1474 Commits

Author	SHA1	Message	Date
joshvanl	91e0a5ceca	TestManyPasswordLengths: pre-create password test cases outside of ... concurrent tests Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-07-21 09:30:28 +01:00
joshvanl	bbc6823163	When a CertificateSigningRequest using the SelfSigned issuer references ... a Secret which does not exist, return error, rather than marking the request as failed. Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-07-20 13:39:11 +01:00
jetstack-bot	5a4e7654d4	Merge pull request #5097 from lucacome/bump-k8s-deps ... Bump k8s.io dependencies	2022-07-04 14:44:45 +01:00
irbekrm	bcc691db08	Bump informerResyncPeriod ... As minimum resync period in client-go is 1s. Also makes sure that the tests don't sleep for 'too long'. Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-07-04 08:52:02 +01:00
jetstack-bot	5c6bc8fb4e	Merge pull request #5250 from irbekrm/remove_networking_beta ... Removes support for networking/v1beta1 Ingress	2022-07-01 16:52:38 +01:00
jetstack-bot	d15d2d51ec	Merge pull request #5199 from irbekrm/fix_keyrotation_warning ... Fix keyrotation warning	2022-06-30 14:14:03 +01:00
irbekrm	1d326af871	Runs ./hack/update-bazel.sh ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-06-30 10:20:40 +01:00
irbekrm	05a3133b34	Removes support for networking/v1beta1 Ingress ... As the lowest version of Kubernetes that we support now is v1.20 that serves v1 networking Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-06-30 09:24:59 +01:00
oGi4i	cb2cabb06f	Add private key Ingress annotations to set private key properties for Certificate ... Signed-off-by: oGi4i <das.ogi4i@gmail.com>	2022-06-28 17:45:08 +03:00
Ashley Davis	a40fdd64b5	Incease issuer and clusterissuer controller timeouts ... This follows ideas presented in https://github.com/cert-manager/cert-manager/pull/5214 It might be nice to add these big timeouts globally to all controllers but we're intentionally keeping these changes small and targeted for now in order to minimise the risk when backporting these changes. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-06-22 11:35:00 +01:00
Joost Buskermolen	40bda26e8b	Set static (Cluster)Issuers timeout to 90 seconds ... Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>	2022-06-22 11:16:37 +01:00
Rodrigo Fior Kuntzer	afeb543c3c	CertificateRequests controllers must wait for the core secrets informer to be synced ... Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>	2022-06-22 07:21:32 +02:00
oGi4i	3148b17fa5	Add revision history limit Ingress annotation to set field on the Certificate ... Signed-off-by: oGi4i <das.ogi4i@gmail.com>	2022-06-21 15:12:09 +03:00
irbekrm	bb124a0f61	Corrects the cert.spec.privateKey path in logs ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-06-09 15:30:08 +01:00
irbekrm	ede76c3c25	Clarifies the warning if private key cannot be regenerated, but spec has changed ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-06-09 14:41:35 +01:00
Alessandro Vermeulen	1da01211ee	Feature gated support for using literal subjects in Certificates ... Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>	2022-06-08 20:50:00 +02:00
irbekrm	df3bb59af5	Ensure that Venafi client for CSRs gets initialized with metrics ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-05-16 17:23:33 +01:00
Richard Wall	1ade01f819	Addressed code review feedback and simplified the unit-tests ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-05-14 14:24:13 +01:00
Richard Wall	557d14a0cd	Refactor the update and updateStatus to a single deferred function ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-05-12 16:51:30 +01:00
jetstack-bot	4ec33298a2	Merge pull request #5081 from wallrj/3640-cleanup ... Challenge cleanup improvements	2022-05-05 11:19:28 +01:00
Irbe Krumina	1d917ef311	Revert "Use Apply instead of Update to modify resources in tests" ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-05-03 11:31:47 +01:00
Richard Wall	6a4fffbedc	Test that the cleanup is performed ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-04-29 17:51:34 +01:00
Richard Wall	5f867bff37	Use a more reliable check for deletion ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-04-29 16:49:23 +01:00
jetstack-bot	eb76f331ad	Merge pull request #5077 from irbekrm/tests_apply ... Use Apply instead of Update to modify resources in tests	2022-04-29 13:23:00 +01:00
jetstack-bot	31d0c3ab41	Merge pull request #5051 from wallrj/3640-set-and-consume-challenge-finalizer-in-one-place ... Set the challenge cleanup finalizer in the Sync function	2022-04-28 15:43:24 +01:00
irbekrm	54a487f1fb	certificates.Apply returns the patched certificate ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-28 14:41:22 +01:00
irbekrm	591fb3cfc9	Code review feedback ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-28 10:12:16 +01:00
Richard Wall	ee8c1cf738	Remove finalizer duties from the scheduling function and update and expand the tests ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-04-27 10:34:22 +01:00
Richard Wall	dd4fe97928	Set the finalizer as part of the Challenge Sync function ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2022-04-27 10:34:22 +01:00
irbekrm	cb0c8ba3e3	Log Venafi API calls ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-20 10:32:02 +01:00
irbekrm	99edfcfbfc	Adds Venafi metrics ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-20 08:48:41 +01:00
lonelyCZ	53d8a07397	Add a unit test for challenges reScheduler ... Signed-off-by: lonelyCZ <531187475@qq.com>	2022-04-08 14:35:41 +08:00
lonelyCZ	57a6d931a1	Fix the error is reported to null when it happens ... Signed-off-by: lonelyCZ <531187475@qq.com>	2022-04-07 16:10:14 +08:00
