weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,450 Commits 45 Branches 0 Tags 96 MiB
78018402fe
Commit Graph

7450 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ashley Davis
78018402fe
bump base images to latest 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-01-27 15:15:09 +00:00
jetstack-bot
9f7a4053ab
Merge pull request #5746 from irbekrm/cainjector_remove_duplicate_cache 
Remove the double cache mechanism for cainjector
 2023-01-25 15:05:57 +00:00
jetstack-bot
57c790e368
Merge pull request #5748 from wallrj/revert-954eb0d 
Revert "automount service account tokens off by default"
 2023-01-24 18:04:08 +00:00
Richard Wall
24cbfc7ba8 Revert "automount service account tokens off by default" 
This reverts commit 954eb0d875.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-24 17:19:52 +00:00
Richard Wall
954eb0d875 automount service account tokens off by default 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-24 17:00:11 +00:00
irbekrm
3aba8ed32d Makes cainjector Certificate watch optional 
Configurable via a flag, true by default

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-24 13:52:45 +00:00
jetstack-bot
b048552bac
Merge pull request #5744 from cert-manager/cleanup_certificate_stuff 
Move and rename Certificate util functions
 2023-01-24 10:34:44 +00:00
jetstack-bot
be017fafa1
Merge pull request #5668 from waterfoul/volumes 
Added the ability to set volumes and volumeMounts to all pods  via helm
 2023-01-24 09:23:44 +00:00
Tim Ramlot
3978597320
Cleaning up a checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-24 09:50:56 +01:00
Aaron Aichlmayr
1d7e360ea4
Cleaning up a check 
Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Aaron Aichlmayr <waterfoul@gmail.com>
 2023-01-23 16:36:01 -06:00
irbekrm
4776597cb4 Remove the double cache mechanism for cainjector 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-23 17:38:46 +00:00
Tim Ramlot
191e7ca305
add (deprecated) stub functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-23 13:26:37 +01:00
Tim Ramlot
23de5240e9
move utility functions to reduce fragmentation and rename functions for consistency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-23 13:19:39 +01:00
jetstack-bot
1038ca4494
Merge pull request #4502 from ctrought/master 
support subject and email annotations for ingress/gateway
 2023-01-20 14:35:37 +00:00
ctrought
575e3155c2 fix: goimports 
Signed-off-by: ctrought <k8s@trought.ca>
 2023-01-19 14:57:10 -05:00
jetstack-bot
c08b337cf7
Merge pull request #5736 from irbekrm/webhook_solver_conformance_bugfix 
Webhook solver conformance bugfix
 2023-01-19 13:44:03 +00:00
irbekrm
438c79d4e3 Code review feedback: fix imports 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-19 12:05:56 +00:00
irbekrm
644a46c8fe Resets secrets lister in RFC2136 conformance tests 
The way the tests run (a new kube apiserver with a different client created for the same initialized solver) is not how this solver would actually run

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-18 17:43:34 +00:00
irbekrm
216b60e98b RFC2136 solver has an init option to reset secrets lister 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-18 17:41:51 +00:00
irbekrm
1834afaa00 A bunch of comments on webhook solver functionality 
With the goal of making folks working on these parts of code be aware that this is the one bit that will be imported in external projects

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-18 17:41:02 +00:00
jetstack-bot
d5125b55ce
Merge pull request #5722 from james-callahan/container-label 
Add org.opencontainers.image.source OCI label to containers
 2023-01-18 11:31:58 +00:00
jetstack-bot
ece47eb66f
Merge pull request #5724 from g-gaston/bump-keystore-go-4-4-1 
Bump keystore-go to v4.4.1
 2023-01-17 13:08:00 +00:00
jetstack-bot
a6e00a8623
Merge pull request #5711 from lucacome/bump-deps 
Bump dependencies
 2023-01-17 11:51:00 +00:00
Aaron Aichlmayr
b967232e7b
Fixed a few indents 
Signed-off-by: Aaron Aichlmayr <aaichlmayr@conquestcyber.com>
 2023-01-16 10:29:11 -06:00
Aaron Aichlmayr
0ce3553e7f
Adding the ability to set volumes and volumeMounts to all pods 
Signed-off-by: Aaron Aichlmayr <aaichlmayr@conquestcyber.com>
 2023-01-16 10:29:11 -06:00
jetstack-bot
3115953b02
Merge pull request #5614 from jkroepke/dns-extra-args 
helm: expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value
 2023-01-16 09:26:29 +00:00
Jan-Otto Kröpke
b952058775
[helm] expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2023-01-14 15:16:16 +01:00
Guillermo Gaston
7528760e65 Bump keystore-go to v4.4.1 
This version points to the same commit as v4.4.0, so there is no actual
code change. However, trying to build cert-manager with v4.4.0 errors
out due to a checksum mismatch. Bumping to the new tag solved the
issue.

