weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,002 Commits 45 Branches 0 Tags 96 MiB
40bda26e8b
Commit Graph

2884 Commits

Author SHA1 Message Date
Joost Buskermolen
40bda26e8b
Set static (Cluster)Issuers timeout to 90 seconds 
Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
 2022-06-22 11:16:37 +01:00
Rodrigo Fior Kuntzer
afeb543c3c CertificateRequests controllers must wait for the core secrets informer to be synced 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2022-06-22 07:21:32 +02:00
oGi4i
3148b17fa5
Add revision history limit Ingress annotation to set field on the Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-21 15:12:09 +03:00
Joakim Ahrlin
de08109be0 add VerifyCredentials to Venafi issuers setup 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-06-14 12:26:38 +02:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
Luca Comellini
091549620b
Bump Go to 1.18 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-02 15:50:13 -07:00
Cody W. Eilar
2da5974fb4 Improve logging output for webhook cert renewal 
- Make "cert-manager certificate" explicit in log output
- Include DNSNames for context

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2022-05-24 12:48:45 -07:00
irbekrm
df3bb59af5 Ensure that Venafi client for CSRs gets initialized with metrics 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-16 17:23:33 +01:00
Richard Wall
1ade01f819 Addressed code review feedback and simplified the unit-tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-14 14:24:13 +01:00
Richard Wall
557d14a0cd Refactor the update and updateStatus to a single deferred function 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-12 16:51:30 +01:00
jetstack-bot
4ec33298a2
Merge pull request #5081 from wallrj/3640-cleanup 
Challenge cleanup improvements
 2022-05-05 11:19:28 +01:00
Irbe Krumina
1d917ef311 Revert "Use Apply instead of Update to modify resources in tests" 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-03 11:31:47 +01:00
Richard Wall
6a4fffbedc Test that the cleanup is performed 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 17:51:34 +01:00
Richard Wall
5f867bff37 Use a more reliable check for deletion 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 16:49:23 +01:00
jetstack-bot
eb76f331ad
Merge pull request #5077 from irbekrm/tests_apply 
Use Apply instead of Update to modify resources in tests
 2022-04-29 13:23:00 +01:00
jetstack-bot
31d0c3ab41
Merge pull request #5051 from wallrj/3640-set-and-consume-challenge-finalizer-in-one-place 
Set the challenge cleanup finalizer in the Sync function
 2022-04-28 15:43:24 +01:00
irbekrm
54a487f1fb certificates.Apply returns the patched certificate 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-28 14:41:22 +01:00
irbekrm
c91372a96e Mark venafi_client_request_duration_seconds metric as alpha 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-28 11:52:48 +01:00
irbekrm
591fb3cfc9 Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-28 10:12:16 +01:00
Richard Wall
ee8c1cf738 Remove finalizer duties from the scheduling function and update and expand the tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-27 10:34:22 +01:00
Richard Wall
dd4fe97928 Set the finalizer as part of the Challenge Sync function 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-27 10:34:22 +01:00
irbekrm
ccdb30e16b Cleanup 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-20 12:26:35 +01:00
irbekrm
cb0c8ba3e3 Log Venafi API calls 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-20 10:32:02 +01:00
irbekrm
99edfcfbfc Adds Venafi metrics 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-20 08:48:41 +01:00
Ashley Davis
76cdab0c82
remove pkg/util/coverage 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-04-08 16:56:24 +01:00
lonelyCZ
53d8a07397 Add a unit test for challenges reScheduler 
Signed-off-by: lonelyCZ <531187475@qq.com>
 2022-04-08 14:35:41 +08:00
lonelyCZ
57a6d931a1 Fix the error is reported to null when it happens 
Signed-off-by: lonelyCZ <531187475@qq.com>
 2022-04-07 16:10:14 +08:00
irbekrm
0f74fc10fb Removes unnecesary check for finalizer diff in challenge sync 
No changes are made to finalizers in this function