irbekrm	0f74fc10fb	Removes unnecesary check for finalizer diff in challenge sync ... No changes are made to finalizers in this function Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-01 11:53:44 +01:00
irbekrm	9a9ca2006a	Adds a challenge finalizer in challenges controller ... This was previously applied in orders controller, which was causing issues when trying to remove it in challenges controller via server side apply Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-01 11:53:44 +01:00
joshvanl	82c068f0fd	Updates ACME challenge controllers to use apply ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-04-01 11:53:44 +01:00
jetstack-bot	e2266d7a8b	Merge pull request #4987 from wikimedia/issue-4956 ... Add controller_requeue_count metric	2022-03-29 19:53:53 +01:00
jayme-github	63e3b7a0a8	Add controller_sync_error_count metric ... Introducing a new metric controller_sync_error_count counting the number of errors during sync() of a controller. This adds more visibility to potential issues ranging from things like connection problems to the API or webhooks to possible hard errors. For context, please see #4956 Signed-off-by: Janis Meybohm <jmeybohm@wikimedia.org>	2022-03-29 16:02:49 +02:00
joshvanl	6ee59fb9e8	Wires up new post issuance checks for issuing controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-29 13:54:27 +01:00
jetstack-bot	bfcc204c2b	Merge pull request #4811 from JoshVanL/controllers-server-side-apply-certificates-shim ... Server Side Apply: Adds support for certificate-shim controllers to use SSA with Feature Gate	2022-03-28 14:33:31 +01:00
jetstack-bot	e116d416f3	Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders ... Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate	2022-03-28 13:11:31 +01:00
joshvanl	c1c2d2d081	Add roundtrip test to Certificate serializing. Add field manager to ... certificates-shim Create API call Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-28 12:40:29 +01:00
joshvanl	9d0b2590a8	Optionally Apply certificates, instead of update, in certificate-shim ... when Server-Side apply is enabled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-28 12:40:28 +01:00
irbekrm	2656cc18c3	Fix test failures ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-23 09:57:34 +00:00
irbekrm	09d8cb9cf8	Adds some more test cases ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-23 09:20:21 +00:00
irbekrm	661abb133f	Set CSR as failed if annotation duration is not a valid time ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 18:04:21 +00:00
irbekrm	d384aef754	Enforce minimum value of experimental.cert-manager.io/request-duration to 600s ... To ensure compatibility with CSR's spec.expirationSeconds Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 18:04:21 +00:00
irbekrm	a5ed48a324	Adds a unit test for certificatesigningrequests sync function ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 15:09:33 +00:00
irbekrm	cec0a6cde8	Use client-go scheme with core types added as event recorder scheme ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-22 09:47:46 +00:00
jetstack-bot	ca32961253	Merge pull request #4772 from irbekrm/exp_backoff ... Exponential backoff for retrying failed certificate issuances	2022-03-21 20:31:23 +00:00
Monis Khan	2a33c7a5c2	Use Kubernetes CSR spec.expirationSeconds to express cert duration ... This change adds the ability to express certificate duration using the Kubernetes CSR spec.expirationSeconds field alongside the existing approach of using the experimental.cert-manager.io/request-duration annotation. Both approaches are supported as the expirationSeconds field requires Kubernetes v1.22+. Signed-off-by: Monis Khan <mok@vmware.com>	2022-03-21 09:40:32 -04:00
irbekrm	dbad3d98f3	Rename issuanceAttempts -> failedIssuanceAttempts ... In an attempt to convey the meaning of the field better Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	4c901aefab	Code review comments ... Adds test conditions to certs via patch API call instead of update to avoid conflicts Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	739c3298e8	Trigger controller backs off from issuance with an exponential backoff ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	9824ab0949	certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed ... This field tracks the number of continuous failures and is used to implement exponential backoff Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
Jake Sanders	09bbd541ef	update gateway-shim controller unit tests ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2022-03-01 15:05:21 +00:00
Jake Sanders	457fa3ca2c	Fix unit tests for Gateways ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2022-03-01 15:05:20 +00:00
Jake Sanders	c08f46711a	Add contour, weed out some more references to v1alpha1 ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2022-03-01 15:05:19 +00:00
Joakim Ahrlin	eb64e6494c	update deps and BUILD files ... Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>	2022-03-01 15:05:18 +00:00
Jake Sanders	c96d91d586	Update the sig-network Gateway API support to v1alpha2 ... Co-authored-by: Joakim Ahrlin <joakim.ahrlin@gmail.com> Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2022-03-01 15:05:17 +00:00
joshvanl	944f9d4103	Change controller context rate limiter test to ensure they are the same ... pointer Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-22 09:15:10 +00:00
joshvanl	810820f914	Remove duplicate fieldManager variable ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-16 11:59:24 +00:00
jetstack-bot	10c5d72279	Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests ... Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate	2022-02-16 10:57:37 +00:00
