weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,425 Commits 45 Branches 0 Tags 96 MiB
438c79d4e3
Commit Graph

486 Commits

Author SHA1 Message Date
irbekrm
5e8fd7dc41 Policy check ensures that cert.sepc.secretName secret gets labelled 
Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 18:31:31 +00:00
irbekrm
213949a590 Keymanager controller ensures that temporary private key Secrets are labelled 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 18:30:34 +00:00
irbekrm
c7465fd921 Issuing controller ensures that cert.spec.secretName secrets are labelled 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 18:29:51 +00:00
Sathyanarayanan Saravanamuthu
f719247d2b Addressing review comments 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu
94fa9eeee6 Addressing review comments 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu
42ae76ae30 Refreshing secrets when the keystore fields change 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu
2969202fe2 Addressing review comments 
Co-authored-by: Cody W Eilar <ecody@vmware.com>

Signed-off-by: Cody W Eilar <ecody@vmware.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-11 17:22:38 +05:30
Sathyanarayanan Saravanamuthu
40947b0ef4 Generate Certificate Request with predictable name 
Co-authored-by: Cody W Eilar <ecody@vmware.com>

Signed-off-by: Cody W Eilar <ecody@vmware.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-11 17:01:26 +05:30
Tim Ramlot
e917e4a103
log more information on why the get CertificateRequest request failed 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-10-05 18:53:53 +02:00
Tim Ramlot
39fa9f51b4 upgrade dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-09-26 11:43:12 +02:00
jetstack-bot
07677c57bc
Merge pull request #5366 from munnerz/privatekey-regen-test 
Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried
 2022-08-05 16:23:30 +01:00
James Munnelly
7b4d04cdef bugfix: fix issue where CertificateRequests marked InvalidRequest were not properly marked as Failed 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
11ada1d3d3 rename policyEvaluator->BuildReadyConditionFromChain 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
joshvanl
91e0a5ceca TestManyPasswordLengths: pre-create password test cases outside of 
concurrent tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-21 09:30:28 +01:00
jetstack-bot
d15d2d51ec
Merge pull request #5199 from irbekrm/fix_keyrotation_warning 
Fix keyrotation warning
 2022-06-30 14:14:03 +01:00
Ashley Davis
a40fdd64b5
Incease issuer and clusterissuer controller timeouts 
This follows ideas presented in
https://github.com/cert-manager/cert-manager/pull/5214

It might be nice to add these big timeouts globally to all controllers
but we're intentionally keeping these changes small and targeted for now
in order to minimise the risk when backporting these changes.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-22 11:35:00 +01:00
irbekrm
bb124a0f61 Corrects the cert.spec.privateKey path in logs 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-09 15:30:08 +01:00
irbekrm
ede76c3c25 Clarifies the warning if private key cannot be regenerated, but spec has changed 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-09 14:41:35 +01:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
joshvanl
6ee59fb9e8 Wires up new post issuance checks for issuing controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-29 13:54:27 +01:00
irbekrm
dbad3d98f3 Rename issuanceAttempts -> failedIssuanceAttempts 
In an attempt to convey the meaning of the field better

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
4c901aefab Code review comments 
Adds test conditions to certs via patch API call instead of update to avoid conflicts

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
739c3298e8 Trigger controller backs off from issuance with an exponential backoff 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
9824ab0949 certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed 
This field tracks the number of continuous failures and is used to implement exponential backoff

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
jetstack-bot
10c5d72279
Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests 
Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate
 2022-02-16 10:57:37 +00:00
joshvanl
da67eb2b65 Adds explicit field manager to requestsmanager controller Create call 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00
joshvanl
38ce8b3bcf Always user Create operation when creating new CertificateRequest 
object

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00
joshvanl
b2cc1b38cb Use optional apply for requestmanager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:04 +00:00
joshvanl
4dc6c957d4 Adds review comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:15:57 +00:00
joshvanl
37775615ff Use ApplyStatus in all Certificates controllers. When ServerSideApply 
enabled, set Issuing condition to False instead of removing it

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:15:57 +00:00
joshvanl
bdb4954c25 Adds updateOrApply to certificates controllers to optionally Apply 
certificate based on feature gate

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:14:31 +00:00
joshvanl
9ca869c2cf Add tests to secret manager for additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:41:45 +00:00
jetstack-bot
b1180c59ad
Merge pull request #4587 from SgtCoDFish/bigrename 
Rename import path
 2022-02-03 11:56:12 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
c737c3d9c6 Update secret manager test to no longer expect a non-force apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 18:04:42 +00:00
joshvanl
e5e3cf1fa2 Always Force apply in issuing controller's secret manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:57:22 +00:00
joshvanl
fb6e0b9f00 Pass FieldManager down to issuing controller->secrets manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 13:56:29 +00:00
joshvanl
c66591cf37 Update certificate controllers with new controller builder 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:48 +00:00
joshvanl
38b7b930c8 Add tests from rebase and more policies under 
/internal/controller/certificates

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:31:05 +00:00
joshvanl
3b148347ad Move temporary certificate policy init into policy package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
a53987214f Move certificates controller policies under /internal/controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
f1cafae95f Refactor trigger policies to be more generic and be used by multiple 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
655dbfec51 Update certificates controller secrets manager since feature gate is 
removed

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
bdc310adeb Update certificates secret manager to Apply managed fields when the 
apply feature is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
d8548215dd Update secret manager to include additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
419ff43312 Add more context to SecretCertificateAnnotations 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 15:15:39 +00:00
joshvanl
ee3cc828a9 Ensure the SecretTemplate matching is aware of the base annotations set 
on the Secret

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:41:24 +00:00
joshvanl
38084fb719 Update secret manager to include additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:40:12 +00:00