Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Secrets instead of replacing to preserve additional metadata
**What this PR does / why we need it**:
Previously we always overwrite the existing certificate if it already existed. Some users have requested a way to automatically create the target secrets using a helm chart, so that all artifacts can be cleaned up cleanly upon `helm delete`.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#192
**Release note**:
```release-note
Update existing secrets instead of replacing in order to preserve annotations/labels
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix panic in acme authorize function
**What this PR does / why we need it**:
Fixes a panic in the authorize() method of the acme issuer
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#206
**Release note**:
```release-note
Fix a bug in the ACME authorizer that would cause cert-manager to panic when certificate.spec.acme was not specified
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve validation of certificates. Fix bug in checking certificate validity
**What this PR does / why we need it**:
Improves the validation of dnsNames and commonNames on certificate resources.
Fixes a bug in checking certificate validity.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#176, fixes#175
**Release note**:
```release-note
Fix a bug in checking certificate validity and improve validation of dnsNames and commonName
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add basic validation to ACME issuer
**What this PR does / why we need it**:
Improves validation of existing certificate resources
**Release note**:
```release-note
Fix bugs when checking validity of certificate resources
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set TLS certificate secret type to TLS type
**What this PR does / why we need it**:
Set the Kubernetes secret type to TLS
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#133
**Release note**:
```release-note
Set the Kubernetes secret type to TLS.
Action required: this will cause renewals of existing certificates to fail. You **must** delete certificates that have been previously produced by cert-manager else cert-manager may enter a renewal loop when saving the new certificates. Alternatively, you may specify a new secret to store your certificate in and manually update your ingress resource/applications reference the secret.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Only ever create http01 solver service instead of also updating
**What this PR does / why we need it**:
Previously the ensureService function was written to update a service if it already exists. There should never be a case where the http01 solver needs to update an existing *service*, so this PR simplifies this functionality into a simple `createService` function.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Error if existing presented key and expected key do not match
**What this PR does / why we need it**:
A type in the HTTP01 solver caused it to not return an error if the key presented by the ingress and the expected key do not match.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#163
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix bug in ACME HTTP01 solver causing self-check to return true before paths have propagated
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure ACME HTTP01 reachability test passes 5 times before issuing certificate
**What this PR does / why we need it**:
See #154 for details. Sometimes HTTP routes have not propagated yet when using a controller such as GCLB. This forces us to wait for 5 consecutive passes of the HTTP01 self-check before proceeding.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Closes#154
**Special notes for your reviewer**:
* This adds an extra 10s delay onto *any* HTTP01 validation
* The '5 tries' number is hardcoded into the HTTP01 solver
**Release note**:
```release-note
Ensure 5 consecutive HTTP01 self-checks to pass before issuing ACME certificate
```
Build images whilst services are starting
Exit on setup boulder errors
Install nsenter
Don't build nsenter
Turn up e2e pod verbosity
Set pullPolicy IfNotPresent on HTTP challenge solver
Update Makefile and travis to run e2e tests
Add ubuntu-nsenter image
Fix typo in target name
Add image pull policy flag for e2e tests
Set config path env vars for e2e tests
