James Munnelly
|
6caa4c451d
|
Rename CRPrivateKeyAnnotationKey -> CertificateRequestPrivateKeyAnnotationKey
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-26 14:47:27 +01:00 |
|
James Munnelly
|
1adfe16690
|
Bulk fix of non-test staticcheck failures
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-26 12:25:08 +01:00 |
|
jetstack-bot
|
63b7ca26b8
|
Merge pull request #3027 from munnerz/expcerts-renewal
expcertificates: fix bug renewing certificates automatically near expiry
|
2020-06-26 09:21:39 +01:00 |
|
James Munnelly
|
86b8cab328
|
expand out 'clearCertificateFields' function
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-25 10:44:08 +01:00 |
|
James Munnelly
|
ba26d65c68
|
schedule resyncs once renewalTime has passed to handle certificate renewals in the future
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-23 16:48:33 +01:00 |
|
James Munnelly
|
b3300b8673
|
update trigger policies unit tests for status.renewalTime field
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-23 16:48:33 +01:00 |
|
James Munnelly
|
fe51a02227
|
use status.renewalTime in trigger policies and correctly plumb through clock
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-23 16:37:50 +01:00 |
|
James Munnelly
|
8bb4bb389a
|
use correct PolicyChain in readiness controller
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-23 16:37:50 +01:00 |
|
James Munnelly
|
7cf74ec442
|
set notBefore and renewalTime status fields in certificate readiness controller
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-23 16:23:42 +01:00 |
|
James Munnelly
|
1d6424b8f2
|
Use 'clock' package in pkg/scheduler
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-23 16:23:42 +01:00 |
|
James Munnelly
|
281b9ffcbd
|
add RenewBeforeExpiryDuration function
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-06-23 16:23:42 +01:00 |
|
Haoxiang Zhou
|
6c72193678
|
Handle keyEncoding for temporary Certificates
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
|
2020-06-23 10:17:41 +01:00 |
|
Haoxiang Zhou
|
5bcea49921
|
Issuing controller encodes private keys to PKCS1/PKCS8 as requested by user
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
|
2020-06-18 15:26:14 +01:00 |
|
jetstack-bot
|
46eaf3d1a4
|
Merge pull request #2923 from JoshVanL/new-metrics
Updates the metrics package + new metrics controller
|
2020-06-04 12:59:38 +01:00 |
|
JoshVanL
|
e465329b80
|
Revert vault free port and expose listener port from metrics server
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-05-26 23:01:55 +01:00 |
|
Haoxiang Zhou
|
7229741505
|
Changed tests for issuing controller to expect no ca.crt instead of nil
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
|
2020-05-26 15:30:43 +01:00 |
|
Haoxiang Zhou
|
609eedacec
|
Do not add ca.crt key to TLS secret if empty in expcertificates as well
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
|
2020-05-26 14:37:40 +01:00 |
|
Haoxiang Zhou
|
3591de614d
|
Changed unit tests to expect no ca.crt instead of nil
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
|
2020-05-26 12:16:55 +01:00 |
|
Haoxiang Zhou
|
dceae33364
|
Do not add ca.crt key to TLS secret if empty
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
|
2020-05-26 12:16:20 +01:00 |
|
JoshVanL
|
9c9fe56f0b
|
Update new files to use 2020 copyright
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-05-21 10:52:56 +01:00 |
|
JoshVanL
|
5539bf3495
|
Moves metrics controller into sub-package of ./controller/certificates
and fix metrics listen address flag description
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-05-21 10:47:52 +01:00 |
|
JoshVanL
|
3e7f7eb87e
|
Expose Prometheus listen address as a controller command line flag
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-05-18 18:21:03 +01:00 |
|
JoshVanL
|
92eb8d0957
|
Refactor controllers to use new instrumented metrics that's baked into
all controllers
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-05-18 17:43:56 +01:00 |
|
JoshVanL
|
4dd70a6fe7
|
Adds new metrics controller to reconcile over Certificates and its
Status (Ready and Expiry)
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-05-18 17:43:18 +01:00 |
|
James Munnelly
|
b126a0c0e5
|
Use acme AccountRegistry throughout and tidy up ACME setup code
