cert-manager

Author	SHA1	Message	Date
James Munnelly	5482ece3f5	Update unit test framework to support actions and required reactors Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	967a48e1dc	Add ACME Order & Challenge controllers Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	65487e1d2b	Update ACME HTTP solver to use Challenge resources Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	2b663eb9a9	Update ACME DNS solver to use Challenge resources Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	f8b1e653f3	Refactor ACME Issuer to create and manage Order resources Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	4fcfbb44ef	Add IsFinalState and IsErrorState functions Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	2eb785655c	Run //hack:update-codegen Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	f3991c6edf	run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	bfd8ac7eab	Add Order and Challenge API types Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 11:08:51 +01:00
jetstack-bot	620395511a	Merge pull request #924 from arnoldbechtoldt/useClusterIPsvc Make http01 solver serviceType configurable	2018-10-10 13:42:11 +01:00
jetstack-bot	5ea95b6cc1	Merge pull request #923 from arnoldbechtoldt/issue892 make http01 solver pod resource request/limits configurable, refs #892	2018-10-10 13:06:11 +01:00
Arnold Bechtoldt	ce1dd5e8b5	update API docs Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-10-10 13:31:07 +02:00
Arnold Bechtoldt	1587741820	rename setting and update docs regarding solver service type Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-10-08 15:24:17 +02:00
jetstack-bot	912c7672bd	Merge pull request #848 from Queuecumber/ca-nginx Include CA Certificate In Secrets	2018-10-08 13:04:37 +01:00
acoshift	3e9085f376	remove key algor validation in ACME issuer Signed-off-by: Thanatat Tamtan <acoshift@gmail.com>	2018-10-08 17:47:31 +07:00
Arnold Bechtoldt	d261e1f3f1	make serviceType configurable, fixes #928 Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-10-08 10:55:56 +02:00
acoshift	fc7711967e	allow ecdsa for acme Signed-off-by: Thanatat Tamtan <acoshift@gmail.com>	2018-10-07 20:22:41 +07:00
Arnold Bechtoldt	845eb7f57c	make http01 solver pod resource request/limits configurable, refs #892 Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-09-26 14:39:06 +02:00
splashx	4e9af51629	fix rfc2136 provider missing port error, plumb dnsNameserver01 Signed-off-by: splashx <splash@gmail.com>	2018-09-17 17:38:09 +02:00
Max Ehrlich	5eaf89ba4a	Simplify getting the ca cert bytes from the ca chain Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-15 17:41:17 -04:00
Max Ehrlich	f81f499d3d	Rerun gofmt Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-15 17:18:40 -04:00
Max Ehrlich	06fb0cefc7	Manually generate pem from cachain field since the vault api does not expose it Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-15 17:06:41 -04:00
Max Ehrlich	d63fbbab49	Fix go-fmt Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 18:54:30 -04:00
Max Ehrlich	48653e07f9	Return CA for vault certs, this uses the issuing_ca field from the vault api response, see (https://www.vaultproject.io/api/secret/pki/index.html#sign-certificate ) for details Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 18:47:44 -04:00
Max Ehrlich	25e86d5588	For now, the vault issuer will also not store it's CA certificate Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:15 -04:00
Max Ehrlich	ab450c7463	Set the CA field if a non-nil ca cert is passed Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:15 -04:00
Max Ehrlich	213d5ec6b5	Self-signed issuers return a copy of the same certificate that was issued as the CA Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	511650ca82	ACME issuers currently will not support getting the CA certificate Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	58efbc068c	Update CA issuer to return the CA cert pem Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	280382e6ce	Issue and renew should now return the bytes of the CA certificate that was used to issue the certs. This should be set to nil if not applicable Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	41c7def791	Helper function to get PEM encoded bytes of x509 certs Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	e347572541	Change key name constant to better match its function Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	2524335f3a	Set the "ca.crt" field for certificates issued with isCA so that nginx can properly identify them for client authentication Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:13 -04:00
James Munnelly	48ecee9cfb	run //hack:update-gofmt Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:25:04 +01:00
James Munnelly	b1f145625e	Set up Bazel workspace with git status and pass ldflags Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:24:52 +01:00
James Munnelly	c4e11e110f	run //hack:update-codegen Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:24:52 +01:00
James Munnelly	db65d6a170	run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:24:48 +01:00
jetstack-bot	140f9e7a4c	Merge pull request #891 from munnerz/metaauth-validation Relax resource validation for CloudDNS service account credentials	2018-09-12 09:34:48 +01:00
jetstack-bot	feb589feb5	Merge pull request #661 from splashx/master [ACME] Add RFC2136 DNS Provider (2nd attempt)	2018-09-12 09:11:48 +01:00
James Munnelly	01ab38e5ff	Relax resource validation for CloudDNS service account credentials Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-12 08:44:06 +01:00
Evan Anderson	265c9610ff	Add an error check for AzureDNS failure to create a solver. Add documentation comments for public methods (caught by 'go lint'). Signed-off-by: Evan Anderson <evan.k.anderson@gmail.com>	2018-09-11 01:20:44 -07:00
splashx	3761c6c3a4	fix panic, wrong logic Signed-off-by: splashx <splash@gmail.com>	2018-09-10 21:40:40 +02:00
splashx	51a8a57221	add tests for nameserver, tsigsecret and tsigname Signed-off-by: splashx <splash@gmail.com>	2018-09-10 20:03:32 +02:00
jetstack-bot	8d6701de0b	Merge pull request #838 from Queuecumber/ca-org-days Set Organization in Certificates	2018-09-10 17:56:17 +01:00
Max Ehrlich	10526f404a	Validate that vault certificates do not set the organization field Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-10 10:33:53 -04:00
jetstack-bot	d55cd7ffe5	Merge pull request #664 from kiwigrid/enable-clouddns-meta-auth enable clouddns meta auth	2018-09-10 13:49:17 +01:00
James Munnelly	ac08365928	Fix up test failure Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-10 13:25:33 +01:00
James Munnelly	8c5c402d1e	Fix up bug preventing saBytes being used. Add comments. Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-10 13:21:51 +01:00
Max Ehrlich	fc8167581f	Update tests to support multiple orgs Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:13 -04:00
Max Ehrlich	6a9f1d2348	Update code to allow setting multiple organizations Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:13 -04:00

1 2 3 4 5 ...

538 Commits