weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
2,061 Commits 45 Branches 0 Tags 96 MiB
687dcd0db7
Commit Graph

2061 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jetstack-bot
687dcd0db7
Merge pull request #1420 from munnerz/cainjector-apiserverca 
cainjector: support injecting apiserver ca
 2019-03-01 15:19:05 +00:00
James Munnelly
63f4f48304 Make injecting APIServer CA optional in Helm chart 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 20:50:26 +00:00
James Munnelly
1618ebde43 Fix loading apiserver caBundle 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 19:34:40 +00:00
jetstack-bot
334477ec73
Merge pull request #1392 from munnerz/gen-tmp-selfsigned 
Generate temporary certificate to appease ingress-gce
 2019-02-28 19:20:03 +00:00
James Munnelly
984262d6f4 Use inject-apiserver-ca annotation for webhook 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 17:00:32 +00:00
jetstack-bot
82cc425822
Merge pull request #1421 from arapulido/add-kubeprod-as-alt-deploy 
Added kubeprod as an alternative way to deploy cert-manager to the documentation
 2019-02-28 16:56:04 +00:00
James Munnelly
b34adf88ff cainjector: support injecting apiserver ca 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 16:45:26 +00:00
Ara Pulido
02d2d51ece Small fixes based on review 
Thanks for the review :)
Signed-off-by: Ara Pulido <apulido@gmail.com>
 2019-02-28 17:42:43 +01:00
Ara Pulido
7510bf4868 Added kubeprod as an alternative way to deploy cert-manager 
Signed-off-by: Ara Pulido <apulido@gmail.com>
 2019-02-28 16:52:50 +01:00
jetstack-bot
25e60f68b3
Merge pull request #1415 from munnerz/cainjector-updates 
Updates to cainjector controller
 2019-02-28 15:52:09 +00:00
jetstack-bot
c07bfd7181
Merge pull request #1419 from DanielMorsing/enable_httpstest 
Enable https redirect test
 2019-02-28 15:05:11 +00:00
James Munnelly
d98458d0f0 Update chart docs and remove unused var 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 15:00:55 +00:00
James Munnelly
c6ec85ea54 Remove erroneous volume mount 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 14:52:54 +00:00
Daniel Morsing
f4b132c8c6 enabled https redirect test 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-02-28 12:25:03 +00:00
Daniel Morsing
e1cee57b32 update dependencies for test 
We use the latest pebble release without the strict mode flag enabled

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-02-28 12:24:24 +00:00
James Munnelly
6110f3d27b Additional Helm chart fixes 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 10:47:45 +00:00
James Munnelly
2d4ae93388 Fix reference to old name 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 16:00:50 +00:00
James Munnelly
9e914d6457 Update generated files 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 15:43:17 +00:00
James Munnelly
66dcc8f97c Use cainjector for webhook APIService 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 15:38:57 +00:00
James Munnelly
a5e09b3aff Add cainjector to release.sh 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 15:27:40 +00:00
James Munnelly
f534cae83c Reduce RBAC permissions on Certificates and Secrets 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 15:26:23 +00:00
James Munnelly
80ff737bd9 Move cainjector into its own subchart 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 15:26:23 +00:00
James Munnelly
f90d145688 Rename to cainjector 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 15:26:23 +00:00
James Munnelly
22edcc9071 Update flag descriptions 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 15:26:23 +00:00
jetstack-bot
ccd2dd8533
Merge pull request #1398 from DirectXMan12/feature/ca-controllers 
Add a CA Injector Controller
 2019-02-27 14:59:44 +00:00
James Munnelly
a0d6b78d31 Bump chart version 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-27 14:44:56 +00:00
Solly Ross
8eb88d451b Deployment files for CA Injector 
This adds deployment files for the CA injector to the cert-manager
controller chart.  It reuses as much as possible from the existing
deployment options.

Signed-off-by: Solly Ross <sollyross@google.com>
 2019-02-26 21:47:35 -08:00
Solly Ross
c2e4777e99 Add controller-runtime as dependency 
This adds controller-runtime as a dependency, for the CA injector
controllers.