joshvanl	e5a30240e7	Set field manager string to acmeorders controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-16 10:33:48 +00:00
joshvanl	8fd5641305	Set FieldManager in Create Orders API calls ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-16 10:33:48 +00:00
joshvanl	0802489f4e	Updates Order controller to support apply call when feature gate it ... enabled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-16 10:33:48 +00:00
jetstack-bot	56d9423744	Merge pull request #4798 from JoshVanL/controllers-server-side-apply-certificatesigningrequests ... Server Side Apply: Adds support for CertificateSigningRequest controllers to use SSA with Feature Gate	2022-02-16 10:20:37 +00:00
jetstack-bot	12a2148df3	Merge pull request #4794 from JoshVanL/controllers-server-side-apply-issuers ... Server Side Apply: Adds support for [Cluster]Issuer controller to use SSA with Feature Gate	2022-02-11 19:37:01 +00:00
joshvanl	085b2bf34b	Updates issuer and cluster issuer controllers to optionally user server ... side apply Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:26:56 +00:00
joshvanl	da67eb2b65	Adds explicit field manager to requestsmanager controller Create call ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:22:33 +00:00
joshvanl	38ce8b3bcf	Always user Create operation when creating new CertificateRequest ... object Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:22:33 +00:00
joshvanl	b2cc1b38cb	Use optional apply for requestmanager ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:22:04 +00:00
joshvanl	99fd5f3412	Use optional Apply and Apply status to CertificateRequests ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:22:04 +00:00
joshvanl	4dc6c957d4	Adds review comments ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:15:57 +00:00
joshvanl	37775615ff	Use ApplyStatus in all Certificates controllers. When ServerSideApply ... enabled, set Issuing condition to False instead of removing it Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:15:57 +00:00
joshvanl	bdb4954c25	Adds updateOrApply to certificates controllers to optionally Apply ... certificate based on feature gate Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:14:31 +00:00
joshvanl	9ca869c2cf	Add tests to secret manager for additional output formats ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-07 14:41:45 +00:00
joshvanl	57c33446bc	Change import paths jetstack/cert-manager -> ... `cert-manager/cert-manager` Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-07 14:23:29 +00:00
joshvanl	b426b5acf7	Use UpdateOrApplyStatus in CertificateSigningRequest controllers ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-07 14:18:14 +00:00
joshvanl	565b639ba7	Adds UpdateOrApplyStatus to CSR controllers ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-07 14:18:14 +00:00
jetstack-bot	b1180c59ad	Merge pull request #4587 from SgtCoDFish/bigrename ... Rename import path	2022-02-03 11:56:12 +00:00
Ashley Davis	b084e5804c	fix violations of our coding conventions on import ordering ... this is exposed by the rename when cert-manager internal imports are mixed in with external imports Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-02 11:53:39 +00:00
Ashley Davis	3a055cc2f5	rename all uses of github.com/jetstack/cert-manager ... This was done by running the following command twice: ```bash grep -Ri "github.com/jetstack/cert-manager" . | \ cut -d":" -f1 | \ sort | \ uniq | \ xargs sed -i "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/" ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-02 09:08:31 +00:00
joshvanl	c737c3d9c6	Update secret manager test to no longer expect a non-force apply ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-01 18:04:42 +00:00
joshvanl	e5e3cf1fa2	Always Force apply in issuing controller's secret manager ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-01 17:57:22 +00:00
joshvanl	4445f85d62	Update bazel deps ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-31 13:44:43 +00:00
joshvanl	364c02d36e	Ensure RateLimiter is preserved across all built Contexts ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-31 13:38:45 +00:00
joshvanl	834e6bcb04	Set RESTConfig burst and QPS inside context factory so all clients ... inherit these values Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-31 11:34:09 +00:00
joshvanl	fb6e0b9f00	Pass FieldManager down to issuing controller->secrets manager ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 13:56:29 +00:00
joshvanl	d89c3e71dc	Update rest of controllers with ControllerFactory ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
joshvanl	fb391a26e5	Update CertificateSigningRequest controller to use new ContextFactory ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
joshvanl	bd18c0ed86	Update CertificateRequest controllers to use new controller factory ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
joshvanl	c66591cf37	Update certificate controllers with new controller builder ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:48 +00:00
joshvanl	52a6ae2198	Adds ContextFactory to controller package. Changes controller builder to ... use ContextFactory Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:50:12 +00:00
joshvanl	38b7b930c8	Add tests from rebase and more policies under ... /internal/controller/certificates Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:31:05 +00:00
