cert-manager

Author	SHA1	Message	Date
jetstack-bot	f643eef2b2	Merge pull request #6755 from import-shiburin/master bugfix: wrong certificate chain is used if preferredChain is configured	2024-02-20 15:29:07 +00:00
Tim Ramlot	b77910d785	change signature of SetCertificateDuration and SetCertificateRenewBefore Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-20 08:40:38 +01:00
Tim Ramlot	4ae9c68dda	fix bug in gen lib Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-20 08:40:38 +01:00
Tim Ramlot	205067b834	update tests to match the current Let's encrypt setup Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-16 15:23:45 +01:00
Rodrigo Fior Kuntzer	0e51dc709a	tests: require Vault mTLS during e2e Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>	2024-02-15 18:20:24 +01:00
Tim Ramlot	e63d061269	add tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 13:48:01 +02:00
Tim Ramlot	3fc1f8a580	upgrade all dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-24 19:54:25 +02:00
Tim Ramlot	e7530880ce	use Version 3 for all Certificates and Version 0 for all CertificateRequests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:21:55 +02:00
Tim Ramlot	0cf0f80b40	switch to non-deprecated functions in source code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
vidarno	92da674e9a	Update logic in function IsKeyCheckSumCached to compare private key with hash in status field of CRD instead of from Secret Signed-off-by: vidarno <>	2023-04-29 09:13:54 +02:00
Tim Ramlot	ebe39934aa	vault test code cleanliness improvements Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-13 16:44:49 +02:00
irbekrm	8217ff8714	Adds some extra unit tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
Maël Valais	aed8a2ec85	serviceAccountRef: auto-generate "aud" and hardcode "exp" Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-06 18:28:49 +01:00
Maël Valais	76eef68730	serviceAccountRef: the vault issuer can now use bound SA tokens Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-06 18:28:49 +01:00
Tim Ramlot	23de5240e9	move utility functions to reduce fragmentation and rename functions for consistency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:19:39 +01:00
Tim Ramlot	26d04f3d8a	add WithLegacy function to our fake discovery client Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-12-14 21:53:42 -08:00
Tim Ramlot	c0dc705c24	fail in case of invalid IP address Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-11-14 09:11:23 +01:00
Tim Ramlot	b999749854	improve gen.CSR and use it everywhere Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-11-10 09:21:31 +01:00
jetstack-bot	da3265115b	Merge pull request #5387 from Tolsto/vault-ca-bundle-secret-ref Add option to load Vault CA bundle from Kubernetes Secret	2022-10-13 09:55:09 +01:00
Sathyanarayanan Saravanamuthu	40947b0ef4	Generate Certificate Request with predictable name Co-authored-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-11 17:01:26 +05:30
Nils Mueller	2f6fa9dddf	fixup! Add option to load Vault CA bundle from Kubernetes Secret Signed-off-by: Nils Mueller <nm@impactful.it>	2022-08-16 02:57:43 +03:00
Nils Mueller	00a20097b6	Add option to load Vault CA bundle from Kubernetes Secret Vault distributions like "Bank Vaults" automatically configure and provision Vault and provide the CA bundle via a Kubernetes Secret. Having to hard-code the bundle in the Issuer instead of dynamically referencing it through the Secret requires a manual second step when using a GitOps workflow. Signed-off-by: Nils Mueller <nm@impactful.it>	2022-08-15 03:10:51 +03:00
joshvanl	52787eabd2	Adds e2e tests for the new SelfSigned CertificateSigningRequest Secret informer Signed-off-by: joshvanl <me@joshvanl.dev>	2022-08-09 11:17:44 +01:00
Tim Ramlot	93caba980e	apply go fmt for go1.19 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-08-04 09:51:57 +00:00
Ashley Davis	fb231ab641	Remove bazel 🎉 This removes all .bazel and .bzl files, and a bunch of scripts relating to bazel, now that it's been entirely replaced. There are still a few places where traces could be removed, but this removes the brunt of the bazel stuff that remains. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-07-26 11:38:50 +01:00
Luca Comellini	aaa513de00	Bump k8s.io dependencies Signed-off-by: Luca Comellini <luca.com@gmail.com>	2022-06-30 15:16:14 -07:00
