weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,720 Commits 45 Branches 0 Tags 96 MiB
30f9c123d3
Commit Graph

53 Commits

Author SHA1 Message Date
Maël Valais
30f9c123d3 gateway-shim: add the gateway-shim controller 
Note that the gateway-shim is only half the work for supporting the
Gateway API in cert-manager. The other half is the HTTP01 solver
support, which is still worked on.

The Gateway API in cert-manager is releases as an experimental feature
and needs to be enabled manually with the following flag:

  --controllers=*,gateway-shim

All the annotations supported by ingress-shim are also supported by
gateway-shim, with some exceptions:

  "acme.cert-manager.io/http01-ingress-class"

This annotation is not supported on the Gateway resource. Although the
Gateway resource also has a "gatewayClass" field, we will need to add
another field instead of "ingress-class" to avoid confusion with the
ingress-shim.

  "acme.cert-manager.io/http01-edit-in-place"

This annotation is not supported because it is specific to some ingress
controllers like ingress-gce.

  "kubernetes.io/tls-acme"

This annotation is not supported because it is a behavior inherited from
kube-lego and we chose not to keep this behavior with the Gateway API.

Unlike the ingress-shim, you can reuse the same Secret name in multiple
TLS configurations on the same Gateway resource.

The ingress-shim now shows the exact location of the duplicate
secretName when the user gives the same secretName in two separate TLS
blocks.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-15 20:34:55 +02:00
Jake Sanders
79d8d9cb7b
Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" 
This reverts commit 80f27739b5, reversing
changes made to 96604d02a3.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:25 +01:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
irbekrm
b852e97ffb Removes the deprecated renew-before-expiry flag 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-21 10:22:25 +00:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
Richard Wall
a33abd2060 Plumb through the flag provided defaultRenewBeforeExpiryDuration 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-11-19 12:44:18 +00:00
Matthias Frey
2f2253afaf make propagation check period configurable 
Signed-off-by: Matthias Frey <freym@users.noreply.github.com>
 2020-09-24 11:28:49 +02:00
JoshVanL
5539bf3495
Moves metrics controller into sub-package of ./controller/certificates 
and fix metrics listen address flag description

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-21 10:47:52 +01:00
JoshVanL
92eb8d0957
Refactor controllers to use new instrumented metrics that's baked into 
all controllers

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-18 17:43:56 +01:00
James Munnelly
b126a0c0e5 Use acme AccountRegistry throughout and tidy up ACME setup code 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-05-13 13:14:46 +01:00
James Munnelly
ba33c823a3 Add 'keystores' stanza to CertificateSpec to allow dynamic keystore configuration 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-04-21 17:58:18 +01:00
James Munnelly
20ee4833dd Remove webhookbootstrap controller 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-03-30 14:26:05 +01:00
James Munnelly
98bc0d52f9 Add --experimental-issue-jks flag to enable JKS bundle generation 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-03-04 15:33:22 +00:00
James Munnelly
e9374730c9 Add --experimental-issue-pkcs12 flag to enable PKCS12 bundle generation 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-03-04 10:02:21 +00:00
Josh Soref
5e275cdacf spelling: propagation 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-02-24 17:20:10 -05:00
James Munnelly
6b19892908 Fix regression in certificates controller setting owner references 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-10-09 11:33:21 +01:00
JoshVanL
4eb6335c76 Support out of tree issuers in ingress-shim 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-09-27 13:54:39 +01:00
James Munnelly
bc61194709 Remove deprecated code from ingress-shim controller 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-19 13:07:59 +01:00
James Munnelly
5c17c2e37f Add webhookbootstrap controller 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-08-14 21:27:36 +01:00
James Munnelly
99bbc31386 Promote 'Clock' to be a field on controller context 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-07-26 12:30:23 +01:00
Michael Tsang
2cc1c4df07 Add MaxConcurrentChallenges flag and associated structs to options 
Signed-off-by: Michael Tsang <michael.tsang@jetstack.io>
 2019-05-13 16:55:38 +01:00
James Munnelly
942d6491d6 Pass StopCh and RESTClient to controller context 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-04-18 14:22:08 +01:00
James Munnelly
5d73076db9 Update logs package for go-logr 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-03-12 14:24:50 +00:00
James Munnelly
0bde3dacba Create pkg/api/util and re-arrange controller instantiation code 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-19 11:25:54 +00:00
jetstack-bot
5f96b378e6
Merge pull request #1184 from tlmiller/feature/authnss 
Control authoritative dns01 server check.
 2019-01-12 15:25:07 +00:00
Thomas Miller
dacd0b45cb Control authoritative dns01 server check. 
Adds cmd flag for controlling if authoritative dns servers are used to
check RR propagation or just normal resolvers.