joshvanl	3b148347ad	Move temporary certificate policy init into policy package ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	a53987214f	Move certificates controller policies under /internal/controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	f1cafae95f	Refactor trigger policies to be more generic and be used by multiple ... controllers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	655dbfec51	Update certificates controller secrets manager since feature gate is ... removed Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	bdc310adeb	Update certificates secret manager to Apply managed fields when the ... apply feature is enabled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	d8548215dd	Update secret manager to include additional output formats ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
jetstack-bot	051a763ee5	Merge pull request #4638 from JoshVanL/controllers-certificates-secret-template ... SecretTemplate reconciliation. SecretManager Apply	2022-01-18 13:28:57 +00:00
jetstack-bot	e2aede44c7	Merge pull request #4731 from DiptoChakrabarty/lint ... add go linters fixes within codebase	2022-01-18 12:52:57 +00:00
DiptoChakrabarty	ba9dccb26d	fix comments in consts ... Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>	2022-01-18 10:04:58 +05:30
joshvanl	419ff43312	Add more context to SecretCertificateAnnotations ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 15:15:39 +00:00
joshvanl	ee3cc828a9	Ensure the SecretTemplate matching is aware of the base annotations set ... on the Secret Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:41:24 +00:00
joshvanl	38084fb719	Update secret manager to include additional output formats ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:40:12 +00:00
joshvanl	b6e499a317	Fix comment and add comment about forcing apply ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	196d0011ca	Remove SecretTemplate controller and move logic into issuing controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	64d78c6e10	Update certificates controller with new secret manager signatures and ... tests Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	c5f101525c	Update certificates controller secrets manager since feature gate is ... removed Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	7a4be1edfd	Copy across an existing secret type in secrets manager since that field ... is immutable. Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	a56b6a8596	Fix CA injector test to only create a Secret of type kubernetes.io/tls ... since that field is immutable, and shouldn't change from Opaque Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	95ee9ee031	Force apply secrets manager if a field has a conflict with the owner ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	5660b80888	Gix golang references to feature gate package ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	d6fb5138f2	Re-add crd-certificates.yaml ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	af360ee9b3	Fix some test func names and some comments. Replaces DeDuplicate in ... SecretTemplate controller to use sets.Strings. Removes DeDuplicate func Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	ebc4cba48c	Make secretsmanager if statement blocks prettier ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	54c00afb13	Fix comments in secretsmanager ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	957bc0a081	Create InitWithRESTConfig() in controller test context builder to not ... change existing Init() consumers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	760254848b	Make RestConfig nil in acmechallenges sync_test.go ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	8b501d7d54	Also don't reconcile Certificates in SecretTemplate controller if ... Issuing=True Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	1319f2a5fb	Adds the certificates SecretTemplate controller to reconcile ready ... Certificate's Secrets on SecretTemplate changes Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	de4522d883	Update certificates secret manager to Apply managed fields when the ... apply feature is enabled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	685dd79c0c	Makes some minor API naming changes, and clears up some docs around the ... Certifcate's additional output formats. Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-14 20:00:26 +00:00
Thierry Sallé	7f8641dd94	[additionalOutputFormats] Update comments and add more tests ... Signed-off-by: Thierry Sallé <seuf76@gmail.com>	2022-01-14 11:10:32 +01:00
Thierry	81f308221b	Add certifcate additionalOutputFormats parameter ... DER Format to create key.der binary format of the private key. CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt. Added Unit and e2e tests for secret with Additional output format. Feature flag AdditionalCertificateOutputFormats to enable feature. Signed-off-by: Thierry Sallé <seuf76@gmail.com>	2022-01-14 11:10:32 +01:00
DiptoChakrabarty	e7c75832af	few more fixes ... Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>	2022-01-13 19:47:11 +05:30
jetstack-bot	778be75841	Merge pull request #4697 from irbekrm/valid_orders_update ... Don't fail an order that has been finalized, but the status has not been synced to Order CR	2022-01-12 08:10:03 +00:00
irbekrm	e7cc37ef71	Code review feedback ... Signed-off-by: irbekrm <irbekrm@gmail.com> Co-authored-by: Maël Valais <mael@vls.dev>	2022-01-11 18:09:44 +00:00
jetstack-bot	fa321b6a4b	Merge pull request #4287 from linka-cloud/acme-http-challenge-cutomer-dns ... Acme http challenge custom dns	2022-01-11 11:24:03 +00:00
irbekrm	24866544b8	Ensures that if alternate cert chain is specified, it is retrieved ... Ensures that if the cert is retrieved in a reconcile following the one that finalized the ACME order, the alternate cert chain is still respected, if specified by user Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-01-11 10:51:14 +00:00
