cert-manager

Author	SHA1	Message	Date
irbekrm	4776597cb4	Remove the double cache mechanism for cainjector Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-23 17:38:46 +00:00
jetstack-bot	1038ca4494	Merge pull request #4502 from ctrought/master support subject and email annotations for ingress/gateway	2023-01-20 14:35:37 +00:00
ctrought	575e3155c2	fix: goimports Signed-off-by: ctrought <k8s@trought.ca>	2023-01-19 14:57:10 -05:00
jetstack-bot	c08b337cf7	Merge pull request #5736 from irbekrm/webhook_solver_conformance_bugfix Webhook solver conformance bugfix	2023-01-19 13:44:03 +00:00
irbekrm	438c79d4e3	Code review feedback: fix imports Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-19 12:05:56 +00:00
irbekrm	644a46c8fe	Resets secrets lister in RFC2136 conformance tests The way the tests run (a new kube apiserver with a different client created for the same initialized solver) is not how this solver would actually run Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-18 17:43:34 +00:00
irbekrm	216b60e98b	RFC2136 solver has an init option to reset secrets lister Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-18 17:41:51 +00:00
irbekrm	1834afaa00	A bunch of comments on webhook solver functionality With the goal of making folks working on these parts of code be aware that this is the one bit that will be imported in external projects Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-18 17:41:02 +00:00
jetstack-bot	d5125b55ce	Merge pull request #5722 from james-callahan/container-label Add org.opencontainers.image.source OCI label to containers	2023-01-18 11:31:58 +00:00
jetstack-bot	ece47eb66f	Merge pull request #5724 from g-gaston/bump-keystore-go-4-4-1 Bump keystore-go to v4.4.1	2023-01-17 13:08:00 +00:00
jetstack-bot	a6e00a8623	Merge pull request #5711 from lucacome/bump-deps Bump dependencies	2023-01-17 11:51:00 +00:00
jetstack-bot	3115953b02	Merge pull request #5614 from jkroepke/dns-extra-args helm: expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value	2023-01-16 09:26:29 +00:00
Jan-Otto Kröpke	b952058775	[helm] expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>	2023-01-14 15:16:16 +01:00
Guillermo Gaston	7528760e65	Bump keystore-go to v4.4.1 This version points to the same commit as v4.4.0, so there is no actual code change. However, trying to build cert-manager with v4.4.0 errors out due to a checksum mismatch. Bumping to the new tag solved the issue. Signed-off-by: Guillermo Gaston <gaslor@amazon.com>	2023-01-13 20:39:30 +00:00
Luca Comellini	98ce5936ec	Update Helm and Kubebuilder Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-13 09:55:41 -08:00
Luca Comellini	7e5cd34341	Update Cloudflare ListDNSRecords Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-13 09:55:41 -08:00
Luca Comellini	85ca8e0444	Bump dependencies Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-13 09:55:27 -08:00
jetstack-bot	9b24e88471	Merge pull request #5723 from SgtCoDFish/bumpbase Bump base images to latest	2023-01-13 11:35:38 +00:00
Ashley Davis	5f910ceba1	bump base images to latest Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-01-13 10:39:18 +00:00
James Callahan	33e9c030ea	Add org.opencontainers.image.source OCI label to containers A full list of pre-defined annotations is available at: https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys Signed-off-by: James Callahan <james@wavesquid.com>	2023-01-13 18:28:24 +11:00
jetstack-bot	b99fdc32ab	Merge pull request #5720 from irbekrm/fix_helm_version_check Use fake kube apiserver version when generating helm template in cmctl x install	2023-01-12 16:57:25 +00:00
irbekrm	53abc8cb2e	Use fake kube apiserver version when generating helm template in cmctl x install Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-12 15:00:21 +00:00
jetstack-bot	4b0aa9d248	Merge pull request #5712 from yanggangtony/go-version Bump go to 1.19.5	2023-01-11 10:13:12 +00:00
yanggang	44e8f9cb69	Bump go to 1.19.5 Signed-off-by: yanggang <gang.yang@daocloud.io>	2023-01-11 13:59:37 +08:00
jetstack-bot	44383b0130	Merge pull request #5706 from SgtCoDFish/bumpcontainerd Bump containerd to fix reported vuln	2023-01-10 10:18:21 +00:00
Ashley Davis	8c4f6cda42	bump containerd to fix reported vuln note that cert-manager is not actually vulnerable to CVE-2022-23471 since the affected code is not used Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-01-09 18:47:38 +00:00
jetstack-bot	aa7fe1130c	Merge pull request #5660 from irbekrm/certificate_labels Ensures that certificate.spec.secretName and temporary private key Secrets are labelled	2023-01-09 10:57:30 +00:00
jetstack-bot	7c175c5d80	Merge pull request #5693 from SgtCoDFish/extraarghs Move custom acmesolver image above extraArgs	2023-01-09 09:37:30 +00:00
irbekrm	5e8fd7dc41	Policy check ensures that cert.sepc.secretName secret gets labelled Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:31:31 +00:00
