weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,148 Commits 45 Branches 0 Tags 96 MiB
34ea128fd3
Commit Graph

739 Commits

Author SHA1 Message Date
jetstack-bot
34ea128fd3
Merge pull request #5368 from hawksight/pf/lease 
docs: Correct reference to lease not config map
 2022-08-09 17:04:05 +01:00
jetstack-bot
58b226e06c
Merge pull request #5163 from james-callahan/webhook-dynamic-serving-dns-names 
Webhook dynamic serving dns names
 2022-08-08 13:57:50 +01:00
Peter Fiddes
9b8d279193
docs: Change values.yaml wording to reference correct resource 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2022-08-04 15:11:32 +01:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Joe Bowbeer
455001e34a
Kubernetes 1.20+ 
Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>

Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>
 2022-07-07 17:15:28 -07:00
Joe Bowbeer
2a569341d7 refer to Default Security Contexts 
Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>
 2022-07-07 15:14:58 -07:00
Joe Bowbeer
db4fd285a7
Update helm README file 
Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>

Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>
 2022-07-07 03:44:35 -07:00
Joe Bowbeer
cbb476929e strengthen securityContexts 
Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>
 2022-07-06 10:47:26 -07:00
jetstack-bot
b84ea96d73
Merge pull request #5194 from Compy/master 
Support secrets for Route53 Access Key IDs
 2022-07-05 12:33:21 +01:00
joshvanl
f1d7c43276 Updates wording for aws rout53 dns CRD field comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 17:06:40 +01:00
Luca Comellini
aaa513de00
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-30 15:16:14 -07:00
Ashley Davis
eccde015ac
add CRD generation to makefile, replacing bazel 
- includes a run of make update-crds which causes some trivial changes
- updates version of YQ to latest
- makes hack/update-crds.sh just call make
- makes hack/verify-crds.sh just call make
- moves functionality of hack/verify-crds.sh to hack/check-crds.sh,
  using the makefile for generating alternative CRDs for comparison
- removes the bazel test associated with CRDs

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-27 13:25:18 +01:00
James Callahan
5fff1e6ee7
Avoid hard-coding release namespace in helm chart 
This improves compatibility with kustomize

Signed-off-by: James Callahan <jamescallahan@bitgo.com>
 2022-06-14 16:25:40 +10:00
James Callahan
6bd1c179b8
Use multiple --dynamic-serving-dns-names arguments 
This allows for cleaner debugging by adding/removing a line at a time.

The pflag library used allows multiple arguments like this, see
85dd5c8bc6/string_slice.go (L132-L135)

Signed-off-by: James Callahan <jamescallahan@bitgo.com>
 2022-06-14 16:25:07 +10:00
Compy
561103934d Updating and regenerating CRDs to make SecretAccessKeyID field usage more clear 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-11 10:48:10 -05:00
Compy
b9500d4364 Update CRD documentation to be a bit clearer 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-11 09:42:15 -05:00
irbekrm
6fcb3aacb2 Reverts additional check for ServiceMonitor. 
Reverts a check for whether Prometheus monitoring api resources have been
deployed before creating a ServiceMonitor as enforces dependency order
which does not fit installation model using GitOps tools as discussed in
https://github.com/cert-manager/cert-manager/pull/4844

