weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
698 Commits 45 Branches 0 Tags 96 MiB
47465d645b
Commit Graph

295 Commits

Author SHA1 Message Date
James Munnelly
dc5929ce29 Fix Issuer sync_test.go 2017-10-16 13:38:53 +01:00
James Munnelly
59e2af767a Perform Issuer/ClusterIssuer status updates in controller 2017-10-16 12:59:46 +01:00
James Munnelly
1f278d659b Refactor e2e setup into scripts. Speed up e2e tests. 
Build images whilst services are starting

Exit on setup boulder errors

Install nsenter

Don't build nsenter

Turn up e2e pod verbosity

Set pullPolicy IfNotPresent on HTTP challenge solver
 2017-10-16 12:58:47 +01:00
James Munnelly
9f79eea7d1 Use pods instead of jobs for acme solver 2017-10-13 20:15:53 +01:00
James Munnelly
9d933d9e11 Only update certificate status in the controller package to stop conflicts 2017-10-13 20:15:29 +01:00
James Munnelly
29f44c2ed6 Fix domain authorization check 2017-10-13 18:28:40 +01:00
James Munnelly
a62afaa1e7 Merge pull request #120 from jetstack-experimental/fix-http-cleanup 
Fix ACME HTTP Cleanup function
 2017-10-13 18:09:33 +01:00
James Munnelly
213d895865 Fix ACME HTTP Cleanup function 2017-10-13 17:59:39 +01:00
James Munnelly
22ed25955d Merge pull request #119 from jetstack-experimental/auth-per-acc 
Check authorizations account URI before attempting to reuse authorization
 2017-10-13 17:10:17 +01:00
James Munnelly
8d50c4102a Merge pull request #118 from jetstack-experimental/rename-config 
Rename http-01 -> http01, dns-01 -> dns01
 2017-10-13 16:56:17 +01:00
James Munnelly
a9eb7ee8a7 Check authorizations account URI before attempting to reuse authorization 2017-10-13 16:56:05 +01:00
James Munnelly
7060fb5019 http-01 -> http01, dns-01 -> dns01 2017-10-13 16:45:04 +01:00
James Munnelly
01e5833825 Make acmesolver image configurable through CLI. Use tagged version as default. 2017-10-13 16:39:06 +01:00
James Munnelly
c7a83606ce Merge pull request #115 from jetstack-experimental/explicity-challenge-mech 
Add HTTP01 field to issuer.spec. Default HTTP01 challenges to disabled.
 2017-10-13 15:37:39 +01:00
James Munnelly
79c775e389 Add HTTP01 field to issuer.spec. Default HTTP01 challenges to disabled. 2017-10-13 14:54:26 +01:00
James Munnelly
939534d5b0 Merge pull request #112 from jetstack-experimental/update-issuer-secret-change 
Trigger CA Issuer re-sync when signing keypair changes
 2017-10-13 14:31:35 +01:00
James Munnelly
2600cb8e14 Fix up altName->dnsName change 2017-10-13 14:04:14 +01:00
James Munnelly
bd9c202cbb regenerate files 2017-10-13 13:37:56 +01:00
James Munnelly
d7009fbfa8 Correctly check if certificate is valid when only dnsNames are specified 2017-10-13 13:32:10 +01:00
James Munnelly
a3fc5d9eaa Rename altNames to dnsNames 2017-10-13 13:31:52 +01:00
James Munnelly
45a67dc748 Merge pull request #109 from jetstack-experimental/cn-altname 
Use CommonName and AltNames fields on Certificate resource
 2017-10-13 13:21:47 +01:00
James Munnelly
8c6457e7b7 Trigger CA Issuer re-sync when signing keypair changes 2017-10-13 13:20:03 +01:00
James Munnelly
a4b1d346c7 Fix invalid check for empty certificate domains 2017-10-13 13:05:21 +01:00
James Munnelly
e080d1da25 Add LICENSE files for files from github.com/xenolf/lego library 2017-10-13 12:57:31 +01:00
James Munnelly
