cert-manager

Author	SHA1	Message	Date
Haoxiang Zhou	fe80b7d760	Moved predicate package to pkg/util Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-07-02 12:23:15 +01:00
James Munnelly	8a1d7c6831	Remove AuditSink support from cainjector The AuditSink resource type (previously in alpha) has been removed as per https://groups.google.com/g/kubernetes-sig-auth/c/aV_nXpa5uWU. Remove all support for it from our cainjector so we are able to continue to upgrade dependencies, and to avoid more users coming to rely on this functionality ahead of it being removed from Kubernetes. Signed-off-by: James Munnelly <james@munnelly.eu>	2020-07-01 19:35:20 +01:00
James Munnelly	9e2d6a514b	Move expcertificates into certificates package Signed-off-by: James Munnelly <james@munnelly.eu>	2020-07-01 12:16:25 +01:00
James Munnelly	2280480c02	Remove old certificates controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-07-01 11:46:13 +01:00
James Munnelly	6caa4c451d	Rename CRPrivateKeyAnnotationKey -> CertificateRequestPrivateKeyAnnotationKey Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-26 14:47:27 +01:00
James Munnelly	1adfe16690	Bulk fix of non-test staticcheck failures Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-26 12:25:08 +01:00
jetstack-bot	63b7ca26b8	Merge pull request #3027 from munnerz/expcerts-renewal expcertificates: fix bug renewing certificates automatically near expiry	2020-06-26 09:21:39 +01:00
James Munnelly	86b8cab328	expand out 'clearCertificateFields' function Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-25 10:44:08 +01:00
James Munnelly	ba26d65c68	schedule resyncs once renewalTime has passed to handle certificate renewals in the future Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-23 16:48:33 +01:00
James Munnelly	b3300b8673	update trigger policies unit tests for status.renewalTime field Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-23 16:48:33 +01:00
James Munnelly	fe51a02227	use status.renewalTime in trigger policies and correctly plumb through clock Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-23 16:37:50 +01:00
James Munnelly	8bb4bb389a	use correct PolicyChain in readiness controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-23 16:37:50 +01:00
James Munnelly	7cf74ec442	set notBefore and renewalTime status fields in certificate readiness controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-23 16:23:42 +01:00
James Munnelly	1d6424b8f2	Use 'clock' package in pkg/scheduler Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-23 16:23:42 +01:00
James Munnelly	281b9ffcbd	add RenewBeforeExpiryDuration function Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-23 16:23:42 +01:00
Haoxiang Zhou	6c72193678	Handle keyEncoding for temporary Certificates Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-06-23 10:17:41 +01:00
Haoxiang Zhou	5bcea49921	Issuing controller encodes private keys to PKCS1/PKCS8 as requested by user Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-06-18 15:26:14 +01:00
jetstack-bot	46eaf3d1a4	Merge pull request #2923 from JoshVanL/new-metrics Updates the metrics package + new metrics controller	2020-06-04 12:59:38 +01:00
JoshVanL	e465329b80	Revert vault free port and expose listener port from metrics server Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-26 23:01:55 +01:00
Haoxiang Zhou	7229741505	Changed tests for issuing controller to expect no ca.crt instead of nil Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-05-26 15:30:43 +01:00
Haoxiang Zhou	609eedacec	Do not add ca.crt key to TLS secret if empty in expcertificates as well Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-05-26 14:37:40 +01:00
Haoxiang Zhou	3591de614d	Changed unit tests to expect no ca.crt instead of nil Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-05-26 12:16:55 +01:00
Haoxiang Zhou	dceae33364	Do not add ca.crt key to TLS secret if empty Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-05-26 12:16:20 +01:00
JoshVanL	9c9fe56f0b	Update new files to use 2020 copyright Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-21 10:52:56 +01:00
JoshVanL	5539bf3495	Moves metrics controller into sub-package of ./controller/certificates and fix metrics listen address flag description Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-21 10:47:52 +01:00
JoshVanL	3e7f7eb87e	Expose Prometheus listen address as a controller command line flag Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-18 18:21:03 +01:00
JoshVanL	92eb8d0957	Refactor controllers to use new instrumented metrics that's baked into all controllers Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-18 17:43:56 +01:00
JoshVanL	4dd70a6fe7	Adds new metrics controller to reconcile over Certificates and its Status (Ready and Expiry) Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-18 17:43:18 +01:00
James Munnelly	b126a0c0e5	Use acme AccountRegistry throughout and tidy up ACME setup code Signed-off-by: James Munnelly <james@munnelly.eu>	2020-05-13 13:14:46 +01:00
James Munnelly	982b21bb06	Fix bug that could lead to validation to fail when attempting to update immutable field Signed-off-by: James Munnelly <james@munnelly.eu>	2020-05-01 12:33:14 +01:00
James Munnelly	3e8649abc2	Handle ACME orders with already valid authorizations upon first fetch through new 'initialState' field Signed-off-by: James Munnelly <james@munnelly.eu>	2020-05-01 12:33:14 +01:00
JoshVanL	a4cfd41ce7	Updates comments to proper working/capitalisation Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-30 11:53:42 +01:00
JoshVanL	dc4ba16051	Adds comments to clarify issuing_controller_test Certificate current revision Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-28 11:03:26 +01:00
JoshVanL	d830db4ef7	Adds more temp cert tests, don't issue temp cert of different private key and use shared GenerateLocallySignedCertificate Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-27 16:31:12 +01:00
JoshVanL	c115e6c2bf	internal/test.go accepts fixed clock and Shares generaleLocallySignedCertificate Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-27 16:29:58 +01:00
JoshVanL	7d1d94fedb	Adds issuing controller temporary certificate units tests Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-26 19:39:08 +01:00
JoshVanL	095976548d	Adds temporary certificate logic to issuing controller based on annotation Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-26 19:16:57 +01:00
JoshVanL	92c2d3c7c4	Moves secretmanager and testing util into separate package to refactor Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-26 15:45:10 +01:00
JoshVanL	11961b992d	Moves Certificate Issuing validation logic and key fetch earlier in sync loop Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-26 15:01:32 +01:00
Maartje Eyskens	f2b36483a4	Set Issuer kind specific to Issuer if cert-manager.io/issuer is specified. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-04-24 16:16:04 +02:00
James Munnelly	7978fbe081	Address review feedback and include truststore.jks with JKS mode enabled Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-22 15:20:49 +01:00
James Munnelly	ba33c823a3	Add 'keystores' stanza to CertificateSpec to allow dynamic keystore configuration Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 17:58:18 +01:00
jetstack-bot	4aff1ce3f0	Merge pull request #2814 from munnerz/privatekey-rotation keymanager: support private key rotationPolicy field	2020-04-21 16:02:53 +01:00
James Munnelly	6a827c6b8b	Don't use fixed length map Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 14:49:25 +01:00
James Munnelly	019f64e841	Fix test failures Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 10:25:56 +01:00
James Munnelly	8a628c3315	Update field comments on ChallengeSpec Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 10:07:03 +01:00
James Munnelly	a17d04260e	requestmanager: copy labels and annotations onto CertificateRequest resources Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 09:49:32 +01:00
James Munnelly	f04696747c	Fix SecretDataAltNamesMatchSpec for loose matching and add tests Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 09:49:32 +01:00
James Munnelly	23892bc6e4	keymanager: support private key rotationPolicy field Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 09:49:32 +01:00
James Munnelly	e8cc2ba4ac	Fix selfsigned issuer unit tests Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-20 15:08:31 +01:00

1 2 3 4 5 ...

699 Commits