weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,918 Commits 45 Branches 0 Tags 96 MiB
615422b5bf
Commit Graph

7918 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jetstack-bot
615422b5bf
Merge pull request #6087 from rouke-broersma/patch-1 
fix: maxUnavailable pdb configuration cannot be used due to default set minAvailable
 2023-07-25 13:48:35 +02:00
jetstack-bot
4de06a19d7
Merge pull request #6152 from inteon/improve_policy_chain_v0 
Improve Trigger, Readiness and PostIssuance Policy chains
 2023-07-24 17:06:42 +02:00
jetstack-bot
339a969478
Merge pull request #6227 from lucacome/bump-k8s.io-deps 
Bump k8s.io dependencies
 2023-07-24 11:15:42 +02:00
Tim Ramlot
106d49f44b
upgrade kind images 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 10:14:51 +02:00
Tim Ramlot
82ec7b3ee0
downgrade k8s.io/kube-openapi 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:53:13 +02:00
Tim Ramlot
36ddf19e2e
improve Trigger, Readiness and PostIssuance Policy chains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:42:19 +02:00
Tim Ramlot
19918da4c8
run 'make update-licenses' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:38:27 +02:00
Tim Ramlot
f61aacb8c1
run 'make tidy' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:34:29 +02:00
Luca Comellini
3ff638b6f3
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-07-20 10:35:20 -07:00
jetstack-bot
ed9d525979
Merge pull request #6225 from arukiidou/patch-1 
helm: Update Chart.template.yaml - add apache 2.0 license
 2023-07-20 09:41:09 +02:00
arukiidou
740a4760b1
Update Chart.template.yaml 
add apache 2.0 license

