weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
6,441 Commits 45 Branches 0 Tags 96 MiB
38b7b930c8
Commit Graph

1180 Commits

Author SHA1 Message Date
joshvanl
38b7b930c8 Add tests from rebase and more policies under 
/internal/controller/certificates

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:31:05 +00:00
joshvanl
3b148347ad Move temporary certificate policy init into policy package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
a53987214f Move certificates controller policies under /internal/controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
f1cafae95f Refactor trigger policies to be more generic and be used by multiple 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
655dbfec51 Update certificates controller secrets manager since feature gate is 
removed

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
bdc310adeb Update certificates secret manager to Apply managed fields when the 
apply feature is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
d8548215dd Update secret manager to include additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
jetstack-bot
051a763ee5
Merge pull request #4638 from JoshVanL/controllers-certificates-secret-template 
SecretTemplate reconciliation. SecretManager Apply
 2022-01-18 13:28:57 +00:00
jetstack-bot
e2aede44c7
Merge pull request #4731 from DiptoChakrabarty/lint 
add go linters fixes within codebase
 2022-01-18 12:52:57 +00:00
DiptoChakrabarty
ba9dccb26d fix comments in consts 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2022-01-18 10:04:58 +05:30
joshvanl
419ff43312 Add more context to SecretCertificateAnnotations 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 15:15:39 +00:00
joshvanl
ee3cc828a9 Ensure the SecretTemplate matching is aware of the base annotations set 
on the Secret

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:41:24 +00:00
joshvanl
38084fb719 Update secret manager to include additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:40:12 +00:00
joshvanl
b6e499a317 Fix comment and add comment about forcing apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
196d0011ca Remove SecretTemplate controller and move logic into issuing controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
64d78c6e10 Update certificates controller with new secret manager signatures and 
tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
c5f101525c Update certificates controller secrets manager since feature gate is 
removed

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
7a4be1edfd Copy across an existing secret type in secrets manager since that field 
is immutable.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
a56b6a8596 Fix CA injector test to only create a Secret of type kubernetes.io/tls 
since that field is immutable, and shouldn't change from Opaque

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
95ee9ee031 Force apply secrets manager if a field has a conflict with the owner 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
5660b80888 Gix golang references to feature gate package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
d6fb5138f2 Re-add crd-certificates.yaml 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
af360ee9b3 Fix some test func names and some comments. Replaces DeDuplicate in 
SecretTemplate controller to use sets.Strings. Removes DeDuplicate func

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
ebc4cba48c Make secretsmanager if statement blocks prettier 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
54c00afb13 Fix comments in secretsmanager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
957bc0a081 Create InitWithRESTConfig() in controller test context builder to not 
change existing Init() consumers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
760254848b Make RestConfig nil in acmechallenges sync_test.go 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
8b501d7d54 Also don't reconcile Certificates in SecretTemplate controller if 
Issuing=True

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
1319f2a5fb Adds the certificates SecretTemplate controller to reconcile ready 
Certificate's Secrets on SecretTemplate changes

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
de4522d883 Update certificates secret manager to Apply managed fields when the 
apply feature is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
DiptoChakrabarty
e7c75832af few more fixes 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2022-01-13 19:47:11 +05:30
jetstack-bot
778be75841
Merge pull request #4697 from irbekrm/valid_orders_update 
Don't fail an order that has been finalized, but the status has not been synced to Order CR
 2022-01-12 08:10:03 +00:00
irbekrm
e7cc37ef71 Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>

Co-authored-by: Maël Valais <mael@vls.dev>
 2022-01-11 18:09:44 +00:00
jetstack-bot
fa321b6a4b
Merge pull request #4287 from linka-cloud/acme-http-challenge-cutomer-dns 
Acme http challenge custom dns
 2022-01-11 11:24:03 +00:00
irbekrm
24866544b8 Ensures that if alternate cert chain is specified, it is retrieved 
Ensures that if the cert is retrieved in a reconcile following the one that finalized the ACME order, the alternate cert chain is still respected, if specified by user

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-11 10:51:14 +00:00
irbekrm
de8aa2583e Ensures that ACME orders controller does not create new order if it failed to update old order's status to valid 
Check the status of the ACME order if finalizing order failed to catch edge cases where the order is already finalized, but the updating of Order CR's status has failed

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-11 10:51:14 +00:00
jetstack-bot
2e465fbf34
Merge pull request #4628 from irbekrm/sync_cleanup 
Order sync cleanup
 2022-01-10 20:27:04 +00:00
James Munnelly
9c04a04c7c Move feature package into internal/controller 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:36 +00:00
Adphi
3375fa0609
http01: add custom nameservers support (#4286) 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-06 21:02:46 +01:00
jetstack-bot
019d64edcf
Merge pull request #4688 from irbekrm/renew_failed 
Fixes a bug where a previous failed CertificateRequest was picked up during next issuance
 2022-01-04 15:08:31 +00:00
irbekrm
0a4617e582 Fix staticcheck error 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-04 10:11:04 +00:00
irbekrm
fac6622f5e Delete CertificateRequest that failed during previous issuance if we are re-issuing for the same revision 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:54:55 +00:00
irbekrm
ff67b2a9a0 Ignore failed CRs for previous issuance in certificates-issuing controller 
Issuing controller should only look at 'current' CertificateRequests

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:51:25 +00:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
joshvanl
d5503c2ed2 Change certificates controller to no longer error for a Certificate that 
no longer exists

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-11-30 15:13:14 +00:00
irbekrm
e48846132b Add a couple new test cases for order finalization 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-26 16:32:02 +00:00
irbekrm
4aee0a4acd Reduce a few calls to ACME server 
Ensure that when updating cert-manager Order CR's status from an existing ACME Order only one call will be made to retrieve the ACME Order

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-26 16:31:27 +00:00