irbekrm	de8aa2583e	Ensures that ACME orders controller does not create new order if it failed to update old order's status to valid ... Check the status of the ACME order if finalizing order failed to catch edge cases where the order is already finalized, but the updating of Order CR's status has failed Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-01-11 10:51:14 +00:00
jetstack-bot	2e465fbf34	Merge pull request #4628 from irbekrm/sync_cleanup ... Order sync cleanup	2022-01-10 20:27:04 +00:00
James Munnelly	9c04a04c7c	Move feature package into internal/controller ... Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-07 12:17:36 +00:00
Adphi	3375fa0609	http01: add custom nameservers support (#4286) ... Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>	2022-01-06 21:02:46 +01:00
jetstack-bot	019d64edcf	Merge pull request #4688 from irbekrm/renew_failed ... Fixes a bug where a previous failed CertificateRequest was picked up during next issuance	2022-01-04 15:08:31 +00:00
irbekrm	0a4617e582	Fix staticcheck error ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-01-04 10:11:04 +00:00
irbekrm	fac6622f5e	Delete CertificateRequest that failed during previous issuance if we are re-issuing for the same revision ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-12-22 14:54:55 +00:00
irbekrm	ff67b2a9a0	Ignore failed CRs for previous issuance in certificates-issuing controller ... Issuing controller should only look at 'current' CertificateRequests Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-12-22 14:51:25 +00:00
James Munnelly	81f22fd49c	Upgrade k8s.io dependencies to v0.23.1 ... Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-12-17 16:27:47 +00:00
joshvanl	d5503c2ed2	Change certificates controller to no longer error for a Certificate that ... no longer exists Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-11-30 15:13:14 +00:00
irbekrm	e48846132b	Add a couple new test cases for order finalization ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-26 16:32:02 +00:00
irbekrm	4aee0a4acd	Reduce a few calls to ACME server ... Ensure that when updating cert-manager Order CR's status from an existing ACME Order only one call will be made to retrieve the ACME Order Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-26 16:31:27 +00:00
irbekrm	e66c6a04d4	Fixes a typo in finalizeOrders ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-26 16:30:25 +00:00
irbekrm	7739497f22	Don't process Order CRs that have failed ... Ensure that cert-manager does not attempt to create new ACME Orders for cert-manager Order CRs that are in failed (errored, invalid or expired) state. If the CertificateRequest was created from a Certificate, the issuance will be retried after 1 hour Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-23 15:34:35 +00:00
Krzysztof Ostrowski	e35cb361c8	add comments to satisfy linter ... Signed-off-by: Krzysztof Ostrowski <kostrows@redhat.com> Co-authored-by: Irbe Krumina <irbekrm@gmail.com>	2021-11-04 18:15:46 +01:00
Igor Zibarev	f9ceb8a73e	Fix some lint issues regarding comments ... References issue #4457 Signed-off-by: Igor Zibarev <zibarev.i@gmail.com>	2021-11-02 13:57:20 +03:00
Jake Sanders	486fc49545	Add fuzzing unit tests for JKS passwords ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-10-29 15:12:51 +01:00
James Munnelly	e7dea9f2a2	Replace all references to pkg/internal with internal ... Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-10-21 12:27:04 +01:00
irbekrm	598ed35e4a	Uses go/crypto ListCertAlternates function to fetch alternative certificate chains ... This allows us to use upstream go/crypto again instead of our own fork Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-10-07 15:21:26 +01:00
Richard Wall	5d91f0a3c4	Fix flaky test by using EqualUnsorted to compare Events ... Supplants https://github.com/jetstack/cert-manager/pull/4297 Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-10-01 12:41:15 +01:00
irbekrm	7e9753c92e	Fix CertificateRequest test ... In Go 1.17 x509.CreateCertificate fails if public key doesn't match private key https://golang.org/doc/go1.17 Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-09-30 10:08:40 +01:00
joshvanl	f21a947523	Adds comment as to why the GetAuthorization is called instead of ... GetChallenge Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-09-16 14:44:38 +01:00
joshvanl	f83f02cc8b	Replace GetChallenge call in acmechallenge controller to ... GetAuthorization Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-09-15 16:05:37 +01:00
George Moldoveanu	b94b678f6d	reinstated keystore.go comment ... Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-10 13:33:46 +01:00
George Moldoveanu	563aeb1789	fixed keystore.go and keystore_test.go modules imports ... Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-10 13:28:45 +01:00
George Moldoveanu	0463681244	updates go deps and bazel files ... Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-02 23:45:11 +01:00
George Moldoveanu	d0151f7175	fixed TestEncodeJKSKeystore tests to work with upgraded keystore-go api (v4) ... Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-02 23:33:45 +01:00
George Moldoveanu	155e90d175	upgraded keystore-go to v4 and fixed code to use v4 api ... Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-02 23:24:06 +01:00
jetstack-bot	e5cc0be04b	Merge pull request #4399 from irbekrm/fix_renewal_issue ... Fix renewalTime skew issue	2021-08-23 16:36:50 +01:00
irbekrm	ec1bdc4983	Adds a test case for renewal time skew and a comment ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-08-23 15:00:57 +01:00