This change is added so that constrained enviornments can control more
aspects of DNS queries performed.

- Applying PR feedback

Signed-off-by: Thomas Miller <thomas@tlm.id.au>
 2019-01-12 20:17:28 +10:00
Louis Taylor
bbda87b3c8 Add --namespace flag 
Signed-off-by: Louis Taylor <louis@kragniz.eu>
 2019-01-10 13:52:52 +00:00
James Munnelly
0fcc0c666c Update copyright header year 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-07 15:07:55 +00:00
jetstack-bot
2c74eabb1c
Merge pull request #819 from ccojocar/cert_secret_ref 
Set the certificate as an owner of the secret
 2018-11-26 15:06:33 +00:00
Rohith
e2f13f5f9c Requested Changes 
- changing the name of the command line option to --auto-certificate-annotations
- making the option an array to allow for multiple annotations settings

Signed-off-by: Rohith Jayawardene <gambol99@gmail.com>
 2018-11-06 12:09:47 +00:00
Rohith
712a7a85ee Configurable ACME Annotation 
- adds a option command line (default to the current behavour) which allows the user to control the acme annotation used by the shim controller
- a current mitgration requires use to run multiple providers at the same

Signed-off-by: Rohith Jayawardene <gambol99@gmail.com>
 2018-11-06 12:09:18 +00:00
Cosmin Cojocar
5d36fba075 Add a flag which controls whether the certificate is configured as an owner of the secret where the effective TLS certificate is stored 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2018-10-28 19:55:26 +01:00
Arnold Bechtoldt
845eb7f57c make http01 solver pod resource request/limits configurable, refs #892 
Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>
 2018-09-26 14:39:06 +02:00
James Munnelly
51195e4c5f Update license header and add header to every file 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 15:53:37 +01:00
James Munnelly
fa0bc9998e Add RenewBeforeDuration option to controller context 2018-08-08 13:34:30 +01:00
James Munnelly
9dc20d3c35 Remove dedicated issuer context and move issuer registration into controller pkg 2018-08-07 16:13:46 +01:00
James Munnelly
fdb8f2bf40 Link ingress-shim into main controller binary 2018-04-26 12:44:40 +01:00
Louis Taylor
0961e24174
Remove namespace from more places 2018-04-06 11:20:24 +01:00
James Munnelly
514f9e9b3d Update third_party import paths 2018-01-15 22:07:51 +00:00
James Munnelly
fa7e052ac1 Move to github.com/jetstack/cert-manager repo 2017-11-03 16:41:39 +00:00
James Munnelly
eb4be6859e Update controllers and issuers for new SharedInformerFactory 2017-11-03 15:26:19 +00:00
James Munnelly
7875268247 Fix imports 2017-11-03 14:48:41 +00:00
James Munnelly
852e250a69 Add clusterissuer controller 2017-09-22 00:10:42 +01:00
James Munnelly
80b02006fd Remove unusued kube package 2017-09-11 01:04:31 +01:00
James Munnelly
f66855bd03 Add event recording. Split out cmd entrypoint. 2017-09-09 18:27:35 +01:00
James Munnelly
35d672ef39 Add comments to top level packages 2017-09-09 11:42:50 +01:00
James Munnelly
7540beb74b Update imports 2017-09-09 02:13:03 +01:00
James Munnelly
960d46e302 Add leader election. Fix gracefully exiting. 2017-09-09 01:47:21 +01:00
James Munnelly
d0212e8a3b Update controller to accept Options via context 2017-09-08 21:43:18 +01:00