This reverts commit f2f771fc93.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-10 11:51:47 +01:00
Compy
153e5420cf Add support for pulling Route53/AWS access key IDs out of secrets 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-08 16:33:00 -05:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
jetstack-bot
18cb322403
Merge pull request #5141 from andrewgkew/deployment-namespace-override 
Adding a namespace override for k8s resources
 2022-06-08 14:51:08 +01:00
Andrew Kew
bbdb043510 Adding new line to the end helpers file 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-06-07 16:25:33 +01:00
Ashley Davis
32b448c5ea
add URL for cert-manager website to chart, update logo URL 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-05-30 17:28:24 +01:00
Andrew Kew
e19ae66017 Adding link to the problem that has been identified in helm around sub charts and setting of namespaces 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-05-20 16:11:56 +01:00
Andrew Kew
b7700289f0 Refactored the namespace override and moved it into helper script so it can be updated in single place, then found more files that needed the value updated 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-05-20 12:39:44 +01:00
Andrew Kew
488b015b8d Added a namespace override so that the namespace where the services are deployed into can be set. Helpful when using this chart as a dependency (sub chart) 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-05-19 17:31:55 +01:00
Craig Minihan
8748abde93 Set the startupapicheck nodeSelector to linux 
Signed-off-by: Craig Minihan <craig@ripcordsoftware.com>
 2022-05-17 17:41:31 +01:00
irbekrm
db8c6999a8 Remove leftover cainjector annotations from our CRDs 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-09 17:24:30 +01:00
Dean Coakley
5e4e66e3d9 Update minimum version constraint to be 1.19.0-0 
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2022-04-29 17:28:40 +01:00
Dean Coakley
894643fe88 Add minimum kubernetes version constraint to chart 
Ref: https://cert-manager.io/docs/installation/supported-releases/
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2022-04-29 17:25:08 +01:00
jetstack-bot
3897556ccc
Merge pull request #4721 from Dean-Coakley/remove-securityContext-enabled 
Remove `securityContext.enabled` from helm chart
 2022-04-28 17:39:24 +01:00
jetstack-bot
fb3f6829bd
Merge pull request #5018 from SgtCoDFish/imgloc 
Fix old logo location in helm chart
 2022-04-08 10:11:37 +01:00
jetstack-bot
d212165c8d
Merge pull request #5016 from sveba/master 
explicitly mount service-account-token in deployment
 2022-04-05 22:15:48 +01:00
Ashley Davis
248e2cce66
fix old logo location in helm chart 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-04-05 20:26:08 +01:00
Svetoslav Batchovski
d843a25202 Explicitly mount service-account-token in deployment 
Signed-off-by: Svetoslav Batchovski <svetoslav@batchovski.de>
 2022-04-05 19:16:12 +02:00
Jake Sanders
0d88032850
Remove OWNERS from helm chart 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-04-05 16:46:57 +01:00
joshvanl
67afcb2d6c Add patch permissions to challenges/status 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
jetstack-bot
86ad9962a3
Merge pull request #4967 from maelvls/gwapi-v1alpha2-optional-labels 
Gateway API: with v1alpha2, the labels have become optional
 2022-03-30 15:11:33 +01:00
jetstack-bot
00938dfa4c
Merge pull request #3605 from mikebryant/3601-default-nodeselector-linux 
fix: Set default nodeSelector to linux
 2022-03-30 13:38:33 +01:00
Jake Sanders
b72db63761
Change label description for HTTP-01 Gateway API solver and fix tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:52:34 +01:00
jetstack-bot
e116d416f3
Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders 
Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate
 2022-03-28 13:11:31 +01:00
jetstack-bot
be15ce2279
Merge pull request #4953 from ajvn/feature/allow-privilege-escalation 
update: Setting allowPrivilegeEscalation to false
 2022-03-22 11:01:47 +00:00
jetstack-bot
ca32961253
Merge pull request #4772 from irbekrm/exp_backoff 
Exponential backoff for retrying failed certificate issuances
 2022-03-21 20:31:23 +00:00
Maël Valais
4b3af946db gateway-api: with v1alpha2, the labels have become optional 
Previously, in v1alpha1, an HTTPRoute was matched to a Gateway using
the label selectors present on the Gateways. For example, with the
following Gateway:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: Gateway
  metadata:
    name: acmesolver
  spec:
    listeners:
      - protocol: HTTP
        port: 80
        routes:
          kind: HTTPRoute
          selector:
            matchLabels:
              app: foo

you would have to use the following labels on the HTTPRoute in order to
get the above Gateway to be used:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: HTTPRoute
  metadata:
    labels:
      app: foo

With v1alpha2, the label selectors have been dropped. Instead, the
HTTPRoute has to give a direct reference to the Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: HTTPRoute
    spec:
      parentRefs:
        - kind: Gateway
          name: acmesolver
          namespace: traefik

This means that the "labels" field on the gatewayHTTPRoute solver is now
optional:

    apiVersion: cert-manager.io/v1
    kind: Issuer
    spec:
      acme:
        solvers:
          - http01:
              gatewayHTTPRoute:
                labels:              | This field is
                  app: test          | now optional.
                parentRefs:
                  - kind: Gateway
                    name: acmesolver

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-21 17:39:10 +01:00
Ivan
5c857d3737 update: Setting allowPrivilegeEscalation to false for controller, cainjector, webhook containers and for startupapicheck job 
Signed-off-by: Ivan <ivans@vaskir.co>
 2022-03-21 17:17:28 +01:00
Andrea Decorte
f6d8c4fb5b Add permissions to update certificates/status to allow namespace admins to renew manually a Certificate. Fixes #4954 
Signed-off-by: Andrea Decorte <adecorte@gmail.com>
 2022-03-21 12:08:11 +01:00
jetstack-bot
3266d13578
Merge pull request #4937 from illrill/feature/optional-rbac-aggregation 
Make aggregation to user-facing ClusterRoles optional
 2022-03-21 09:00:23 +00:00
irbekrm
dbad3d98f3 Rename issuanceAttempts -> failedIssuanceAttempts 
In an attempt to convey the meaning of the field better

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
affb5e86ef Adds IssuanceAttempts field to Certificate's status 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
Erik Godding Boye
94d1149760 docs: improve featureGates Helm chart value documentation 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2022-03-15 21:28:46 +01:00