489f073d3a Require altName or subject name are specified in CA issuer 2017-10-13 12:52:36 +01:00
James Munnelly
ae1173dcec Regenerate files 2017-10-13 12:50:07 +01:00
James Munnelly
187e91f9ae Default commonName to first altName if not specified 2017-10-13 12:50:07 +01:00
James Munnelly
f8107e6fcc Use CommonName and AltNames fields on Certificate resource 2017-10-13 12:50:07 +01:00
James Munnelly
185058815e Fix controller checks for new API schema 2017-10-13 12:09:04 +01:00
James Munnelly
2d0e81fc95 Regenerate files 2017-10-13 11:56:33 +01:00
James Munnelly
a2d9733f21 Update implementation for new field names/types 2017-10-13 11:43:52 +01:00
James Munnelly
6ae8fbbbb2 Standardise SecretKeySelector field naming 2017-10-13 11:23:20 +01:00
James Munnelly
7b30b80dc5 Update ClusterIssuer to use 'kind' field instead of 'namespace' 2017-10-12 20:06:29 +01:00
James Munnelly
cd4b482410 Check Secret namespace in ClusterIssuer checks. Add TODO. 2017-09-22 09:52:09 +01:00
James Munnelly
7fffd67c86 Fix issuer CA for ClusterIssuer resources 2017-09-22 09:39:03 +01:00
James Munnelly
65366e986c Add ClusterIssuer e2e tests. Fix e2e tests. 2017-09-22 09:38:59 +01:00
James Munnelly
dc608f709d Support Certificates referencing ClusterIssuers 2017-09-22 01:46:05 +01:00
James Munnelly
852e250a69 Add clusterissuer controller 2017-09-22 00:10:42 +01:00
James Munnelly
7c425ee86f Switch issuer implementations to use GenericIssuer 2017-09-21 23:27:41 +01:00
James Munnelly
e7ebb10402 Add ClusterIssuer helpers. Add GenericIssuer interface. 2017-09-21 23:19:29 +01:00
James Munnelly
dd63a09fa9 regenerate files 2017-09-21 23:18:58 +01:00
James Munnelly
1c7a70134a Add ClusterIssuer types 2017-09-21 23:18:40 +01:00
James Munnelly
bd0be52548 Merge pull request #88 from jetstack-experimental/cleanup-on-exit 
Plumb stopCh into workers
 2017-09-21 23:10:19 +01:00
James Munnelly
c4980baaca Use context throughout issuer implementation 2017-09-21 20:45:43 +01:00
James Munnelly
940b26127b Create context for each resource to be processed 2017-09-21 20:26:27 +01:00
James Munnelly
8bac175baa Plumb stopCh into workers 2017-09-21 20:23:17 +01:00
James Munnelly
28570b508f Merge pull request #98 from jetstack-experimental/typo 
Fix typo acme->authorizations
 2017-09-21 19:56:45 +01:00
James Munnelly
be7ea0da7e Fix typo acme->authorizations 2017-09-19 16:43:44 +01:00
James Munnelly
8d0d8d1e62 Merge pull request #79 from jetstack-experimental/issuer-ca 
Add initial basic CA issuer implementation
 2017-09-14 13:43:15 +01:00
James Munnelly
03acdf3a8c Don't regenerate svcName 2017-09-12 21:57:45 +01:00
James Munnelly
dc29817673 Use shorter names for http solver resources 2017-09-12 21:41:37 +01:00
James Munnelly
20e8996245 Remove duplicate helper methods 2017-09-11 10:48:53 +01:00
James Munnelly
d506d35cf1 Don't log issuance & renew success/failure twice 2017-09-11 10:47:59 +01:00
James Munnelly
f28afd00ac Only update resource status if a change has occurred 2017-09-11 10:47:59 +01:00
James Munnelly
bef938454b Fix passing public key to obtainCertificate 2017-09-11 10:47:59 +01:00
James Munnelly
977573db9d Put UpdateStatus on *Issuer and *Certificate 2017-09-11 10:47:59 +01:00
James Munnelly
87df7a0d81 Update CA issuer to log to Event Recorder 2017-09-11 10:47:59 +01:00
James Munnelly
9ba1a35fa1 Update ACME Issue & Renew methods 2017-09-11 10:47:59 +01:00
James Munnelly
