weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,918 Commits 45 Branches 0 Tags 96 MiB
4cec43bf93
Commit Graph

3489 Commits

Author SHA1 Message Date
James Munnelly
a62afaa1e7 Merge pull request #120 from jetstack-experimental/fix-http-cleanup 
Fix ACME HTTP Cleanup function
 2017-10-13 18:09:33 +01:00
James Munnelly
213d895865 Fix ACME HTTP Cleanup function 2017-10-13 17:59:39 +01:00
James Munnelly
22ed25955d Merge pull request #119 from jetstack-experimental/auth-per-acc 
Check authorizations account URI before attempting to reuse authorization
 2017-10-13 17:10:17 +01:00
James Munnelly
8d50c4102a Merge pull request #118 from jetstack-experimental/rename-config 
Rename http-01 -> http01, dns-01 -> dns01
 2017-10-13 16:56:17 +01:00
James Munnelly
a9eb7ee8a7 Check authorizations account URI before attempting to reuse authorization 2017-10-13 16:56:05 +01:00
James Munnelly
7060fb5019 http-01 -> http01, dns-01 -> dns01 2017-10-13 16:45:04 +01:00
James Munnelly
01e5833825 Make acmesolver image configurable through CLI. Use tagged version as default. 2017-10-13 16:39:06 +01:00
James Munnelly
c7a83606ce Merge pull request #115 from jetstack-experimental/explicity-challenge-mech 
Add HTTP01 field to issuer.spec. Default HTTP01 challenges to disabled.
 2017-10-13 15:37:39 +01:00
James Munnelly
79c775e389 Add HTTP01 field to issuer.spec. Default HTTP01 challenges to disabled. 2017-10-13 14:54:26 +01:00
James Munnelly
939534d5b0 Merge pull request #112 from jetstack-experimental/update-issuer-secret-change 
Trigger CA Issuer re-sync when signing keypair changes
 2017-10-13 14:31:35 +01:00
James Munnelly
2600cb8e14 Fix up altName->dnsName change 2017-10-13 14:04:14 +01:00
James Munnelly
bd9c202cbb regenerate files 2017-10-13 13:37:56 +01:00
James Munnelly
d7009fbfa8 Correctly check if certificate is valid when only dnsNames are specified 2017-10-13 13:32:10 +01:00
James Munnelly
a3fc5d9eaa Rename altNames to dnsNames 2017-10-13 13:31:52 +01:00
James Munnelly
45a67dc748 Merge pull request #109 from jetstack-experimental/cn-altname 
Use CommonName and AltNames fields on Certificate resource
 2017-10-13 13:21:47 +01:00
James Munnelly
8c6457e7b7 Trigger CA Issuer re-sync when signing keypair changes 2017-10-13 13:20:03 +01:00
James Munnelly
a4b1d346c7 Fix invalid check for empty certificate domains 2017-10-13 13:05:21 +01:00
James Munnelly
e080d1da25 Add LICENSE files for files from github.com/xenolf/lego library 2017-10-13 12:57:31 +01:00
James Munnelly
489f073d3a Require altName or subject name are specified in CA issuer 2017-10-13 12:52:36 +01:00
James Munnelly
ae1173dcec Regenerate files 2017-10-13 12:50:07 +01:00
James Munnelly
187e91f9ae Default commonName to first altName if not specified 2017-10-13 12:50:07 +01:00
James Munnelly
f8107e6fcc Use CommonName and AltNames fields on Certificate resource 2017-10-13 12:50:07 +01:00
James Munnelly
185058815e Fix controller checks for new API schema 2017-10-13 12:09:04 +01:00
James Munnelly
2d0e81fc95 Regenerate files 2017-10-13 11:56:33 +01:00
James Munnelly
a2d9733f21 Update implementation for new field names/types 2017-10-13 11:43:52 +01:00
James Munnelly
6ae8fbbbb2 Standardise SecretKeySelector field naming 2017-10-13 11:23:20 +01:00
James Munnelly
7b30b80dc5 Update ClusterIssuer to use 'kind' field instead of 'namespace' 2017-10-12 20:06:29 +01:00
James Munnelly
cd4b482410 Check Secret namespace in ClusterIssuer checks. Add TODO. 2017-09-22 09:52:09 +01:00
James Munnelly
7fffd67c86 Fix issuer CA for ClusterIssuer resources 2017-09-22 09:39:03 +01:00
James Munnelly
65366e986c Add ClusterIssuer e2e tests. Fix e2e tests. 2017-09-22 09:38:59 +01:00
James Munnelly
dc608f709d Support Certificates referencing ClusterIssuers 2017-09-22 01:46:05 +01:00