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-05-13 13:14:46 +01:00 |
|
James Munnelly
|
982b21bb06
|
Fix bug that could lead to validation to fail when attempting to update immutable field
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-05-01 12:33:14 +01:00 |
|
James Munnelly
|
3e8649abc2
|
Handle ACME orders with already valid authorizations upon first fetch through new 'initialState' field
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-05-01 12:33:14 +01:00 |
|
JoshVanL
|
a4cfd41ce7
|
Updates comments to proper working/capitalisation
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-30 11:53:42 +01:00 |
|
JoshVanL
|
dc4ba16051
|
Adds comments to clarify issuing_controller_test Certificate current
revision
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-28 11:03:26 +01:00 |
|
JoshVanL
|
d830db4ef7
|
Adds more temp cert tests, don't issue temp cert of different private
key and use shared GenerateLocallySignedCertificate
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-27 16:31:12 +01:00 |
|
JoshVanL
|
c115e6c2bf
|
internal/test.go accepts fixed clock and Shares
generaleLocallySignedCertificate
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-27 16:29:58 +01:00 |
|
JoshVanL
|
7d1d94fedb
|
Adds issuing controller temporary certificate units tests
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-26 19:39:08 +01:00 |
|
JoshVanL
|
095976548d
|
Adds temporary certificate logic to issuing controller based on
annotation
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-26 19:16:57 +01:00 |
|
JoshVanL
|
92c2d3c7c4
|
Moves secretmanager and testing util into separate package to refactor
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-26 15:45:10 +01:00 |
|
JoshVanL
|
11961b992d
|
Moves Certificate Issuing validation logic and key fetch earlier in sync
loop
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
|
2020-04-26 15:01:32 +01:00 |
|
Maartje Eyskens
|
f2b36483a4
|
Set Issuer kind specific to Issuer if cert-manager.io/issuer is specified.
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
|
2020-04-24 16:16:04 +02:00 |
|
James Munnelly
|
7978fbe081
|
Address review feedback and include truststore.jks with JKS mode enabled
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-22 15:20:49 +01:00 |
|
James Munnelly
|
ba33c823a3
|
Add 'keystores' stanza to CertificateSpec to allow dynamic keystore configuration
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-21 17:58:18 +01:00 |
|
jetstack-bot
|
4aff1ce3f0
|
Merge pull request #2814 from munnerz/privatekey-rotation
keymanager: support private key rotationPolicy field
|
2020-04-21 16:02:53 +01:00 |
|
James Munnelly
|
6a827c6b8b
|
Don't use fixed length map
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-21 14:49:25 +01:00 |
|
James Munnelly
|
019f64e841
|
Fix test failures
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-21 10:25:56 +01:00 |
|
James Munnelly
|
8a628c3315
|
Update field comments on ChallengeSpec
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-21 10:07:03 +01:00 |
|
James Munnelly
|
a17d04260e
|
requestmanager: copy labels and annotations onto CertificateRequest resources
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-21 09:49:32 +01:00 |
|
James Munnelly
|
f04696747c
|
Fix SecretDataAltNamesMatchSpec for loose matching and add tests
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-21 09:49:32 +01:00 |
|
James Munnelly
|
23892bc6e4
|
keymanager: support private key rotationPolicy field
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-21 09:49:32 +01:00 |
|
James Munnelly
|
e8cc2ba4ac
|
Fix selfsigned issuer unit tests
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-20 15:08:31 +01:00 |
|
James Munnelly
|
a9dd260e95
|
requestmanager: tidy up and add unit tests
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-20 15:08:31 +01:00 |
|
James Munnelly
|
48958036bf
|
Set NotAfter field in readiness controller
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-20 15:08:31 +01:00 |
|
James Munnelly
|
1c26ae412d
|
Move some logic into separate method
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-20 15:08:31 +01:00 |
|
James Munnelly
|
945dde4175
|
Fix PolicyFunc reference in trigger controller tests
Signed-off-by: James Munnelly <james@munnelly.eu>
|
2020-04-20 15:08:31 +01:00 |
|