weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,885 Commits 45 Branches 0 Tags 96 MiB
811069cac7
Commit Graph

2554 Commits

Author SHA1 Message Date
Jonathan Prates
811069cac7 fix: do not create secret labels if template is empty 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
9f36f8984b feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
1f87c098a1 fix: update autogenerated code 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Simon Prates
91cecb65e1 fix: add optional annotation to secretTemplate field 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
 2021-08-03 01:19:11 +01:00
Jonathan Simon Prates
82f1828857 fix: typo in function's comment 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
d29e89c948 chore: update function documentation and fix typo 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
936ad33539 fix: ensure secret annotations and labels will be copied if updated in the cert 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
47bc03e7c4 feat: add support to secretTemplates 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
jetstack-bot
b04e42c437
Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 
Conversion: Apiextensions v1beta1 -> v1
 2021-07-30 15:49:49 +01:00
jetstack-bot
5543772de0
Merge pull request #4254 from JoshVanL/admission-v1beta1-v1 
Remove v1beta1 from admission review
 2021-07-30 10:57:54 +01:00
jetstack-bot
6d13f910ef
Merge pull request #4271 from maelvls/forget-scheduler-item-deletedfunc 
Revert the `Forget` call that was happening on every Certificates and Orders sync
 2021-07-29 17:02:41 +01:00
joshvanl
8470ba96f0 Change webhook admission/mutation to no longer understand and reject anything which is not 
v1 (remove v1beta1)

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-29 11:10:24 +01:00
Maël Valais
e4f981da66 Revert "memory leak: clean up scheduler goroutine on cert deletion" 
This reverts commit 641960b6. The reason we decided to revert this is
that we are unsure about the implications of adding the
scheduledWorkQueue.Forget call. The new Forget call is left untested,
and it makes us nervous not to know exactly if it works as intended.

The "Forget" memory leak that we are reverting now is the cause of a
tiny fraction of the overall memory leakage that was fixed in the PR
in the scheduler itself.  Reverting this means that some goroutines will
be leaked, but only when a Certificate gets removed and never recreated
with the same name.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-28 19:19:39 +02:00
jetstack-bot
8ae179b8f5
Merge pull request #4261 from SgtCoDFish/tsuru-ca-chain-without-root 
CA chain fix without root
 2021-07-28 17:18:41 +01:00
jetstack-bot
d062176777
Merge pull request #4243 from inteon/improved_go_routines 
Cleanup goroutine management
 2021-07-28 15:36:41 +01:00
Ashley Davis
2ee4abeb24
handle individual certs in ParseSingleCertificateChain 
roots are handled differently because they're their own CAs

also adds test cases for each of:

- a lone leaf
- a lone intermediate
- a lone root

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-07-28 14:06:57 +01:00
Wilson Júnior
18235e3624
Improve ParseSingleCertificateChain when no root is present 
Fixes when the certificate chain does not have a root CA,
in which case the chain should contain all available intermediates
and ca.crt should contain the rootmost certificate.

Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: Wilson Júnior <wilsonpjunior@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-07-28 14:05:19 +01:00
Inteon
d867fcc44d
remove unnecessary wait.Until 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-27 21:43:54 +02:00
jetstack-bot
3b50d78ae4
Merge pull request #4225 from jakexks/ingressv1 
Feature: Support both v1 and v1beta1 ingresses.
 2021-07-27 20:11:37 +01:00
Jake Sanders
d69a48c1dc
Add comment to exported ConvertedGVKAnnotation constant. 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-27 17:01:50 +01:00
Jake Sanders
90f006c907
nit: imports 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-27 16:58:59 +01:00
irbekrm
2ddf6fe637 Allows for annotations passed from CSR to Order to be filtered 
Using the value from copied-annotation-prefixes flag, where by default kubectl, fluxcd, argocd annotations are excluded

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-27 10:55:09 +01:00
Jake Sanders
fc428d763e
Fix e2e tests on Kube 1.16 by removing last references to NetworkingV1 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 22:30:41 +01:00
Jake Sanders
83857fdc03
Remove stray reference to v1beta1 Ingress 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 20:29:35 +01:00
Irbe Krumina
3834a8fc0a Code review feedback 
Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:37 +01:00
irbekrm
143c5ce38d Adds a test for copying the annotations from Certificate 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:24 +01:00
irbekrm
ddf7e130b7 Allow users to specify which annotations should be copied from Certificate to CertificateRequest 
Default to all being copied except for kubectl, fluxcd, argocd annotations

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:10 +01:00
Jake Sanders
63d7cb551e
./hack/update-all 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 19:15:08 +01:00
Jake Sanders
756917cc24
Ensure functionality works against v1beta1 API server 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:30:01 +01:00
Jake Sanders
6fa758b616
Remove unused argument 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:58 +01:00
Jake Sanders
87bf05601f
Update pkg/controller/test/context_builder.go 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>

Co-authored-by: Maël Valais <mael@vls.dev>
 2021-07-26 18:29:56 +01:00
Jake Sanders
67c6586161
Addressing code review comments in #4225 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:54 +01:00
Jake Sanders
496488027e
Ingress Backend should not specify Name and Port 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:51 +01:00
Jake Sanders
b2278f8642
nit: imports 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:48 +01:00
Jake Sanders
0d93b93fc5
Feature: Support both v1 and v1beta1 ingresses. 
Kubernetes is removing support for the v1beta1 Ingress type in 1.22: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/#api-changes
However, we still wish to support k8s v1.16 until mid 2022 when Openshift 3 becomes out of support.

cert-manager will now use v1 Ingress if available by using the discovery API.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:42 +01:00
joshvanl
be2ad9ed15 Update sample ACME webhook to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:04:35 +01:00
joshvanl
12d4246c8a Update ACME clients to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:03:34 +01:00
joshvanl
a9aa3b3579 Update ACME webhook API to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:03:14 +01:00
joshvanl
5762b5706e Update Conversion webhook to no longer understand v1beta1, only v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:02:18 +01:00
joshvanl
f180f0a0e6 Change internal ACME API to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:00:08 +01:00
joshvanl
d87ac770fe Change ACME API to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 16:59:42 +01:00
jetstack-bot
ceb9fdf6ac
Merge pull request #4231 from maelvls/fix-concurrent-read-write 
Data race: fix concurrent read and write of secret annotations and certificaterequests
 2021-07-26 13:34:12 +01:00
jetstack-bot
218408a741
Merge pull request #4112 from JoshVanL/certificate-signing-request=acme 
CertificateSigningRequest ACME Controller
 2021-07-26 11:51:12 +01:00
jetstack-bot
1021b58286
Merge pull request #4233 from maelvls/goroutine-leak 
Memory leak: fix the scheduler's goroutine leakage
 2021-07-23 20:34:19 +01:00
joshvanl
247807162f Expect event fired when ACME CSR request is not yet approved 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:34:21 +01:00
joshvanl
a81ba4fcb3 Change test name to make it clear it is not a duplicate 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:10:35 +01:00
joshvanl
e18e29ea45 Adds unit tests for CertificateSigningRequest ACME handle owner 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
9e322a4033 Removes old comment which is no longer relevant 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
b84e3edcc9 Review comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
bec5d5be32 Remove CA annotation from ACME CertificateSigningRequest controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00