James Munnelly
852e250a69 Add clusterissuer controller 2017-09-22 00:10:42 +01:00
James Munnelly
7c425ee86f Switch issuer implementations to use GenericIssuer 2017-09-21 23:27:41 +01:00
James Munnelly
e7ebb10402 Add ClusterIssuer helpers. Add GenericIssuer interface. 2017-09-21 23:19:29 +01:00
James Munnelly
dd63a09fa9 regenerate files 2017-09-21 23:18:58 +01:00
James Munnelly
1c7a70134a Add ClusterIssuer types 2017-09-21 23:18:40 +01:00
James Munnelly
bd0be52548 Merge pull request #88 from jetstack-experimental/cleanup-on-exit 
Plumb stopCh into workers
 2017-09-21 23:10:19 +01:00
James Munnelly
c4980baaca Use context throughout issuer implementation 2017-09-21 20:45:43 +01:00
James Munnelly
940b26127b Create context for each resource to be processed 2017-09-21 20:26:27 +01:00
James Munnelly
8bac175baa Plumb stopCh into workers 2017-09-21 20:23:17 +01:00
James Munnelly
28570b508f Merge pull request #98 from jetstack-experimental/typo 
Fix typo acme->authorizations
 2017-09-21 19:56:45 +01:00
James Munnelly
be7ea0da7e Fix typo acme->authorizations 2017-09-19 16:43:44 +01:00
James Munnelly
8d0d8d1e62 Merge pull request #79 from jetstack-experimental/issuer-ca 
Add initial basic CA issuer implementation
 2017-09-14 13:43:15 +01:00
James Munnelly
03acdf3a8c Don't regenerate svcName 2017-09-12 21:57:45 +01:00
James Munnelly
dc29817673 Use shorter names for http solver resources 2017-09-12 21:41:37 +01:00
James Munnelly
20e8996245 Remove duplicate helper methods 2017-09-11 10:48:53 +01:00
James Munnelly
d506d35cf1 Don't log issuance & renew success/failure twice 2017-09-11 10:47:59 +01:00
James Munnelly
f28afd00ac Only update resource status if a change has occurred 2017-09-11 10:47:59 +01:00
James Munnelly
bef938454b Fix passing public key to obtainCertificate 2017-09-11 10:47:59 +01:00
James Munnelly
977573db9d Put UpdateStatus on *Issuer and *Certificate 2017-09-11 10:47:59 +01:00
James Munnelly
87df7a0d81 Update CA issuer to log to Event Recorder 2017-09-11 10:47:59 +01:00
James Munnelly
9ba1a35fa1 Update ACME Issue & Renew methods 2017-09-11 10:47:59 +01:00
James Munnelly
5f061a8c7e Update Certificate Status after Issue & Renew 2017-09-11 10:47:59 +01:00
James Munnelly
e26ddc8307 Fix UpdateStatusCondition call 2017-09-11 10:47:58 +01:00
James Munnelly
54a850383f Use SecretTLSKey/SecretTLSCert functions 2017-09-11 10:47:58 +01:00
James Munnelly
ae3171b8bf Add initial CA issuer work 2017-09-11 10:47:58 +01:00
James Munnelly
c2cbbe0145 Add CA field to Issuer 2017-09-11 10:47:58 +01:00
James Munnelly
fbe7f542bd Merge pull request #81 from jetstack-experimental/acme-events 
Add Events for ACME authorisation flow
 2017-09-11 10:40:08 +01:00
James Munnelly
ac8e0c6918 Make authorization chan buffered 2017-09-11 02:19:17 +01:00
James Munnelly
98daf0b1ba Add events for ACME prepare method 2017-09-11 02:02:00 +01:00
James Munnelly
e02fbd405a Regenerate files 2017-09-11 01:31:00 +01:00
James Munnelly
c3fc810a5e Add CertificateStatusCondition types 2017-09-11 01:30:51 +01:00
James Munnelly
80b02006fd Remove unusued kube package 2017-09-11 01:04:31 +01:00
James Munnelly
d0e02d3d4e Make UpdateStatusCondition work on a *Issuer 2017-09-10 23:07:06 +01:00
James Munnelly
89588bb281 Split GetKeyPair method into two methods 2017-09-10 22:54:55 +01:00
James Munnelly
6e1b4c8533 Fix certificate sync.go for new structure 2017-09-10 21:14:21 +01:00
James Munnelly
2e551f58b5 Update ACME implementation for new structure. Add util/pki. 2017-09-10 21:13:37 +01:00
James Munnelly
dc4335754f Move kube related utilities out of cmd 2017-09-10 21:11:34 +01:00
James Munnelly
d6c0df5c78 Merge pull request #74 from jetstack-experimental/event-recording 
Add event recording. Split out cmd entrypoint.
