Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move to github.com/jetstack/cert-manager repo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Closes#134
**Release note**:
```release-note
Move to 'jetstack' organisation.
Action required: this will require updating your existing deployments to point to the new image repository, as new tags will not be pushed to the old 'jetstackexperimental/cert-manager-controller` repository.
```
/area admin
/assign
/release-note-action-required
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tidy up informers
**What this PR does / why we need it**:
Refactors the controllers and issuers to use the new vendored and filtered informers
**Special notes for your reviewer**:
Do not merge until #178 has merged
**Release note**:
```release-note
No longer support ClusterIssuer resources when cert-manager is running with `--namespace` flag set
```
/assign
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Pin dependencies to release-1.8
**What this PR does / why we need it**:
Pins us to use versioned Kubernetes dependencies
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set TLS certificate secret type to TLS type
**What this PR does / why we need it**:
Set the Kubernetes secret type to TLS
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#133
**Release note**:
```release-note
Set the Kubernetes secret type to TLS.
Action required: this will cause renewals of existing certificates to fail. You **must** delete certificates that have been previously produced by cert-manager else cert-manager may enter a renewal loop when saving the new certificates. Alternatively, you may specify a new secret to store your certificate in and manually update your ingress resource/applications reference the secret.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Only ever create http01 solver service instead of also updating
**What this PR does / why we need it**:
Previously the ensureService function was written to update a service if it already exists. There should never be a case where the http01 solver needs to update an existing *service*, so this PR simplifies this functionality into a simple `createService` function.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow rediscovering lost/not set ACME account URIs
**What this PR does / why we need it**:
Overcome 'registration already exists for provider key' errors in ACME provider by auto-detecting lost ACME registration URIs
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixed#151, fixes#162
**Special notes for your reviewer**:
This change causes us to *always* attempt to register an account, and upon failure will read the account ID from the `Location` header of the registration response and then verify *that* account.
**Release note**:
```release-note
Overcome 'registration already exists for provider key' errors in ACME provider by auto-detecting lost ACME registration URIs
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix checking for invalid data in issuer secrets
Fixes#169
**Release note**:
```release-note
Fix checking for invalid data in issuer secrets
```
/assign
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Error if existing presented key and expected key do not match
**What this PR does / why we need it**:
A type in the HTTP01 solver caused it to not return an error if the key presented by the ingress and the expected key do not match.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#163
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix bug in ACME HTTP01 solver causing self-check to return true before paths have propagated
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix panic in ACME issuer setup
**What this PR does / why we need it**:
Fix a panic in the ACME issuer registration flow
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Closes#164
**Release note**:
```release-note
Fix panic if the secret named in an ACME issuer exists but contains invalid data (or no data)
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure ACME HTTP01 reachability test passes 5 times before issuing certificate
**What this PR does / why we need it**:
See #154 for details. Sometimes HTTP routes have not propagated yet when using a controller such as GCLB. This forces us to wait for 5 consecutive passes of the HTTP01 self-check before proceeding.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Closes#154
**Special notes for your reviewer**:
* This adds an extra 10s delay onto *any* HTTP01 validation
* The '5 tries' number is hardcoded into the HTTP01 solver
**Release note**:
```release-note
Ensure 5 consecutive HTTP01 self-checks to pass before issuing ACME certificate
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add cherry-pick-pull script to hack/
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/cc @simonswine
/assign
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure Present and CleanUp run in serial
**What this PR does / why we need it**:
Fixes a race in the ACME HTTP solver when using multiple domains.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Closes#153
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix race condition in ACME HTTP01 solver when validating multiple domains
```
Automatic merge from submit-queue.
Slim down main README, complete user guide list and change helm user …
**What this PR does / why we need it**: This PR slims down the main README and links out to further user guides and documentation. This allows users of cert-manager to find the information they are after more easily
