To help avoid issues with the ValidateCAA functionality, this disables
the CAA check by default and adds a new --feature-gates=ValidateCAA=true
option to cert-manager-controller to allow enabling the previous
behaviour in v0.7.0 and v0.7.1.
Once issues with CNAMEd DNS names pointing to internal nameservers
are resolved, this option will be defaulted to on.
Signed-off-by: James Munnelly <james@munnelly.eu>
This implements a CA injector controller using controller-runtime.
It looks at admission webhooks and APIServices with a particular
annotation, and injects the CA data from certificates.
Signed-off-by: Solly Ross <sollyross@google.com>
The admissions server middleware we use doesn't want to do
hot-reloading, so instead, watch the file and if it changes, have
the k8s server restart the webhook
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
Adds cmd flag for controlling if authoritative dns servers are used to
check RR propagation or just normal resolvers.
This change is added so that constrained enviornments can control more
aspects of DNS queries performed.
- Applying PR feedback
Signed-off-by: Thomas Miller <thomas@tlm.id.au>
Count certificate requests
Add certificate_expiry_time_seconds metric
Register certificate_expiry_time_seconds metric, fix kind switch and fix metric status result
Export nameForIssuer and remove unneccessary switch
Refactor metrics into controller context
Move metrics collection into functions
Move error checking for metrics collection back into sync function
Remove space
Add TODO
Move update certificate expiry function to metrics package
Refactor metrics functionality
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Run dep ensure
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Fix build
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Refactor
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Fix reporting errors
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Add comments
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Remove unused issuerType
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Update dep inputs-digest
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Don't update status
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Make metrics package level var
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Add prometheusMetricsServerMaxHeaderBytes comment
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Add failures metric
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Remove issue metrics
TODO: hopefully revert this at some point.
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Assign metrics
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Update dep digest
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Fix copyright header
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Remove old metrics server
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Update bazel files
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Clean up
Signed-off-by: Louis Taylor <louis@kragniz.eu>
- changing the name of the command line option to --auto-certificate-annotations
- making the option an array to allow for multiple annotations settings
Signed-off-by: Rohith Jayawardene <gambol99@gmail.com>
- adds a option command line (default to the current behavour) which allows the user to control the acme annotation used by the shim controller
- a current mitgration requires use to run multiple providers at the same
Signed-off-by: Rohith Jayawardene <gambol99@gmail.com>