 2017-09-10 20:38:56 +01:00
James Munnelly
7e33491161 Set issuer lister in certificate controller 2017-09-09 18:52:47 +01:00
James Munnelly
d59df81849 Add test for issuer sync loop 2017-09-09 18:43:28 +01:00
James Munnelly
f66855bd03 Add event recording. Split out cmd entrypoint. 2017-09-09 18:27:35 +01:00
James Munnelly
51971e921d Remove unused function 2017-09-09 11:49:04 +01:00
James Munnelly
35d672ef39 Add comments to top level packages 2017-09-09 11:42:50 +01:00
James Munnelly
7540beb74b Update imports 2017-09-09 02:13:03 +01:00
James Munnelly
a015ab483d Move informers and listers into client subdirectory 2017-09-09 02:12:42 +01:00
James Munnelly
b53ede4e5a Wait for workers to process their work before exit 2017-09-09 01:48:10 +01:00
James Munnelly
960d46e302 Add leader election. Fix gracefully exiting. 2017-09-09 01:47:21 +01:00
James Munnelly
329ffab15a Make Certificate loop use Issuer conditions 2017-09-08 22:37:48 +01:00
James Munnelly
a958f4462d Switch to using Conditions for Issuer status 2017-09-08 22:22:00 +01:00
James Munnelly
4aca4c1fa7 Regenerate files 2017-09-08 22:21:43 +01:00
James Munnelly
486c0478c0 Add Conditions types. Move helpers into helpers.go 2017-09-08 22:21:09 +01:00
James Munnelly
b95882ef9f Remove pkg/log 2017-09-08 21:46:27 +01:00
James Munnelly
d0212e8a3b Update controller to accept Options via context 2017-09-08 21:43:18 +01:00
James Munnelly
62ddccd3bb Add custom SharedInformerFactory 2017-09-08 21:41:40 +01:00
James Munnelly
00389b6da3 Refactor Issuer interface to allow returning updated Status 2017-09-08 21:41:15 +01:00
James Munnelly
a6edfaf78b Add e2e test framework and basic Issuer test 
Update Makefile and travis to run e2e tests

Add ubuntu-nsenter image

Fix typo in target name

Add image pull policy flag for e2e tests

Set config path env vars for e2e tests
 2017-09-08 16:25:21 +01:00
Martell Malone
c4d07a3d51 Fix cloudflare error message 2017-09-04 17:34:16 +01:00
James Munnelly
ddd6151d4a Update acme http solver image 2017-08-31 12:28:08 +01:00
James Munnelly
d5394b5096 Verify default and deepcopy code. Remove internal listers. 2017-08-22 12:22:58 +01:00
James Munnelly
95aa3aab95 Update references to cert-manager informers 2017-08-22 12:13:13 +01:00
James Munnelly
3b8fb796d8 Set --single-directory=true on informer gen 2017-08-22 12:13:04 +01:00
James Munnelly
39ea0a3064 Upgrade to use latest code-generators. Remove internal API version. 2017-08-22 12:12:46 +01:00
Christian Simon
32dff6079c Fix secret access key link 2017-08-12 14:54:53 +01:00
Christian Simon
0457c4a401 Update generated code for route53 2017-08-09 12:18:01 +01:00
Christian Simon
301edc7812 Implement provider route 53 2017-08-09 12:17:56 +01:00
Christian Simon
8c2e92a5d1 Adds upstream DNS provider route53 2017-08-08 22:53:03 +01:00
James Munnelly
a6e0912553 Update generated files 2017-08-08 11:35:37 +01:00
James Munnelly
5be9dbdd9e Enable golang tests 2017-08-08 11:34:48 +01:00
James Munnelly
d07bef4688 Update generated files 2017-08-07 18:28:52 +01:00
James Munnelly
ee8d34c16f Add cloudflare dns01 provider 2017-08-07 18:28:35 +01:00
James Munnelly
cf6faacd56 Update Issuer CloudDNS config service account to use a SecretKeySelector 2017-08-07 18:07:33 +01:00
James Munnelly
03fbe101b6 Delete unused QueueingEventHandler definition 2017-08-07 17:04:32 +01:00
James Munnelly