Signed-off-by: arukiidou <arukiidou@yahoo.co.jp>
 2023-07-19 21:54:04 +09:00
jetstack-bot
e9e054b863
Merge pull request #6220 from giantswarm/webhook-netpol-indentation 
Fix indentation of Webhook NetworkPolicy matchLabels
 2023-07-18 09:55:23 +02:00
jetstack-bot
bad235cb7e
Merge pull request #6209 from bgelens/fix-serviceaccountlabels-adding-whitespace 
service account labels introduce a white line issue
 2023-07-18 09:43:24 +02:00
jetstack-bot
3cd1e58d1e
Merge pull request #6218 from SgtCoDFish/bumpgo 
Bump go to latest patch release
 2023-07-17 18:42:43 +02:00
Gerald Pape
418df14dc0
Fix indentation of Webhook NetworkPolicy matchLabels 
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
 2023-07-17 16:24:59 +02:00
Ashley Davis
5ca59ddf2d
bump go to latest patch release 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-07-17 12:54:18 +01:00
Tim Ramlot
a819025a4b
the chart will now disallow you to specify both the minAvailable and maxUnavailable values without issues 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-14 16:43:32 +02:00
Rouke Broersma
314163d461
Document that maxUnavailable takes precedence over minAvailable 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
29c270cf79
Fix conditions if maxUnavailable 0 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
5c5b1c6551
Fix pdb conditions 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
773afd3da4
Allow maxUnavailable in certmanager pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
eb2b4d8fbc
Allow maxUnavailable in webhook pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
659c95e202
Allow maxUnavailable in cainjector pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Ashley Davis
a76003f737
Merge pull request #6056 from inteon/improve_pki_webhook 
Improve CertificateRequest's CSR validation code
 2023-07-11 16:31:37 +01:00
Ben Gelens
4adead4dfd fix the whitespace issue 
Signed-off-by: Ben Gelens <ben@bgelens.nl>
 2023-07-10 14:42:52 +02:00
jetstack-bot
e36a8c3b43
Merge pull request #6206 from inteon/remove_vcert_fork 
Remove VCert fork dependency replace statement
 2023-07-10 13:14:10 +02:00
Tim Ramlot
4d7f6281d0
use pki validation code for CSR validation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-10 12:48:12 +02:00
Tim Ramlot
90f84b9c40
remove VCert fork dependency replace statement 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-10 11:26:16 +02:00
jetstack-bot
22c64abd02
Merge pull request #6204 from inteon/move_framework 
REVERT: Move e2e framework back to e2e module
 2023-07-10 10:30:14 +02:00
Tim Ramlot
7098c25a55
move e2e framework back to e2e module 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-07 19:26:10 +02:00
jetstack-bot
843deed22f
Merge pull request #6199 from inteon/add_validation_to_pki 
Add validation to pki CertificateTemplate functions
 2023-07-07 09:32:14 +02:00
Tim Ramlot
dcf3c99e63
fix Kubernetes CSR tests, making sure the Usages match what is encoded in the CSR blob 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
jetstack-bot
914944c020
Merge pull request #6176 from inteon/reconcile_managed_annotations_and_labels 
Reconcile when managed annotations/ labels are out-of-sync
 2023-07-04 11:55:29 +02:00
Tim Ramlot
bfa61c7804
add comments explaining what the label and annotation checks do 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:28 +02:00
Tim Ramlot
c16a34e0b1
use .Delete() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:24 +02:00
jetstack-bot
e66a92ac52
Merge pull request #6182 from inteon/stricter_certificaterequest_csr_webhook_validation 
BUGFIX: Stricter CertificateRequest CSR webhook validation
 2023-06-29 18:10:43 +02:00
Tim Ramlot
1649730a0d
Update internal/controller/certificates/policies/checks.go 
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 12:54:20 +01:00
jetstack-bot
7482de8bac
Merge pull request #6191 from Richardds/fix-dns-01-cloudflare 
Handle multiple Cloudflare DNS01 challenges for the same FQDN
 2023-06-28 13:08:39 +02:00
Tim Ramlot
2f56c3c89a
add DontAllowInsecureCSRUsageDefinition feature gate to disable the strict CSR validation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-28 11:11:32 +02:00
Richard Boldiš
2b2ada9491 fix: handle multiple cloudflare dns-01 challenges for the same FQDN 
Signed-off-by: Richard Boldiš <richard@boldis.dev>
 2023-06-27 18:13:35 +02:00
jetstack-bot
956dd47132
Merge pull request #6187 from AcidLeroy/honor-kind-cluster-name 
Honor KIND_CLUSTER_NAME for e2e-setup & clean
 2023-06-27 17:46:55 +02:00
Cody W. Eilar
daf5b8f763 Honor KIND_CLUSTER_NAME for e2e-setup & clean 
- Prior to this commit, regardless what was put for KIND_CLUSTER_NAME,
  the name of the cluster was always "kind". Furthermore, when running
  make clean, only clusters named "kind" were cleaned up. With a few
  minor fixes, this commit solves the problem so that kind clusters with
  different names can be used when running tests.

Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Cody Eilar <cody@codyeilar.com>
 2023-06-27 09:35:07 -06:00
jetstack-bot
b66fe4ae77
Merge pull request #6189 from wallrj/static-e2e-test-build 
Static e2e test build
 2023-06-27 14:32:55 +02:00
Richard Wall
7ee4c0b1e1 Use the correct path in the the example command 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-06-27 12:49:13 +01:00
Richard Wall
cc0782b917 Reduce binary size by stripping dwarf tables and symbol tables 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-06-27 12:47:08 +01:00
Richard Wall
87b3e321c8 Disable CGO when compiling an e2e.test binary 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-06-27 12:46:31 +01:00
jetstack-bot
8eb032a95a
Merge pull request #6110 from jkroepke/serviceMonitor 
[helm] Add prometheus.servicemonitor.endpointAdditionalProperties
 2023-06-26 11:29:55 +02:00
Tim Ramlot
63387015d0
make CertificateRequest webhook validation more strict (the Usages array should always be the source of truth) 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-26 10:08:13 +02:00
Tim Ramlot
3938c75850
improve (Extended)KeyUsage parsing to be more consistent 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-26 10:06:55 +02:00