Signed-off-by: Solly Ross <sollyross@google.com>
 2019-02-26 21:47:35 -08:00
Solly Ross
42248a91d7 CA Injector Controller 
This implements a CA injector controller using controller-runtime.
It looks at admission webhooks and APIServices with a particular
annotation, and injects the CA data from certificates.

Signed-off-by: Solly Ross <sollyross@google.com>
 2019-02-26 21:47:34 -08:00
James Munnelly
dfabece6eb Use a one-use CA to sign temporary certificates 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-25 20:48:13 +00:00
James Munnelly
5a10008790 Only assert that the not ready condition is set in acme failure case test 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-25 17:49:54 +00:00
James Munnelly
cf2f9eac74 Generate a temporary certificate whilst waiting for Issuer to issue 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-25 17:48:22 +00:00
Daniel Morsing
2d21983486 Implement test for HTTP->HTTPS redirects during ACME HTTP01 challenges (#1303) 
* Add test for http->https redirects

This makes sure that when we're handling http->https redirects like
letsencrypt/boulder would for acme HTTP-01 validations

Signed-off-by: Daniel Morsing <dmo@jetstack.io>

* add initial TLS cert in hopes that this will make the TLS redirect work

Signed-off-by: Daniel Morsing <dmo@jetstack.io>

* make nginx-ingress not cheat on redirects

Signed-off-by: Daniel Morsing <dmo@jetstack.io>

* skip test until nginx-ingress is fixed

Signed-off-by: Daniel Morsing <dmo@jetstack.io>

* run bazel update

Signed-off-by: Daniel Morsing <dmo@jetstack.io>

* gofmt

Signed-off-by: Daniel Morsing <dmo@jetstack.io>

* reenable no-tls-redirects

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-02-25 15:01:19 +00:00
jetstack-bot
01903f06ba
Merge pull request #1384 from munnerz/unit-compare-reading 
Print unit test failures in action matchers as part of failure message
 2019-02-22 18:16:38 +00:00
jetstack-bot
278341b79a
Merge pull request #1404 from munnerz/always-print-logs 
Don't return errors if retrieving pod logs fails
 2019-02-22 17:34:38 +00:00
James Munnelly
b9a0c51933 Don't return errors if retrieving pod logs fails 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 17:11:10 +00:00
jetstack-bot
91066cf146
Merge pull request #1402 from munnerz/fix-release 
Run helm init -c in release.sh
 2019-02-22 14:39:37 +00:00
jetstack-bot
8752770769
Merge pull request #1268 from munnerz/k8s-113 
Bump Kubernetes dependencies to 1.13
 2019-02-22 13:39:45 +00:00
James Munnelly
afed5b665b Run helm init -c 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 13:07:07 +00:00
James Munnelly
3737966e9b Remove nonexistent flag from webhook deployment 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 12:50:09 +00:00
James Munnelly
be915d0567 Update generated files 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 12:34:55 +00:00
James Munnelly
439499561c Remove dependence on k8s.io/ingress 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 12:34:52 +00:00
James Munnelly
2f30258f0e Switch to klog 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 12:34:02 +00:00
James Munnelly
a9d8f7de8a Fixup for Kubernetes 1.13.2 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 11:53:19 +00:00
jetstack-bot
c2ca3d4947
Merge pull request #1389 from munnerz/bump-rules-docker 
Bump rules_docker version
 2019-02-22 11:46:38 +00:00
James Munnelly
749ce34244 Bump Kubernetes libraries to 1.13.2 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-22 11:42:54 +00:00
jetstack-bot
fd4d2022af
Merge pull request #1397 from munnerz/fix-helm-release 
Negate SKIP_CHART in comparison
 2019-02-21 17:17:22 +00:00
James Munnelly
0a4e4434fe Negate SKIP_CHART in comparison 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-21 16:11:52 +00:00
jetstack-bot
f1f701213d
Merge pull request #1390 from munnerz/v070alpha0 
Bump files for v0.7.0-alpha.0
 2019-02-21 14:34:58 +00:00
jetstack-bot
4ec61b9b86
Merge pull request #1377 from munnerz/helm-release 
Publish Helm chart as part of release.sh script
 2019-02-20 17:31:39 +00:00