weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,948 Commits 45 Branches 0 Tags 96 MiB
3d76c20f51
Commit Graph

833 Commits

Author SHA1 Message Date
Tim Ramlot
f50167ce31
restructure the controller configfile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-10 11:30:33 +02:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
jetstack-bot
cabc05824a
Merge pull request #6156 from kahirokunn/host-network-dns-policy 
chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet.
 2023-07-27 10:20:07 +02:00
jetstack-bot
615422b5bf
Merge pull request #6087 from rouke-broersma/patch-1 
fix: maxUnavailable pdb configuration cannot be used due to default set minAvailable
 2023-07-25 13:48:35 +02:00
arukiidou
740a4760b1
Update Chart.template.yaml 
add apache 2.0 license

Signed-off-by: arukiidou <arukiidou@yahoo.co.jp>
 2023-07-19 21:54:04 +09:00
jetstack-bot
e9e054b863
Merge pull request #6220 from giantswarm/webhook-netpol-indentation 
Fix indentation of Webhook NetworkPolicy matchLabels
 2023-07-18 09:55:23 +02:00
Gerald Pape
418df14dc0
Fix indentation of Webhook NetworkPolicy matchLabels 
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
 2023-07-17 16:24:59 +02:00
Tim Ramlot
a819025a4b
the chart will now disallow you to specify both the minAvailable and maxUnavailable values without issues 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-14 16:43:32 +02:00
Rouke Broersma
314163d461
Document that maxUnavailable takes precedence over minAvailable 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
29c270cf79
Fix conditions if maxUnavailable 0 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
5c5b1c6551
Fix pdb conditions 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
773afd3da4
Allow maxUnavailable in certmanager pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
eb2b4d8fbc
Allow maxUnavailable in webhook pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
659c95e202
Allow maxUnavailable in cainjector pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Ben Gelens
4adead4dfd fix the whitespace issue 
Signed-off-by: Ben Gelens <ben@bgelens.nl>
 2023-07-10 14:42:52 +02:00
jetstack-bot
8eb032a95a
Merge pull request #6110 from jkroepke/serviceMonitor 
[helm] Add prometheus.servicemonitor.endpointAdditionalProperties
 2023-06-26 11:29:55 +02:00
jetstack-bot
f9ffb76c5c
Merge pull request #6129 from cert-manager/remove_name_selector_admission_webhook 
Remove unused 'name' namespaceSelector
 2023-06-21 14:01:19 +02:00
kahirokunn
c2c0209acd chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet. 
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy

> For Pods running with hostNetwork, you should explicitly set its DNS policy to "ClusterFirstWithHostNet".

Signed-off-by: kahirokunn <okinakahiro@gmail.com>
 2023-06-15 11:17:30 +09:00
schrodit
a3c6261c38 disable service links on status api job 
Signed-off-by: schrodit <mail@timschrodi.tech>
 2023-06-12 14:09:36 +02:00
schrodit
c70be0a28b Disable service links in helm charts 
Signed-off-by: schrodit <mail@timschrodi.tech>
 2023-06-12 13:33:55 +02:00
Tim Ramlot
a945ab3378
remove unused 'name' namespaceSelector 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-03 09:54:33 +02:00
Jan-Otto Kröpke
d62eb71460
[helm] Add prometheus.servicemonitor.endpointAdditionalProperties 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2023-05-26 16:50:28 +02:00
Tim Ramlot
55ebaa31b5
fix typo 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-24 12:19:22 +02:00
irbekrm
acf07419f5 Fix a bug in helm chart where webhook had controller feature gates passed 
This will break anyone who relied on featureGates field to pass feature gates to webhook- they will need to use the new webhook.featureGates field

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:44:31 +01:00
jetstack-bot
a64088792d
Merge pull request #5991 from inteon/pr/JoshVanL/4810 
Server Side Apply: Adds support for CA Injector controller
 2023-05-05 14:21:07 +01:00
jetstack-bot
5035dda25e
Merge pull request #6006 from vidarno/cache-private-key-hash-on-issuer-status 
Cache private key hash on issuer status
 2023-05-05 08:05:07 +01:00
jetstack-bot
09e71c37d4
Merge pull request #5972 from vinzent/bugfix/issue-5755 
Check JKS/PKCS12 truststore in Secrets only if issuer provides the CA
 2023-05-04 11:04:37 +01:00
vidarno
a1f156c2b6 Merge branch 'cert-manager:master' into cache-private-key-hash-on-issuer-status 
Signed-off-by: vidarno <>
 2023-05-02 11:58:18 +02:00
vidarno
4934183927 Extend CRDs and structs to include LastPrivateKeyHash field 
Signed-off-by: vidarno <>
 2023-04-29 09:12:56 +02:00
Ashley Davis
40d8c0e4ec
fix broken links in values.yaml 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-04-27 16:32:34 +01:00
Thomas Müller
12483d3d54 Check JKS/PKCS12 truststores only if issuer provides the CA 
The current policy check for keystores in Secrets creates a loop because
the truststore.jks or truststore.p12 will never exist when the issuer didn't
provide the CA certificate. This behaviour was introduced by #5597