Eng Zer Jun	54e70d2cc4	refactor: move from io/ioutil to io and os package ... The io/ioutil package has been deprecated in Go 1.16. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2021-08-23 19:50:42 +08:00
irbekrm	50e90dfe6e	Fix renewalTime skew issue ... Ensure the time returned by RenewalTime function is the same time as that which will be read from Certificate's status Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-08-20 17:57:35 +01:00
Ashley Davis	68f5ceb3b4	Fix manually specified Certificate and CertificateRequest versions ... Basically all modern X.509 certs are version 3, but confusingly to specify "version 3" in an encoded cert, the version number is actually 2. For PKCS#10 CSRs, the only valid version is 1, which again confusingly has the value "0" when encoded. This was incorrect in many places, including one place in which the version number on a CSR was used as a certificate's version number, when the two are entirely unrelated. Go ignores these values, so there's no functional changes here; still, it's better to be accurate. Go ignoring CSR version and specifying 0: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958 Go ignoring Certificate version and specifying 2: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534 PKCS#10 CSR specification in RFC 2986 section 4.1: https://datatracker.ietf.org/doc/html/rfc2986#section-4 X.509 Cert specification in RFC 5280 section 4.1.2.1: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-08-19 14:48:12 +01:00
irbekrm	904d4e3c15	Don't error if owner not found in cache ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-08-17 08:31:49 +01:00
jetstack-bot	d647e543e3	Merge pull request #4276 from jakexks/gateway-http01 ... Experimental Gateway API support for ACME HTTP-01 Solving	2021-08-03 18:51:49 +01:00
jetstack-bot	be8079b504	Merge pull request #4293 from maelvls/fix-nil-pointer ... Nil pointer exception: certificateRef and TLS can now be left empty	2021-08-03 16:04:49 +01:00
Maël Valais	30af205777	nil pointer: the Gateway API is full of pointers ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-08-03 15:43:16 +02:00
Jonathan Prates	50bb91a032	feat: update object description explaning the current behaviour ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 09:26:23 +01:00
Jonathan Prates	12363f91e2	fix: move secretTemplate validations to validation package ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	6e8f74b4f8	tests: add Labels map to the expected secret ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	e1034c219e	feat: add validation for annotations and labels ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	c5e81b13f6	fix: labels cannot be shown if no labels were changed ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	811069cac7	fix: do not create secret labels if template is empty ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	936ad33539	fix: ensure secret annotations and labels will be copied if updated in the cert ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	47bc03e7c4	feat: add support to secretTemplates ... Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jake Sanders	deb9ccc5a9	HTTP01 solver support for the Gateway API ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:16 +01:00
Maël Valais	e4f981da66	Revert "memory leak: clean up scheduler goroutine on cert deletion" ... This reverts commit 641960b6. The reason we decided to revert this is that we are unsure about the implications of adding the scheduledWorkQueue.Forget call. The new Forget call is left untested, and it makes us nervous not to know exactly if it works as intended. The "Forget" memory leak that we are reverting now is the cause of a tiny fraction of the overall memory leakage that was fixed in the PR in the scheduler itself. Reverting this means that some goroutines will be leaked, but only when a Certificate gets removed and never recreated with the same name. Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-28 19:19:39 +02:00
jetstack-bot	d062176777	Merge pull request #4243 from inteon/improved_go_routines ... Cleanup goroutine management	2021-07-28 15:36:41 +01:00
Inteon	d867fcc44d	remove unnecessary wait.Until ... Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-27 21:43:54 +02:00
jetstack-bot	3b50d78ae4	Merge pull request #4225 from jakexks/ingressv1 ... Feature: Support both v1 and v1beta1 ingresses.	2021-07-27 20:11:37 +01:00
irbekrm	2ddf6fe637	Allows for annotations passed from CSR to Order to be filtered ... Using the value from copied-annotation-prefixes flag, where by default kubectl, fluxcd, argocd annotations are excluded Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-27 10:55:09 +01:00
Jake Sanders	83857fdc03	Remove stray reference to v1beta1 Ingress ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-07-26 20:29:35 +01:00
Irbe Krumina	3834a8fc0a	Code review feedback ... Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io> Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:37 +01:00
irbekrm	143c5ce38d	Adds a test for copying the annotations from Certificate ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:24 +01:00
irbekrm	ddf7e130b7	Allow users to specify which annotations should be copied from Certificate to CertificateRequest ... Default to all being copied except for kubectl, fluxcd, argocd annotations Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:10 +01:00
Jake Sanders	87bf05601f	Update pkg/controller/test/context_builder.go ... Signed-off-by: Jake Sanders <i@am.so-aweso.me> Co-authored-by: Maël Valais <mael@vls.dev>	2021-07-26 18:29:56 +01:00
Jake Sanders	67c6586161	Addressing code review comments in #4225 ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-07-26 18:29:54 +01:00
