12.1 instead of the outdated 1.2.3 The main reason for bumping Vault's version is because 1.2.3 is not compatible with the config parameter `disable_iss_validation`, which is needed for accommodating the future tests [1] that rely on bound tokens and static tokens. For context, Vault 1.2.3 was released on Sep 9, 2019 [2] but `disable_iss_validation` was only added on July 21st, 2020 in Vault 1.5.0. Due to a breaking change that happened in Vault 1.5.0 [3] in which Vault started loading the pod's token instead of using the same token (to be reviewed) for authenticating. An alternative solution could have been to prevent the service account from being mounted to the pod, but I figured that having the two service accounts separated is a better practice. [1]: https://github.com/cert-manager/cert-manager/pull/5502 [2]: https://github.com/hashicorp/vault/commit/c14bd9a2 [3]: https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#150 Signed-off-by: Maël Valais <mael@vls.dev>	2022-12-02 16:36:16 +01:00
Martín Montes	f884dac555	Return error when Gateway has a cross-namespace secret ref Signed-off-by: Martín Montes <martin11lrx@gmail.com>	2022-12-01 12:46:33 +01:00
jetstack-bot	77c410f5cb	Merge pull request #5570 from weisdd/feature/azure-workload-identity feat(AzureDNS): Add support for Workload Identity	2022-11-30 18:00:32 +00:00
jetstack-bot	f85c8c98cb	Merge pull request #5605 from SgtCoDFish/normmake Use distinct manifest dirs for signed / unsigned manifests	2022-11-29 17:32:25 +00:00
Ashley Davis	4d12251fa7	Use distinct manifest dirs for signed / unsigned manifests This avoids a race condition with the `release-manifests` and `release-manifests-signed` targets. When running in parallel, one could execute `rm -rf $(BINDIR)/scratch/manifests` while the other was running. This could also conceivably have led to incorrectly packaged manifests when both were run in parallel. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-11-29 16:14:59 +00:00
jetstack-bot	43e13bfa0d	Merge pull request #5587 from SpectralHiss/SpectralHiss/add-fields-to-subject-rdn Add support for required LDAP (rfc4514) RDNs in LiteralSubject	2022-11-29 15:19:25 +00:00
Houssem El Fekih	d56c51092a	Add boilerplate comment Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2022-11-29 14:47:50 +00:00
Houssem El Fekih	182275ed44	Add error case + list all supported OIDs in cannonical order Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2022-11-29 14:38:24 +00:00

1 2 3 4 5 ...

7352 Commits