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-01 11:53:44 +01:00
irbekrm
9a9ca2006a Adds a challenge finalizer in challenges controller 
This was previously applied in orders controller, which was causing issues when trying to remove it in challenges controller via server side apply

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-01 11:53:44 +01:00
joshvanl
82c068f0fd Updates ACME challenge controllers to use apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
jetstack-bot
86ad9962a3
Merge pull request #4967 from maelvls/gwapi-v1alpha2-optional-labels 
Gateway API: with v1alpha2, the labels have become optional
 2022-03-30 15:11:33 +01:00
jetstack-bot
00938dfa4c
Merge pull request #3605 from mikebryant/3601-default-nodeselector-linux 
fix: Set default nodeSelector to linux
 2022-03-30 13:38:33 +01:00
Jake Sanders
b72db63761
Change label description for HTTP-01 Gateway API solver and fix tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:52:34 +01:00
jetstack-bot
e2266d7a8b
Merge pull request #4987 from wikimedia/issue-4956 
Add controller_requeue_count metric
 2022-03-29 19:53:53 +01:00
jayme-github
63e3b7a0a8 Add controller_sync_error_count metric 
Introducing a new metric controller_sync_error_count counting the
number of errors during sync() of a controller.

This adds more visibility to potential issues ranging from things like
connection problems to the API or webhooks to possible hard errors.

For context, please see #4956

Signed-off-by: Janis Meybohm <jmeybohm@wikimedia.org>
 2022-03-29 16:02:49 +02:00
joshvanl
6ee59fb9e8 Wires up new post issuance checks for issuing controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-29 13:54:27 +01:00
jetstack-bot
bfcc204c2b
Merge pull request #4811 from JoshVanL/controllers-server-side-apply-certificates-shim 
Server Side Apply: Adds support for certificate-shim controllers to use SSA with Feature Gate
 2022-03-28 14:33:31 +01:00
jetstack-bot
e116d416f3
Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders 
Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate
 2022-03-28 13:11:31 +01:00
joshvanl
c1c2d2d081 Add roundtrip test to Certificate serializing. Add field manager to 
certificates-shim Create API call

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:29 +01:00
joshvanl
9d0b2590a8 Optionally Apply certificates, instead of update, in certificate-shim 
when Server-Side apply is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:28 +01:00
jetstack-bot
c30cfa1610
Merge pull request #4973 from irbekrm/restrict_duration 
Enforce minimum value of experimental.cert-manager.io/request-duration to 600s
 2022-03-28 12:34:31 +01:00
jetstack-bot
d8fee10ad8
Merge pull request #4962 from fvlaicu/fix-route53-dns-challenge 
Route53 challenges: upsert records instead of create
 2022-03-23 17:29:20 +00:00
irbekrm
2656cc18c3 Fix test failures 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:57:34 +00:00
irbekrm
09d8cb9cf8 Adds some more test cases 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:20:21 +00:00
irbekrm
661abb133f Set CSR as failed if annotation duration is not a valid time 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
irbekrm
d384aef754 Enforce minimum value of experimental.cert-manager.io/request-duration to 600s 
To ensure compatibility with CSR's spec.expirationSeconds

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
jetstack-bot
0631806082
Merge pull request #4974 from irbekrm/fix_csr_events 
Use client-go scheme with core types added as event recorder scheme
 2022-03-22 17:49:51 +00:00
irbekrm
a5ed48a324 Adds a unit test for certificatesigningrequests sync function 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 15:09:33 +00:00
jetstack-bot
dc24503939
Merge pull request #4958 from irbekrm/tsig_provider 
Use our own implementation of miekg/dns.TsigProvider interface
 2022-03-22 12:18:51 +00:00
jetstack-bot
be15ce2279
Merge pull request #4953 from ajvn/feature/allow-privilege-escalation 
update: Setting allowPrivilegeEscalation to false
 2022-03-22 11:01:47 +00:00