cert-manager

Author	SHA1	Message	Date
irbekrm	5d7614ddd4	Passes controller context into all NewController funcs Instead of individual arguments. For readability and consistency. Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Avi Sharma	a62f92e33d	Add testcases for foreground deletion sync Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:53 +05:30
Avi Sharma	e5d9745078	Skip syncing resources deleted via foreground cascading Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:28 +05:30
Maël Valais	76eef68730	serviceAccountRef: the vault issuer can now use bound SA tokens Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-06 18:28:49 +01:00
irbekrm	74b258c3be	Code review feedback Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 08:53:27 +00:00
irbekrm	7e4dea1c2e	Clarify the error message when secret annotation is missing namespace prefix Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 11:12:31 +00:00
irbekrm	24040c4989	Ensure that updates to injectables are caught Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 10:49:56 +00:00
irbekrm	a174f0faa4	Filter injectables that trigger reconciles Only trigger reconciles for events on injectable types that are annotated, not random unrelated resources Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-30 11:27:15 +00:00
irbekrm	7a5c71a1ed	Cleanup, better comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-30 11:26:07 +00:00
jetstack-bot	9f7a4053ab	Merge pull request #5746 from irbekrm/cainjector_remove_duplicate_cache Remove the double cache mechanism for cainjector	2023-01-25 15:05:57 +00:00
irbekrm	3aba8ed32d	Makes cainjector Certificate watch optional Configurable via a flag, true by default Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-24 13:52:45 +00:00
irbekrm	4776597cb4	Remove the double cache mechanism for cainjector Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-23 17:38:46 +00:00
Tim Ramlot	191e7ca305	add (deprecated) stub functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:26:37 +01:00
Tim Ramlot	23de5240e9	move utility functions to reduce fragmentation and rename functions for consistency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:19:39 +01:00
jetstack-bot	1038ca4494	Merge pull request #4502 from ctrought/master support subject and email annotations for ingress/gateway	2023-01-20 14:35:37 +00:00
ctrought	575e3155c2	fix: goimports Signed-off-by: ctrought <k8s@trought.ca>	2023-01-19 14:57:10 -05:00
jetstack-bot	aa7fe1130c	Merge pull request #5660 from irbekrm/certificate_labels Ensures that certificate.spec.secretName and temporary private key Secrets are labelled	2023-01-09 10:57:30 +00:00
irbekrm	5e8fd7dc41	Policy check ensures that cert.sepc.secretName secret gets labelled Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:31:31 +00:00
irbekrm	213949a590	Keymanager controller ensures that temporary private key Secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:30:34 +00:00
irbekrm	c7465fd921	Issuing controller ensures that cert.spec.secretName secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:29:51 +00:00
irbekrm	ff80030737	Log error if CA source is in a namespace that is not in scope cainjector will still watch cluster-scoped resources such as CRDs, so it can get references to Secrets or Certificates in namespaces that are out of scope Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 10:09:36 +00:00
irbekrm	87bef52337	Fix cainjector's namespace flag Ensures that when cainjector has the namespace flag passed, namespaced resource caching is scoped to that namespace Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-05 18:15:19 +00:00
Ashley Davis	0225cc9234	avoid logging confusing error messages for external issuers See https://github.com/cert-manager/cert-manager/issues/5601 When referring to external issuers whose kind is not "Issuer" or "ClusterIssuer" we log an error message thanks to a new check added in a previous PR[1] which should only trigger for SelfSigned issuers. The error previously looked like: ```text "error"="invalid value \"x\" for issuerRef.kind. Must be empty, \"Issuer\" or \"ClusterIssuer\"" ``` After this PR, any CR with an issuer whose group or kind doesn't match what's expected for a built-in issuer will be skipped https://github.com/cert-manager/cert-manager/pull/5336 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io> WIP: test other issuer kinds Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-01-04 12:10:34 +00:00
Sathyanarayanan Saravanamuthu	f719247d2b	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	94fa9eeee6	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	42ae76ae30	Refreshing secrets when the keystore fields change Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