Richard Wall	557d14a0cd	Refactor the update and updateStatus to a single deferred function Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-05-12 16:51:30 +01:00
Richard Wall	6a4fffbedc	Test that the cleanup is performed Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-04-29 17:51:34 +01:00
lonelyCZ	53d8a07397	Add a unit test for challenges reScheduler Signed-off-by: lonelyCZ <531187475@qq.com>	2022-04-08 14:35:41 +08:00
joshvanl	c54451092e	Adds integration tests for owner reference post issuance checks Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-29 13:54:27 +01:00
jetstack-bot	ca32961253	Merge pull request #4772 from irbekrm/exp_backoff Exponential backoff for retrying failed certificate issuances	2022-03-21 20:31:23 +00:00
Monis Khan	2a33c7a5c2	Use Kubernetes CSR spec.expirationSeconds to express cert duration This change adds the ability to express certificate duration using the Kubernetes CSR spec.expirationSeconds field alongside the existing approach of using the experimental.cert-manager.io/request-duration annotation. Both approaches are supported as the expirationSeconds field requires Kubernetes v1.22+. Signed-off-by: Monis Khan <mok@vmware.com>	2022-03-21 09:40:32 -04:00
irbekrm	dbad3d98f3	Rename issuanceAttempts -> failedIssuanceAttempts In an attempt to convey the meaning of the field better Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	9824ab0949	certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed This field tracks the number of continuous failures and is used to implement exponential backoff Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
Jake Sanders	03748831a9	Remove hardcoded cert from cmctl inspect secret unit tests Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2022-03-01 13:11:31 +00:00
Ashley Davis	3a055cc2f5	rename all uses of github.com/jetstack/cert-manager This was done by running the following command twice: ```bash grep -Ri "github.com/jetstack/cert-manager" . \| \ cut -d":" -f1 \| \ sort \| \ uniq \| \ xargs sed -i "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/" ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-02 09:08:31 +00:00
joshvanl	f1cafae95f	Refactor trigger policies to be more generic and be used by multiple controllers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	b13e4d4531	Update unit test package for secret manager unit tests, adds user agent to integration tests Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	685dd79c0c	Makes some minor API naming changes, and clears up some docs around the Certifcate's additional output formats. Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-14 20:00:26 +00:00
Thierry Sallé	7f8641dd94	[additionalOutputFormats] Update comments and add more tests Signed-off-by: Thierry Sallé <seuf76@gmail.com>	2022-01-14 11:10:32 +01:00
Thierry	81f308221b	Add certifcate additionalOutputFormats parameter DER Format to create key.der binary format of the private key. CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt. Added Unit and e2e tests for secret with Additional output format. Feature flag AdditionalCertificateOutputFormats to enable feature. Signed-off-by: Thierry Sallé <seuf76@gmail.com>	2022-01-14 11:10:32 +01:00
James Munnelly	642cfb1b46	Fix misconfigured test/unit/discovery visibility rule Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-10-21 12:31:28 +01:00
Aidan Jensen	15d1ba96fe	Fix spelling error. Fix tests Signed-off-by: Aidan Jensen <aidan@artificial.com>	2021-09-01 10:47:46 -07:00
Jonathan Prates	c5e81b13f6	fix: labels cannot be shown if no labels were changed Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	ababc24670	fix: add SetCertificateSecretTemplate function comment Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	936ad33539	fix: ensure secret annotations and labels will be copied if updated in the cert Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	47bc03e7c4	feat: add support to secretTemplates Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jake Sanders	67c6586161	Addressing code review comments in #4225 Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-07-26 18:29:54 +01:00
joshvanl	c9f5cbd0bc	Adds more modifier funcs to Order in unit gen Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	7e8bf731b2	Remove the `experimental.cert-manager.io/ca` annotation from the CertificateSigningRequest Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-25 16:02:37 +01:00

1 2 3

142 Commits