weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,044 Commits 45 Branches 0 Tags 96 MiB
6916dbec34
Commit Graph

846 Commits

Author SHA1 Message Date
jetstack-bot
8c0462bc35
Merge pull request #6360 from ABWassim/helm-improvement-webhook-configmap 
improvement(helm): fixed empty webhook configmap + refactored
 2023-09-25 20:18:47 +02:00
ABWassim
16191e6bcc improvement(helm): fixed empty webhook configmap + refactored 
Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>
 2023-09-25 16:54:13 +02:00
ABWassim
77fcb7d2a6 improvement(helm): fixed empty controller configmap + refactored 
Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>
 2023-09-25 12:09:18 +02:00
jetstack-bot
666e073040
Merge pull request #6330 from inteon/helm_image_options 
HELM: add options for configuring image
 2023-09-19 19:06:48 +02:00
Tim Ramlot
9749f1253d
upgrade dependencies 
Co-authored-by: Paul Merrison <paul@tetrate.io>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-12 11:38:10 +02:00
Tim Ramlot
4edfe0e177
HELM: add options for configuring image 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-11 16:53:38 +02:00
jetstack-bot
d03c56f670
Merge pull request #6311 from hawksight/pf/scoped-mutation 
cleanup: Scope mutating webhook to only certificaterequest resources
 2023-09-05 19:50:21 +02:00
Peter Fiddes
45c4545174 cleanup: remove unecessary UPDATE for mutating webhook 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2023-09-05 14:43:48 +01:00
Tim Ramlot
468b970f81
run make update-crds 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 12:21:42 +02:00
Peter Fiddes
c77438c907 cleanup: remove acme api as it has no certificaterequest resources 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2023-08-31 08:30:47 +01:00
Peter Fiddes
b3443073fc fix: Scope mutating webhook to only certificaterequest resources 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2023-08-30 15:49:37 +01:00
Gerald Pape
949792396c
Make enableServiceLinks configurable for DeploymentLikes 
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
 2023-08-23 14:44:31 +02:00
Erik Godding Boye
68568a8a55
feat: add view permission to all cert-manager resources to the cluster-reader aggregated cluster role 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2023-08-21 09:42:26 +02:00
Tim Ramlot
f50167ce31
restructure the controller configfile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-10 11:30:33 +02:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
jetstack-bot
cabc05824a
Merge pull request #6156 from kahirokunn/host-network-dns-policy 
chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet.
 2023-07-27 10:20:07 +02:00
jetstack-bot
615422b5bf
Merge pull request #6087 from rouke-broersma/patch-1 
fix: maxUnavailable pdb configuration cannot be used due to default set minAvailable
 2023-07-25 13:48:35 +02:00
arukiidou
740a4760b1
Update Chart.template.yaml 
add apache 2.0 license

Signed-off-by: arukiidou <arukiidou@yahoo.co.jp>
 2023-07-19 21:54:04 +09:00
jetstack-bot
e9e054b863
Merge pull request #6220 from giantswarm/webhook-netpol-indentation 
Fix indentation of Webhook NetworkPolicy matchLabels
 2023-07-18 09:55:23 +02:00
Gerald Pape
418df14dc0
Fix indentation of Webhook NetworkPolicy matchLabels 
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
 2023-07-17 16:24:59 +02:00
Tim Ramlot
a819025a4b
the chart will now disallow you to specify both the minAvailable and maxUnavailable values without issues 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-14 16:43:32 +02:00
Rouke Broersma
314163d461
Document that maxUnavailable takes precedence over minAvailable 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
29c270cf79
Fix conditions if maxUnavailable 0 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
5c5b1c6551
Fix pdb conditions 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
773afd3da4
Allow maxUnavailable in certmanager pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
eb2b4d8fbc
Allow maxUnavailable in webhook pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
659c95e202
Allow maxUnavailable in cainjector pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Ben Gelens
4adead4dfd fix the whitespace issue 
Signed-off-by: Ben Gelens <ben@bgelens.nl>
 2023-07-10 14:42:52 +02:00
jetstack-bot
8eb032a95a
Merge pull request #6110 from jkroepke/serviceMonitor 
[helm] Add prometheus.servicemonitor.endpointAdditionalProperties
 2023-06-26 11:29:55 +02:00
jetstack-bot
f9ffb76c5c
Merge pull request #6129 from cert-manager/remove_name_selector_admission_webhook 
Remove unused 'name' namespaceSelector
 2023-06-21 14:01:19 +02:00
kahirokunn
c2c0209acd chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet. 
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy

> For Pods running with hostNetwork, you should explicitly set its DNS policy to "ClusterFirstWithHostNet".