jetstack-bot	6ec8da3366	Merge pull request #5583 from lvyanru8200/uodateGwVerison feature: update gateway api to v1beta1	2022-12-05 14:52:48 +00:00
lv	a13c76d312	feature: update gateway api to v1beta1 Signed-off-by: lvyanru <yanru.lv@daocloud.io> feature: update gateway api to v1beta1 Signed-off-by: lvyanru <1113706590@qq.com>	2022-12-05 14:03:21 +00:00
Martín Montes	f884dac555	Return error when Gateway has a cross-namespace secret ref Signed-off-by: Martín Montes <martin11lrx@gmail.com>	2022-12-01 12:46:33 +01:00
Corey McGalliard	7e6e0940a2	updating to match feedback and adjust the RunAsNonRoot options for http01 solver to be more descriptive Signed-off-by: Corey McGalliard <cmcgalliard@redventures.com>	2022-11-16 11:20:36 -05:00
Tim Ramlot	b999749854	improve gen.CSR and use it everywhere Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-11-10 09:21:31 +01:00
joshvanl	e804431dba	Fire event for informational purposes when the CertificateRequest has not yet been approved. Signed-off-by: joshvanl <me@joshvanl.dev>	2022-10-23 18:04:58 +01:00
jetstack-bot	277bcfc305	Merge pull request #5504 from sathyanarays/nit_fix [NIT] Changing variable name to denote right type	2022-10-14 17:17:30 +01:00
jetstack-bot	da3265115b	Merge pull request #5387 from Tolsto/vault-ca-bundle-secret-ref Add option to load Vault CA bundle from Kubernetes Secret	2022-10-13 09:55:09 +01:00
Sathyanarayanan Saravanamuthu	1bc773cbcf	[NIT] Changing variable name to denote right type Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-12 13:41:23 +05:30
Sathyanarayanan Saravanamuthu	204fa78dd8	[NIT] Changing variable name to denote right type Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-12 13:37:35 +05:30
Sathyanarayanan Saravanamuthu	2969202fe2	Addressing review comments Co-authored-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-11 17:22:38 +05:30
Sathyanarayanan Saravanamuthu	40947b0ef4	Generate Certificate Request with predictable name Co-authored-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-11 17:01:26 +05:30
Tim Ramlot	e917e4a103	log more information on why the get CertificateRequest request failed Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-10-05 18:53:53 +02:00
Tim Ramlot	39fa9f51b4	upgrade dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-09-26 11:43:12 +02:00
Renato Costa	162777aab2	Fix incorrect uses of loop variable This fixes two instances where loop variables were being incorrectly used: - using a loop variable in a closure passed to `ginkgo.It()` is incorrect, as the capture happens by reference and only the last test case will be executed (multiple times). - a similar issue happens in the context of a goroutine; specifically, we need to create a copy of the `runDurationFunc` before calling it in a goroutine as done by the controller's `Run` function. With regards to the second issue, I believe it never came to the surface because, in production code, only one `runDurationFunc` is passed; tests don't exercise the multiple funcs path either. Issues were automatically found with the `loopvarcapture` linter. Signed-off-by: Renato Costa <renato@cockroachlabs.com>	2022-08-26 15:08:30 -04:00
jetstack-bot	12f98dbc7e	Merge pull request #5376 from inteon/upgrade_gateway_api Upgrade gateway api to v0.5.0	2022-08-25 16:08:10 +01:00
jetstack-bot	d1a8f7f52d	Merge pull request #5336 from JoshVanL/controllers-certificaterequests-secrets-informer CertificateRequest: re-sync SelfSigned CertificateRequest when target Secret is informed.	2022-08-23 16:46:23 +01:00
ctrought	6fa81fe8be	fix merge conflict Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 12:27:54 -04:00
ctrought	4413e837e9	escape subject util cleanup Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 11:01:22 -04:00
ctrought	d9a8047f9c	ingress subject annotations & helper tests Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 11:01:18 -04:00
ctrought	8f597dae1d	subject street tests Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 10:55:36 -04:00
ctrought	3d3e2777a3	handle subject escaped csv Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 10:50:20 -04:00
Nils	81e6c24293	fixup! Add option to load Vault CA bundle from Kubernetes Secret Co-authored-by: Josh van Leeuwen <joshua.vanleeuwen@jetstack.io> Signed-off-by: Nils Mueller <nm@impactful.it>	2022-08-21 07:41:15 +03:00
joshvanl	7b168cc059	Updates selfsigned CertificateSigningRequest controller with new Secret informer, and no longer mark the request as Failed when the private key Secret is malformed. This behaviour matches the CertificateRequest self signed controller. Signed-off-by: joshvanl <me@joshvanl.dev>	2022-08-09 11:16:10 +01:00

1 2 3 4 5 ...

1335 Commits