5f061a8c7e Update Certificate Status after Issue & Renew 2017-09-11 10:47:59 +01:00
James Munnelly
e26ddc8307 Fix UpdateStatusCondition call 2017-09-11 10:47:58 +01:00
James Munnelly
54a850383f Use SecretTLSKey/SecretTLSCert functions 2017-09-11 10:47:58 +01:00
James Munnelly
ae3171b8bf Add initial CA issuer work 2017-09-11 10:47:58 +01:00
James Munnelly
c2cbbe0145 Add CA field to Issuer 2017-09-11 10:47:58 +01:00
James Munnelly
fbe7f542bd Merge pull request #81 from jetstack-experimental/acme-events 
Add Events for ACME authorisation flow
 2017-09-11 10:40:08 +01:00
James Munnelly
ac8e0c6918 Make authorization chan buffered 2017-09-11 02:19:17 +01:00
James Munnelly
98daf0b1ba Add events for ACME prepare method 2017-09-11 02:02:00 +01:00
James Munnelly
e02fbd405a Regenerate files 2017-09-11 01:31:00 +01:00
James Munnelly
c3fc810a5e Add CertificateStatusCondition types 2017-09-11 01:30:51 +01:00
James Munnelly
80b02006fd Remove unusued kube package 2017-09-11 01:04:31 +01:00
James Munnelly
d0e02d3d4e Make UpdateStatusCondition work on a *Issuer 2017-09-10 23:07:06 +01:00
James Munnelly
89588bb281 Split GetKeyPair method into two methods 2017-09-10 22:54:55 +01:00
James Munnelly
6e1b4c8533 Fix certificate sync.go for new structure 2017-09-10 21:14:21 +01:00
James Munnelly
2e551f58b5 Update ACME implementation for new structure. Add util/pki. 2017-09-10 21:13:37 +01:00
James Munnelly
dc4335754f Move kube related utilities out of cmd 2017-09-10 21:11:34 +01:00
James Munnelly
d6c0df5c78 Merge pull request #74 from jetstack-experimental/event-recording 
Add event recording. Split out cmd entrypoint.
 2017-09-10 20:38:56 +01:00
James Munnelly
7e33491161 Set issuer lister in certificate controller 2017-09-09 18:52:47 +01:00
James Munnelly
d59df81849 Add test for issuer sync loop 2017-09-09 18:43:28 +01:00
James Munnelly
f66855bd03 Add event recording. Split out cmd entrypoint. 2017-09-09 18:27:35 +01:00
James Munnelly
51971e921d Remove unused function 2017-09-09 11:49:04 +01:00
James Munnelly
35d672ef39 Add comments to top level packages 2017-09-09 11:42:50 +01:00
James Munnelly
7540beb74b Update imports 2017-09-09 02:13:03 +01:00
James Munnelly
a015ab483d Move informers and listers into client subdirectory 2017-09-09 02:12:42 +01:00
James Munnelly
b53ede4e5a Wait for workers to process their work before exit 2017-09-09 01:48:10 +01:00
James Munnelly
960d46e302 Add leader election. Fix gracefully exiting. 2017-09-09 01:47:21 +01:00
James Munnelly
329ffab15a Make Certificate loop use Issuer conditions 2017-09-08 22:37:48 +01:00
James Munnelly
a958f4462d Switch to using Conditions for Issuer status 2017-09-08 22:22:00 +01:00
James Munnelly
4aca4c1fa7 Regenerate files 2017-09-08 22:21:43 +01:00
James Munnelly
486c0478c0 Add Conditions types. Move helpers into helpers.go 2017-09-08 22:21:09 +01:00
James Munnelly
b95882ef9f Remove pkg/log 2017-09-08 21:46:27 +01:00
James Munnelly
d0212e8a3b Update controller to accept Options via context 2017-09-08 21:43:18 +01:00
James Munnelly
62ddccd3bb Add custom SharedInformerFactory 2017-09-08 21:41:40 +01:00
James Munnelly
00389b6da3 Refactor Issuer interface to allow returning updated Status 2017-09-08 21:41:15 +01:00
James Munnelly
a6edfaf78b Add e2e test framework and basic Issuer test 
Update Makefile and travis to run e2e tests

