weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
4,823 Commits 45 Branches 0 Tags 96 MiB
34396bc93b
Commit Graph

818 Commits

Author SHA1 Message Date
jetstack-bot
34396bc93b
Merge pull request #3499 from meyskens/ingress-netk8sbeta1 
Migrate Ingress to networking.k8s.io/v1beta1
 2020-12-14 09:50:12 +00:00
jetstack-bot
fcf54969dd
Merge pull request #3489 from exceptionfactory/3373-truststore-p12 
Add creation of truststore.p12 from CA
 2020-12-11 10:21:07 +00:00
Maartje Eyskens
c6e84d7c83 Switch informer to networking 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-09 16:36:11 +01:00
exceptionfactory
e9dfbb7a1a Updated PKCS12 API docs and corrected code formatting #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-08 11:23:16 -05:00
Maartje Eyskens
65281efff1 Migrate Ingress to networking.k8s.io/v1beta1 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 14:46:01 +01:00
jetstack-bot
7c53f88f19
Merge pull request #3476 from maelvls/unit-test-backoff-one-hour 
Move the 'back off for 1 hour' logic to a unit-tested func
 2020-12-08 11:02:17 +01:00
Maël Valais
62f8db6e6a refactor(issuing): PR review: use MustCreateCryptoBundle directly 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
6484010f5c fix(issuing): wait until req matches cert before setting failure 
The issuing controller wasn't checking if the certificate request that
it picked up is up to date. That resulted in the certificate being set
to "Failing" and "Issuing = False" due to an old certificate request
that was created during a previous issuance. The certificate would then
become stale.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
17cd05ecab test(issuing): new test: when req mismatches, cert can't be updated 
This new unit test highlights an unexpected behavior of the issuing
controller: the issuing controller is updating the certificate's status
when the certificate request has a failure ("Reason = Failed"), but the
controller might have picked up an out-of-date certificate request.

The consequence is that the issuing controller would set the certificate
to "Issuing = False". That happens when a re-issuance is triggered with
an old failing certificate request.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
07fd8754f5 refactor(trigger): add test case when failure just happened 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:51:12 +01:00
Maël Valais
769303c5f8 refactor(trigger): don't backoff when exactly 60min 
As Maartje mentioned, it doesn't make sense to return backoff = true
while returning a delay of 0. Also, use time.UTC instead of time.Local.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:44:06 +01:00
Maël Valais
27d4924b5a refactor(trigger): move backoff logic to a unit-tested func 
The trigger_controller_test.go has many unrelated test cases and I
thought it would be good to have more tightly scoped functions that are
easy to review (and most importantly, the unit tests are easy to
review).

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:40:01 +01:00
exceptionfactory
c3db3ee7cd Simplified return handling for PKCS12 functions #3733 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-03 07:20:31 -06:00
exceptionfactory
9dd90f8f2b Added creation of truststore.p12 from CA for #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-01 14:37:42 -05:00
jetstack-bot
6fd14b0241
Merge pull request #3464 from wallrj/3396-renew-before-expiry-duration 
Fix and deprecate the --renew-before-expiration-duration flag
 2020-12-01 12:07:06 +01:00
Maartje Eyskens
d705838e83 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
66f787ef33 Fix a lost EnableNotAfterDate 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
04d88479e4 Pass duration on until ACME order creation 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
1b33e8029a Fix unit tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:08 +01:00
Maartje Eyskens
7b6573aa35 Add duration into ACME 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:45:32 +01:00
Richard Wall
1fc1fa88a0 Prevent instant renewal when the renewBefore value matches the duration 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-11-19 15:00:27 +00:00
Richard Wall
95a229cc6e Unit tests for current behaviour 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-11-19 13:01:00 +00:00
Richard Wall
a33abd2060 Plumb through the flag provided defaultRenewBeforeExpiryDuration 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-11-19 12:44:18 +00:00
Richard Wall
2b83331a2d Remove unused helper functions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-11-19 12:44:18 +00:00
Mateusz Gozdek
27fa2f1ec4
Fix various typos found by codespell 
Found by running this command:

codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater

Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
 2020-11-07 14:55:13 +01:00
Maartje Eyskens
c0d88c28e4 Add a unit test for more challenges than previously allowed 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-22 14:45:02 +02:00
Maartje Eyskens
42803173cb Fix a panic when changing the max concurrent challenges 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-20 15:45:45 +02:00
jetstack-bot
8e0e858199
Merge pull request #3288 from meyskens/acme-ip 
Add support for IPs in ACME
 2020-10-16 10:48:15 +02:00
Richard Wall
f3f321bbbc Update to vcert v4.11.0 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-10-08 15:02:50 +01:00
Maartje Eyskens
d8023a79d0 Fix error format 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
Maartje Eyskens
542b329914 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
Maartje Eyskens
9452327d1b Add test in order sync 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
Maartje Eyskens
1cbfe49938 Fix CN check for IPs as well as add tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
Maartje Eyskens
58b462eef9 Fix nil in spec 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
Maartje Eyskens
39de7f3b99 Fix IP type 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
Maartje Eyskens
b3e25815a5 Add support for IPs in ACME 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
Matthias Frey
2f2253afaf make propagation check period configurable 
Signed-off-by: Matthias Frey <freym@users.noreply.github.com>
 2020-09-24 11:28:49 +02:00
Richard Wall
0a2a4b0d7a Revert the introduction of errors.WithStack 
* The logging isn't configured to show the stack traces anyway.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 12:08:10 +01:00
Richard Wall
ea73ab534c Document newIndependentCacheAndDelegatingClient 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 12:02:52 +01:00
Richard Wall
35f10ef439 Explain why we're not using the controller.Builder 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:58:30 +01:00
Richard Wall
975e98e285 Log an error if WaitForCacheSync fails 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:51:45 +01:00
Richard Wall
a5e6f6c262 Stop creating new controllers if one of the errgroup has already erred 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:41:11 +01:00
Richard Wall
602043013e Revert the increased number of reconcile threads 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:39:52 +01:00
Richard Wall
2bffaf9270 A clearer name for the function which creates each controller 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:38:00 +01:00
Richard Wall
7c6374ff07 Explain why we ignore objects with a deletionTimestamp 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 10:28:32 +01:00
Richard Wall
e2765f720a Remove debug log 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 10:04:28 +01:00
Richard Wall
e27e503624 Ensure that each controller's delegating client refers to the correct cache 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 08:29:07 +01:00
Richard Wall
98fff7dcf8 Clearer logging 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-17 16:43:15 +01:00
Richard Wall
1bb99dee1a Increase the number of reconciler goroutines 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-17 16:42:51 +01:00
Richard Wall
ebd7ba5e70 Ignore objects that are being deleted 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-17 16:41:58 +01:00