7937b0384c Update import paths 2017-08-07 14:46:58 +01:00
James Munnelly
92385ba15b Add comments to scheduler package 2017-08-07 13:59:05 +01:00
James Munnelly
080983f768 Add omitempty to ingressClass 2017-08-07 13:58:50 +01:00
James Munnelly
6bd343c335 Remove old comment [ci skip] 2017-08-07 13:56:54 +01:00
James Munnelly
3503100676 Clean up job resource after validation attempt 2017-08-07 13:52:21 +01:00
James Munnelly
54f708c7c9 Add comments. Remove unused code. 2017-08-07 12:07:32 +01:00
James Munnelly
5e0eb7102f Fix ingress path 2017-08-07 01:57:41 +01:00
James Munnelly
a02f2ba03d Add CleanUp functions for HTTP01 solver 2017-08-07 01:36:42 +01:00
James Munnelly
1d34e6a0b3 Add imports in util package 2017-08-06 23:58:20 +01:00
James Munnelly
7d8683bd16 Move solver into standalone binary. Launch Jobs to solve HTTP01 challenges. 2017-08-06 23:51:10 +01:00
James Munnelly
5926a53706 Refactor controller loop to only perform authorizations when issuing/renewing 2017-08-06 23:49:54 +01:00
James Munnelly
dd02061738 Set up scheduled work queue for certificate renewals 2017-08-05 22:51:52 +01:00
James Munnelly
dc80101476 Check for DNS propagation before accept authorization from ACME 2017-08-05 17:39:56 +01:00
James Munnelly
45a1ab2f2b Initial support for CloudDNS 2017-08-05 02:53:37 +01:00
James Munnelly
c0b5e1845f Fix up certificates checks.go 2017-08-05 01:22:59 +01:00
James Munnelly
deeff88b03 Use ACMeStatus() helper 2017-08-05 01:21:14 +01:00
James Munnelly
ddfba77725 Set up resyncPeriod of 5 minutes on Certificate control loop 2017-08-05 01:21:01 +01:00
James Munnelly
170a5d0ae4 Watch secrets for deletion in issuers control loop 2017-08-05 01:12:54 +01:00
James Munnelly
42a5321510 Watch for certificate and ingress deletion in Certificate controller 2017-08-05 01:00:40 +01:00
James Munnelly
3fb49ad049 Refactor control loops to be more akin to kube-controller-manager 2017-08-05 00:35:54 +01:00
James Munnelly
92d4fef10e Update k8s.io dependencies. Update to new DeepCopy generator. 2017-07-22 13:47:38 +01:00
James Munnelly
630654a6d4 Update import paths 2017-07-22 12:19:40 +01:00
James Munnelly
268ae4ee89 Refactor common functions into util. Add renewals. 2017-07-22 11:45:30 +01:00
James Munnelly
2d55f48328 Implement basic certificate issuer 2017-07-22 02:54:06 +01:00
James Munnelly
6ae604a66a Add temporary static http01 solver 2017-07-22 02:53:46 +01:00
James Munnelly
2075a737b4 Return privateKeyPem in generatePrivateKey 2017-07-22 02:52:21 +01:00
James Munnelly
b0c6b59c51 Fix up acme certificate authorization 2017-07-22 02:51:49 +01:00
James Munnelly
afbe0ba9c5 add start of authorization 2017-07-22 01:23:25 +01:00
James Munnelly
ab18029189 Update API types 2017-07-22 01:22:42 +01:00
James Munnelly
95cba8ab5f Add acme issuer. Implement 'Setup' method. Now manages ACME accounts. 2017-07-21 15:18:39 +01:00
James Munnelly
aa03460d21 Remove ingress control loop 2017-07-21 15:17:36 +01:00
James Munnelly
dec46b23cf Newest API types 2017-07-21 15:17:18 +01:00
James Munnelly
5e2222fa09 initial controller implementation 2017-07-19 20:29:02 +01:00
James Munnelly
1626b6ea2e Add CertificateList struct 2017-07-19 17:02:09 +01:00
James Munnelly
1c276d9f83 Generate client, informers and listers 2017-07-19 16:54:03 +01:00
James Munnelly
36308ae891 initial commit 2017-07-19 09:39:13 +01:00