irbekrm	213949a590	Keymanager controller ensures that temporary private key Secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:30:34 +00:00
irbekrm	c7465fd921	Issuing controller ensures that cert.spec.secretName secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:29:51 +00:00
irbekrm	767170d65f	Adds a new label to cert-manager API Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:28:50 +00:00
jetstack-bot	248eff5bce	Merge pull request #5694 from irbekrm/fix_cainjector_namespace Fix cainjector's namespace flag	2023-01-06 10:43:41 +00:00
irbekrm	ff80030737	Log error if CA source is in a namespace that is not in scope cainjector will still watch cluster-scoped resources such as CRDs, so it can get references to Secrets or Certificates in namespaces that are out of scope Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 10:09:36 +00:00
jetstack-bot	093610997e	Merge pull request #5691 from irbekrm/remove_redundant_secret_cache Ensures that only one secrets cache is created for cert-manager controller	2023-01-06 09:36:50 +00:00
jetstack-bot	6f651193ec	Merge pull request #5692 from lucacome/bump-golang.org Bump golang.org/x/crypto and golang.org/x/oauth2	2023-01-05 18:28:49 +00:00
irbekrm	87bef52337	Fix cainjector's namespace flag Ensures that when cainjector has the namespace flag passed, namespaced resource caching is scoped to that namespace Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-05 18:15:19 +00:00
irbekrm	eaf814cffa	Code review feedback- better comment Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-05 17:42:40 +00:00
Luca Comellini	02297b4e56	Bump golang.org/x/crypto and golang.org/x/oauth2 Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-05 17:58:22 +01:00
Ashley Davis	264ebe6d29	move custom acmesolver image above extraArgs since the acmesolver image has defaults (i.e. the repository is set by default[1]), the helm chart changes introduced in #5554 will always set the `--acme-http01-solver-image` parameter. This can break users who previously had this parameter set via the extraArgs Helm option, which was found and reported on Slack[2]. This commit moves the new Helm value added in #5554 above extraArgs, so that if extraArgs is set it will take precedence and nothing should change as users upgrade. [1] `a5d67d3a21/deploy/charts/cert-manager/values.yaml (L504-L516)` [2] https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1672925692339849 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-01-05 16:42:57 +00:00
irbekrm	8ed0faf228	Fix integration tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-05 12:07:25 +00:00
irbekrm	036b013942	Ensures that only one secrets cache is created for cert-manager controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-05 10:11:48 +00:00
jetstack-bot	a5d67d3a21	Merge pull request #5688 from SgtCoDFish/bumpbase bump base images to latest	2023-01-04 16:09:01 +00:00
Ashley Davis	6d1a65c771	bump base images to latest Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-01-04 15:34:15 +00:00
jetstack-bot	094b4c763e	Merge pull request #5662 from lucacome/bump-controller-tools Bump sigs.k8s.io deps	2023-01-04 14:02:00 +00:00
jetstack-bot	b6013599e4	Merge pull request #5681 from SgtCoDFish/noconfuse Avoid logging confusing error messages for external issuers	2023-01-04 12:48:00 +00:00
Ashley Davis	0225cc9234	avoid logging confusing error messages for external issuers See https://github.com/cert-manager/cert-manager/issues/5601 When referring to external issuers whose kind is not "Issuer" or "ClusterIssuer" we log an error message thanks to a new check added in a previous PR[1] which should only trigger for SelfSigned issuers. The error previously looked like: ```text "error"="invalid value \"x\" for issuerRef.kind. Must be empty, \"Issuer\" or \"ClusterIssuer\"" ``` After this PR, any CR with an issuer whose group or kind doesn't match what's expected for a built-in issuer will be skipped https://github.com/cert-manager/cert-manager/pull/5336 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io> WIP: test other issuer kinds Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-01-04 12:10:34 +00:00
jetstack-bot	ffcd374e14	Merge pull request #5685 from wallrj/make-ko-deploy-certmanager-with-helm-values Allow custom helm values files to be supplied to make ko-deploy-certmanager	2023-01-04 10:54:00 +00:00
jetstack-bot	e473c89490	Merge pull request #5684 from wallrj/remove-duplicate-ko-make-targets Remove duplicate ko-deploy-cert-manager make target	2023-01-04 09:31:11 +00:00
jetstack-bot	d8a6ec0dcb	Merge pull request #5663 from weisdd/fix/azure-workload-identity-early-reconcilation fix(AzureDNS): prevent early reconciliations for misconfigured Workload Identity	2023-01-03 18:00:10 +00:00

1 2 3 4 5 ...

7436 Commits