Jake Sanders	b2278f8642	nit: imports ... Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-07-26 18:29:48 +01:00
Jake Sanders	0d93b93fc5	Feature: Support both v1 and v1beta1 ingresses. ... Kubernetes is removing support for the v1beta1 Ingress type in 1.22: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/#api-changes However, we still wish to support k8s v1.16 until mid 2022 when Openshift 3 becomes out of support. cert-manager will now use v1 Ingress if available by using the discovery API. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-07-26 18:29:42 +01:00
jetstack-bot	ceb9fdf6ac	Merge pull request #4231 from maelvls/fix-concurrent-read-write ... Data race: fix concurrent read and write of secret annotations and certificaterequests	2021-07-26 13:34:12 +01:00
jetstack-bot	218408a741	Merge pull request #4112 from JoshVanL/certificate-signing-request=acme ... CertificateSigningRequest ACME Controller	2021-07-26 11:51:12 +01:00
jetstack-bot	1021b58286	Merge pull request #4233 from maelvls/goroutine-leak ... Memory leak: fix the scheduler's goroutine leakage	2021-07-23 20:34:19 +01:00
joshvanl	247807162f	Expect event fired when ACME CSR request is not yet approved ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:34:21 +01:00
joshvanl	a81ba4fcb3	Change test name to make it clear it is not a duplicate ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:10:35 +01:00
joshvanl	e18e29ea45	Adds unit tests for CertificateSigningRequest ACME handle owner ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	9e322a4033	Removes old comment which is no longer relevant ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	b84e3edcc9	Review comments ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	bec5d5be32	Remove CA annotation from ACME CertificateSigningRequest controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
joshvanl	43f002b0f0	Adds CertificateSigningRequest ACME controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-23 16:00:09 +01:00
Maël Valais	641960b666	memory leak: clean up scheduler goroutine on certificate deletion ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-23 16:57:10 +02:00
Inteon	81e216eeba	wait for goroutines to end before exiting ... Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-23 15:30:26 +02:00
Inteon	81aa09cd88	call WaitGroup.Done() at the right time ... Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-23 15:30:02 +02:00
Maël Valais	af9a1e434f	data race: fix certificate requests in cache being mutated ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-20 19:50:26 +02:00
Maël Valais	a96dc55e1e	data race: fix concurrent read and write of secret annotations ... This bug can be reproduced using "go run -race" and by creating many Certificates and renewing them continuously. With 5000 Certificate objects, a data race is found in less than a minute. Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-20 19:50:26 +02:00
joshvanl	37dbf770da	Fire event when CertificateSigningRequest hasn't been signed yet ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-20 10:39:27 +01:00
joshvanl	a1a953f40f	More comments ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 19:29:40 +01:00
joshvanl	0fdd52e603	Adds comments to some func's and changes return err names to be more ... clear Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	0116bf18bd	Changed Venafi CSR request "the request will be retried" -> "waiting" ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	6e57e1093f	Adds comment about what the pickup ID is in the CSR controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	e0fc320d41	Remove CA annotation being set on Venafi CertificateSigningRequest ... controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	c4914f7103	Adds venafi CertificateSigningRequest controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
Maël Valais	368c7659ee	gateway-shim: test: two different secrets create two Certificates ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:47 +02:00
Maël Valais	f77954e5e3	gateway-shim: document issuerForIngressLike and translateAnnotations ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:41 +02:00
Maël Valais	30f9c123d3	gateway-shim: add the gateway-shim controller ... Note that the gateway-shim is only half the work for supporting the Gateway API in cert-manager. The other half is the HTTP01 solver support, which is still worked on. The Gateway API in cert-manager is releases as an experimental feature and needs to be enabled manually with the following flag: --controllers=*,gateway-shim All the annotations supported by ingress-shim are also supported by gateway-shim, with some exceptions: "acme.cert-manager.io/http01-ingress-class" This annotation is not supported on the Gateway resource. Although the Gateway resource also has a "gatewayClass" field, we will need to add another field instead of "ingress-class" to avoid confusion with the ingress-shim. "acme.cert-manager.io/http01-edit-in-place" This annotation is not supported because it is specific to some ingress controllers like ingress-gce. "kubernetes.io/tls-acme" This annotation is not supported because it is a behavior inherited from kube-lego and we chose not to keep this behavior with the Gateway API. Unlike the ingress-shim, you can reuse the same Secret name in multiple TLS configurations on the same Gateway resource. The ingress-shim now shows the exact location of the duplicate secretName when the user gives the same secretName in two separate TLS blocks. Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Jake Sanders <i@am.so-aweso.me>	2021-07-15 20:34:55 +02:00