The JKS and PKCS12 truststores are only added to the Secret
if the CA is provided by the issuer. The CertificateRequest API
reference states:

> The PEM encoded x509 certificate of the signer, also known
> as the CA (Certificate Authority). This is set on a best-effort basis by
> different issuers. If not set, the CA is assumed to be unknown/not available.

This change will only check the PKCS12/JKS truststores if the CA cert from the
issuer exists in the secret.

Fixes #5755

Signed-off-by: Thomas Müller <thomas@chaschperli.ch>
 2023-04-27 17:09:41 +02:00
jetstack-bot
19104fcb4a
Merge pull request #5962 from wallrj/5670-controller-manager-liveness-probe 
Report controller-manager as unhealthy if leader election has failed to renew the lease but process is wedged
 2023-04-27 15:09:54 +01:00
Richard Wall
300d89a6cd Disable the controller liveness probe by default 
And allow configuration via Helm chart values

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-27 13:34:25 +01:00
Tim Ramlot
927cef3c22
switch to SSA for cainjector 
Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-26 17:04:11 +02:00
Richard Wall
b92482e041 Use a named port 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 13:04:52 +01:00
Richard Wall
4288fc02e8 Don't specify the livenessprobe host 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 12:42:34 +01:00
Richard Wall
4d182e9c7b Add /livez endpoint which reports the leaderElection status 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 07:53:26 +01:00
irbekrm
c4d6231dfa Bump min kube version requirement 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-24 08:49:49 +01:00
jetstack-bot
e96ad41462
Merge pull request #3931 from e96wic/pdbs 
Added PodDisruptionBudgets to helm chart
 2023-04-08 11:30:21 +01:00
irbekrm
b2b3eade26 Updates cert.status.lastFailureTime description 
To match the current behaviour

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-05 12:54:14 +01:00
Ole Furseth
f5eff1f318 Remove obsolete bazel documentation 
Signed-off-by: Ole Furseth <ole.furseth@bekk.no>
 2023-03-17 11:44:15 +01:00
Maël Valais
f0449ddb3b ingressClassName: document the "oneOf" contraint for the "name" field 
Signed-off-by: Maël Valais <mael@vls.dev>
 2023-03-09 15:15:39 +01:00
Maël Valais
ca9aaa0440 ingressClassName: let's remove the link placeholder 
The link itself is way too long to fit in the API reference.

Signed-off-by: Maël Valais <mael@vls.dev>
 2023-03-09 14:42:21 +01:00
Tim Ramlot
d93f26df28
fix Helm errors and simplify 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-03-07 10:04:32 +01:00
Eike Wichern
1c24345092
Adjusted to code-review comments 
Signed-off-by: Eike Wichern <13048266+e96wic@users.noreply.github.com>
 2023-03-07 10:04:32 +01:00
Eike Wichern
f96dba6f2f
Migrated to policy/v1 
Signed-off-by: Eike Wichern <13048266+e96wic@users.noreply.github.com>
 2023-03-07 10:04:32 +01:00
Eike Wichern
629deb14b0
PDBs can be edited per service; extended readme 
Signed-off-by: Eike Wichern <13048266+e96wic@users.noreply.github.com>
 2023-03-07 10:04:32 +01:00
Eike Wichern
9c16cdd711
Added PodDisruptionBudgets to helm chart 
Signed-off-by: Eike Wichern <13048266+e96wic@users.noreply.github.com>
 2023-03-07 10:04:32 +01:00
Maël Valais
6458ed1543 Move from a flag to the Issuer field "ingressClassName" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2023-03-03 17:50:30 +01:00
jetstack-bot
4a7fa90710
Merge pull request #5801 from malovme/solver-image-pull-secret 
Add imagePullSecrets for AMCE http01 solver pod
 2023-02-14 08:55:51 +00:00