Add ubuntu-nsenter image

Fix typo in target name

Add image pull policy flag for e2e tests

Set config path env vars for e2e tests
 2017-09-08 16:25:21 +01:00
Martell Malone
c4d07a3d51 Fix cloudflare error message 2017-09-04 17:34:16 +01:00
James Munnelly
ddd6151d4a Update acme http solver image 2017-08-31 12:28:08 +01:00
James Munnelly
d5394b5096 Verify default and deepcopy code. Remove internal listers. 2017-08-22 12:22:58 +01:00
James Munnelly
95aa3aab95 Update references to cert-manager informers 2017-08-22 12:13:13 +01:00
James Munnelly
3b8fb796d8 Set --single-directory=true on informer gen 2017-08-22 12:13:04 +01:00
James Munnelly
39ea0a3064 Upgrade to use latest code-generators. Remove internal API version. 2017-08-22 12:12:46 +01:00
Christian Simon
32dff6079c Fix secret access key link 2017-08-12 14:54:53 +01:00
Christian Simon
0457c4a401 Update generated code for route53 2017-08-09 12:18:01 +01:00
Christian Simon
301edc7812 Implement provider route 53 2017-08-09 12:17:56 +01:00
Christian Simon
8c2e92a5d1 Adds upstream DNS provider route53 2017-08-08 22:53:03 +01:00
James Munnelly
a6e0912553 Update generated files 2017-08-08 11:35:37 +01:00
James Munnelly
5be9dbdd9e Enable golang tests 2017-08-08 11:34:48 +01:00
James Munnelly
d07bef4688 Update generated files 2017-08-07 18:28:52 +01:00
James Munnelly
ee8d34c16f Add cloudflare dns01 provider 2017-08-07 18:28:35 +01:00
James Munnelly
cf6faacd56 Update Issuer CloudDNS config service account to use a SecretKeySelector 2017-08-07 18:07:33 +01:00
James Munnelly
03fbe101b6 Delete unused QueueingEventHandler definition 2017-08-07 17:04:32 +01:00
James Munnelly
7937b0384c Update import paths 2017-08-07 14:46:58 +01:00
James Munnelly
92385ba15b Add comments to scheduler package 2017-08-07 13:59:05 +01:00
James Munnelly
080983f768 Add omitempty to ingressClass 2017-08-07 13:58:50 +01:00
James Munnelly
6bd343c335 Remove old comment [ci skip] 2017-08-07 13:56:54 +01:00
James Munnelly
3503100676 Clean up job resource after validation attempt 2017-08-07 13:52:21 +01:00
James Munnelly
54f708c7c9 Add comments. Remove unused code. 2017-08-07 12:07:32 +01:00
James Munnelly
5e0eb7102f Fix ingress path 2017-08-07 01:57:41 +01:00
James Munnelly
a02f2ba03d Add CleanUp functions for HTTP01 solver 2017-08-07 01:36:42 +01:00
James Munnelly
1d34e6a0b3 Add imports in util package 2017-08-06 23:58:20 +01:00
James Munnelly
7d8683bd16 Move solver into standalone binary. Launch Jobs to solve HTTP01 challenges. 2017-08-06 23:51:10 +01:00
James Munnelly
5926a53706 Refactor controller loop to only perform authorizations when issuing/renewing 2017-08-06 23:49:54 +01:00
James Munnelly
dd02061738 Set up scheduled work queue for certificate renewals 2017-08-05 22:51:52 +01:00
James Munnelly
dc80101476 Check for DNS propagation before accept authorization from ACME 2017-08-05 17:39:56 +01:00
James Munnelly
45a1ab2f2b Initial support for CloudDNS 2017-08-05 02:53:37 +01:00
James Munnelly
c0b5e1845f Fix up certificates checks.go 2017-08-05 01:22:59 +01:00
James Munnelly
deeff88b03 Use ACMeStatus() helper 2017-08-05 01:21:14 +01:00
James Munnelly
ddfba77725 Set up resyncPeriod of 5 minutes on Certificate control loop 2017-08-05 01:21:01 +01:00
James Munnelly
170a5d0ae4 Watch secrets for deletion in issuers control loop 2017-08-05 01:12:54 +01:00
James Munnelly
42a5321510 Watch for certificate and ingress deletion in Certificate controller 2017-08-05 01:00:40 +01:00
James Munnelly
3fb49ad049 Refactor control loops to be more akin to kube-controller-manager 2017-08-05 00:35:54 +01:00
James Munnelly
92d4fef10e Update k8s.io dependencies. Update to new DeepCopy generator. 2017-07-22 13:47:38 +01:00
James Munnelly
630654a6d4 Update import paths 2017-07-22 12:19:40 +01:00
James Munnelly
268ae4ee89 Refactor common functions into util. Add renewals. 2017-07-22 11:45:30 +01:00
James Munnelly
2d55f48328 Implement basic certificate issuer 2017-07-22 02:54:06 +01:00
James Munnelly
6ae604a66a Add temporary static http01 solver 2017-07-22 02:53:46 +01:00
James Munnelly
2075a737b4 Return privateKeyPem in generatePrivateKey 2017-07-22 02:52:21 +01:00
James Munnelly
b0c6b59c51 Fix up acme certificate authorization 2017-07-22 02:51:49 +01:00
James Munnelly
afbe0ba9c5 add start of authorization 2017-07-22 01:23:25 +01:00
James Munnelly
ab18029189 Update API types 2017-07-22 01:22:42 +01:00
James Munnelly
95cba8ab5f Add acme issuer. Implement 'Setup' method. Now manages ACME accounts. 2017-07-21 15:18:39 +01:00
James Munnelly
aa03460d21 Remove ingress control loop 2017-07-21 15:17:36 +01:00
James Munnelly
dec46b23cf Newest API types 2017-07-21 15:17:18 +01:00
James Munnelly
5e2222fa09 initial controller implementation 2017-07-19 20:29:02 +01:00
James Munnelly
1626b6ea2e Add CertificateList struct 2017-07-19 17:02:09 +01:00
James Munnelly
1c276d9f83 Generate client, informers and listers 2017-07-19 16:54:03 +01:00
James Munnelly
36308ae891 initial commit 2017-07-19 09:39:13 +01:00