Maël Valais	b13b751d63	PR review with Irbe: re-queue Ingress on "Update" and "Add" of certs ... Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Irbe Krumina <irbekrm@gmail.com>	2021-07-13 19:06:10 +02:00
Maël Valais	e12173b4c2	ingress-shim: unit-test certificateDeleted, only call on deletion ... The func certificateDeleted was being called on every possible event (deleted, created, updated). Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:30:01 +02:00
Maël Valais	59051432e3	ingress-shim: remove unused issuer and clusterissuer listers ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:58 +02:00
Maël Valais	c119b64fdf	ingress-shim: I was syncing on Issuers instead of Ingresses ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:50 +02:00
Maël Valais	30ad33784d	ingress-shim: remove unecessary/verbose comment ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 18:27:08 +02:00
Maël Valais	1cb39d1efe	ingress-shim: remove duplicate line ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:43:01 +02:00
Maël Valais	0b12a5cf5f	ingress-shim: explain why the owner ref does not have a namespace ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:42:48 +02:00
Maël Valais	75b9bd6598	ingress-shim: untangle logic for "looking for cert owners" ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-07 13:27:30 +02:00
Maël Valais	26b074241a	issuing controller test: check w.Register error ... Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>	2021-07-06 12:51:01 +02:00
Maël Valais	37bee71d68	static analysis party: fix errcheck warnings ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	98bf0b6478	DataForCertificate: explain what the "current" and "next" CRs are used for ... Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-05 13:32:32 +02:00
joshvanl	2c217f0377	Remove CA field from Vault CertificateSigningRequest controllers ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:50:33 +01:00
joshvanl	d0e7ccd805	Update some CSR comments ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	f5b609e446	Adds Vault CertificateSigningRequest Issuer controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 09:11:43 +01:00
joshvanl	7e8bf731b2	Remove the experimental.cert-manager.io/ca annotation from the ... CertificateSigningRequest Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-25 16:02:37 +01:00
irbekrm	fd61e1ccc7	Delete 'next' CertificateRequests that failed in last issuance cycle ... So that the issuance is retried Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 07:28:06 +01:00
irbekrm	feb62b1fe5	Make the back off period const public ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:37:07 +01:00
irbekrm	428c280f76	Pass clock to request manager controller ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:36:26 +01:00
jetstack-bot	fbd2a6d06a	Merge pull request #4105 from kit837/add-clock-time-seconds ... Add clock_time_seconds metric	2021-06-15 21:00:53 +01:00
kit837	0f97e6d19d	pass in clock.Clock for better test ... Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>	2021-06-15 17:48:20 +00:00
jetstack-bot	02d90248de	Merge pull request #4079 from annerajb/support-ed25519 ... support-ed25519	2021-06-15 16:17:53 +01:00
jetstack-bot	91540b14a2	Merge pull request #4100 from JoshVanL/certificate-signing-request-selfsigned ... CertificateSigningRequest selfsigned controller	2021-06-15 12:36:39 +01:00
joshvanl	19f94c877d	Remove references to CA private key from SelfSigned CSR controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-15 12:13:52 +01:00
Anner J. Bonilla	9546a357a5	Add support for certificates with ed25519 private keys ... Note that using ed25519 on the public internet is not currently recommended, since it's not widely supported. You'd likely not be able to use an Ed25519 cert with an ACME issuer today. Ed25519 certs might be useful for internal PKI, though - an ed25519 CA issuer, say - or for testing ed25519 certs before they become more widely available on the public internet. They're not currently supported by Vault, Venafi or ACME (Letsencrypt) issuers. Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com> Signed-off-by: Anner J. Bonilla <annerjb@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-06-14 11:17:35 +01:00
joshvanl	d5007c2e37	Adds the CertificateSigningRequest selfsigned controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-14 10:18:54 +01:00
irbekrm	e6b748047d	Remove the default renewBefore value ... Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-11 10:03:12 +01:00
joshvanl	abdd1f54fa	Fix CA CertificateSigningRequest controller to return potential error ... from updating failed status Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-07 17:48:49 +01:00
joshvanl	d4fd4f9acc	Move determining Issuer resource Kind into CSR/util ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-07 15:27:43 +01:00
joshvanl	1678d0833e	Reverts ACME issuer from forming a chain bundle and populating the ... ca.crt Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-02 12:21:50 +01:00
joshvanl	36bd7a459c	Changes CSR util signername to use if statements rather than switch ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-28 10:34:43 +01:00
joshvanl	acc5431f1b	Fix signernames to allow clusterissuers with dots in name ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-28 10:13:00 +01:00
joshvanl	9e1b0342d0	Updates with review comments ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 18:48:50 +01:00
joshvanl	e014b6655d	Use ca.crt with the CertificateSigningRequest CA controller ... Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 10:49:21 +01:00
joshvanl	62dee4783e	Adds CertificateSigningRequest CA Issuer controller as optional ... controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:32:24 +01:00