Signed-off-by: kahirokunn <okinakahiro@gmail.com>
 2023-06-15 11:17:30 +09:00
schrodit
a3c6261c38 disable service links on status api job 
Signed-off-by: schrodit <mail@timschrodi.tech>
 2023-06-12 14:09:36 +02:00
schrodit
c70be0a28b Disable service links in helm charts 
Signed-off-by: schrodit <mail@timschrodi.tech>
 2023-06-12 13:33:55 +02:00
Tim Ramlot
a945ab3378
remove unused 'name' namespaceSelector 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-03 09:54:33 +02:00
Jan-Otto Kröpke
d62eb71460
[helm] Add prometheus.servicemonitor.endpointAdditionalProperties 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2023-05-26 16:50:28 +02:00
Tim Ramlot
55ebaa31b5
fix typo 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-24 12:19:22 +02:00
irbekrm
acf07419f5 Fix a bug in helm chart where webhook had controller feature gates passed 
This will break anyone who relied on featureGates field to pass feature gates to webhook- they will need to use the new webhook.featureGates field

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:44:31 +01:00
jetstack-bot
a64088792d
Merge pull request #5991 from inteon/pr/JoshVanL/4810 
Server Side Apply: Adds support for CA Injector controller
 2023-05-05 14:21:07 +01:00
jetstack-bot
5035dda25e
Merge pull request #6006 from vidarno/cache-private-key-hash-on-issuer-status 
Cache private key hash on issuer status
 2023-05-05 08:05:07 +01:00
jetstack-bot
09e71c37d4
Merge pull request #5972 from vinzent/bugfix/issue-5755 
Check JKS/PKCS12 truststore in Secrets only if issuer provides the CA
 2023-05-04 11:04:37 +01:00
vidarno
a1f156c2b6 Merge branch 'cert-manager:master' into cache-private-key-hash-on-issuer-status 
Signed-off-by: vidarno <>
 2023-05-02 11:58:18 +02:00
vidarno
4934183927 Extend CRDs and structs to include LastPrivateKeyHash field 
Signed-off-by: vidarno <>
 2023-04-29 09:12:56 +02:00
Ashley Davis
40d8c0e4ec
fix broken links in values.yaml 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-04-27 16:32:34 +01:00
Thomas Müller
12483d3d54 Check JKS/PKCS12 truststores only if issuer provides the CA 
The current policy check for keystores in Secrets creates a loop because
the truststore.jks or truststore.p12 will never exist when the issuer didn't
provide the CA certificate. This behaviour was introduced by #5597

The JKS and PKCS12 truststores are only added to the Secret
if the CA is provided by the issuer. The CertificateRequest API
reference states:

> The PEM encoded x509 certificate of the signer, also known
> as the CA (Certificate Authority). This is set on a best-effort basis by
> different issuers. If not set, the CA is assumed to be unknown/not available.

This change will only check the PKCS12/JKS truststores if the CA cert from the
issuer exists in the secret.

Fixes #5755

Signed-off-by: Thomas Müller <thomas@chaschperli.ch>
 2023-04-27 17:09:41 +02:00
jetstack-bot
19104fcb4a
Merge pull request #5962 from wallrj/5670-controller-manager-liveness-probe 
Report controller-manager as unhealthy if leader election has failed to renew the lease but process is wedged
 2023-04-27 15:09:54 +01:00
Richard Wall
300d89a6cd Disable the controller liveness probe by default 
And allow configuration via Helm chart values

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-27 13:34:25 +01:00
Tim Ramlot
927cef3c22
switch to SSA for cainjector 
Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-26 17:04:11 +02:00
Richard Wall
b92482e041 Use a named port 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 13:04:52 +01:00
Richard Wall
4288fc02e8 Don't specify the livenessprobe host 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 12:42:34 +01:00
Richard Wall
4d182e9c7b Add /livez endpoint which reports the leaderElection status 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 07:53:26 +01:00