Signed-off-by: Guillermo Gaston <gaslor@amazon.com>
 2023-01-13 20:39:30 +00:00
Luca Comellini
98ce5936ec
Update Helm and Kubebuilder 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-01-13 09:55:41 -08:00
Luca Comellini
7e5cd34341
Update Cloudflare ListDNSRecords 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-01-13 09:55:41 -08:00
Luca Comellini
85ca8e0444
Bump dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-01-13 09:55:27 -08:00
jetstack-bot
9b24e88471
Merge pull request #5723 from SgtCoDFish/bumpbase 
Bump base images to latest
 2023-01-13 11:35:38 +00:00
Ashley Davis
5f910ceba1
bump base images to latest 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-01-13 10:39:18 +00:00
James Callahan
33e9c030ea
Add org.opencontainers.image.source OCI label to containers 
A full list of pre-defined annotations is available at:
https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys

Signed-off-by: James Callahan <james@wavesquid.com>
 2023-01-13 18:28:24 +11:00
jetstack-bot
b99fdc32ab
Merge pull request #5720 from irbekrm/fix_helm_version_check 
Use fake kube apiserver version when generating helm template in cmctl x install
 2023-01-12 16:57:25 +00:00
irbekrm
53abc8cb2e Use fake kube apiserver version when generating helm template in cmctl x install 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-12 15:00:21 +00:00
jetstack-bot
4b0aa9d248
Merge pull request #5712 from yanggangtony/go-version 
Bump go to 1.19.5
 2023-01-11 10:13:12 +00:00
yanggang
44e8f9cb69
Bump go to 1.19.5 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-11 13:59:37 +08:00
jetstack-bot
44383b0130
Merge pull request #5706 from SgtCoDFish/bumpcontainerd 
Bump containerd to fix reported vuln
 2023-01-10 10:18:21 +00:00
Ashley Davis
8c4f6cda42
bump containerd to fix reported vuln 
note that cert-manager is not actually vulnerable to CVE-2022-23471
since the affected code is not used

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-01-09 18:47:38 +00:00
jetstack-bot
aa7fe1130c
Merge pull request #5660 from irbekrm/certificate_labels 
Ensures that certificate.spec.secretName and temporary private key Secrets are labelled
 2023-01-09 10:57:30 +00:00
jetstack-bot
7c175c5d80
Merge pull request #5693 from SgtCoDFish/extraarghs 
Move custom acmesolver image above extraArgs
 2023-01-09 09:37:30 +00:00
irbekrm
5e8fd7dc41 Policy check ensures that cert.sepc.secretName secret gets labelled 
Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 18:31:31 +00:00
irbekrm
213949a590 Keymanager controller ensures that temporary private key Secrets are labelled 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 18:30:34 +00:00
irbekrm
c7465fd921 Issuing controller ensures that cert.spec.secretName secrets are labelled 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 18:29:51 +00:00
irbekrm
767170d65f Adds a new label to cert-manager API 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 18:28:50 +00:00
jetstack-bot
248eff5bce
Merge pull request #5694 from irbekrm/fix_cainjector_namespace 
Fix cainjector's namespace flag
 2023-01-06 10:43:41 +00:00
irbekrm
ff80030737 Log error if CA source is in a namespace that is not in scope 
cainjector will still watch cluster-scoped resources such as CRDs, so it can get references to Secrets or Certificates in namespaces that are out of scope

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 10:09:36 +00:00
jetstack-bot
093610997e
Merge pull request #5691 from irbekrm/remove_redundant_secret_cache 
Ensures that only one secrets cache is created for cert-manager controller
 2023-01-06 09:36:50 +00:00
jetstack-bot
6f651193ec
Merge pull request #5692 from lucacome/bump-golang.org 
Bump golang.org/x/crypto and golang.org/x/oauth2
 2023-01-05 18:28:49 +00:00