cert-manager

Author	SHA1	Message	Date
Inteon	81e216eeba	wait for goroutines to end before exiting Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-23 15:30:26 +02:00
Inteon	d6cd6f457d	set correct exit codes when exiting Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-22 12:57:08 +02:00
Maël Valais	e5436df521	gateway-shim: don't crash cert-manager if the Gateway CRD isn't there The Gateway CRD has to be installed, meaning that the CRDs may be installed after cert-manager. We don't want cert-manager to crash in that case; instead, we let the user know that cert-manager will keep retrying looking for the CRDs with this message on startup: controller.go:181] cert-manager/controller/build-context "msg"="the Gateway API CRDs do not seem to be present, cert-manager will keep retrying watching for them" The user then sees the following message printed (using an exponential back-off): reflector.go:167: Failed to watch v1alpha1.Gateway: failed to list v1alpha1.Gateway: the server could not find the requested resource (get gateways.networking.x-k8s.io) Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:47 +02:00
Maël Valais	b5142f84c0	gateway-shim: only discover the gateway api when gateway-shim is enabled Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:34 +02:00
Maël Valais	30f9c123d3	gateway-shim: add the gateway-shim controller Note that the gateway-shim is only half the work for supporting the Gateway API in cert-manager. The other half is the HTTP01 solver support, which is still worked on. The Gateway API in cert-manager is releases as an experimental feature and needs to be enabled manually with the following flag: --controllers=*,gateway-shim All the annotations supported by ingress-shim are also supported by gateway-shim, with some exceptions: "acme.cert-manager.io/http01-ingress-class" This annotation is not supported on the Gateway resource. Although the Gateway resource also has a "gatewayClass" field, we will need to add another field instead of "ingress-class" to avoid confusion with the ingress-shim. "acme.cert-manager.io/http01-edit-in-place" This annotation is not supported because it is specific to some ingress controllers like ingress-gce. "kubernetes.io/tls-acme" This annotation is not supported because it is a behavior inherited from kube-lego and we chose not to keep this behavior with the Gateway API. Unlike the ingress-shim, you can reuse the same Secret name in multiple TLS configurations on the same Gateway resource. The ingress-shim now shows the exact location of the duplicate secretName when the user gives the same secretName in two separate TLS blocks. Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Jake Sanders <i@am.so-aweso.me>	2021-07-15 20:34:55 +02:00
kit837	0f97e6d19d	pass in clock.Clock for better test Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>	2021-06-15 17:48:20 +00:00
irbekrm	b539cbea89	Use ConfigmapsLeases Multilock for controller's leader election Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-17 18:19:38 +01:00
Jake Sanders	79d8d9cb7b	Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" This reverts commit `80f27739b5`, reversing changes made to `96604d02a3`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:25 +01:00
Jake Sanders	423e82b65b	Revert "Merge pull request #3939 from JoshVanL/istio-api-to-internal-apis" This reverts commit `f2a74ade5e`, reversing changes made to `7ff54e61e9`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:23 +01:00
joshvanl	01716e2907	Fixes stutter: istio.IsIstioInstalled -> istio.IsInstalled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:42:21 +01:00
joshvanl	3af22cf6c6	Move istio util duncs to pkg/util/istio Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:35:41 +01:00
Inteon	2d7dfcb462	start DynamicSharedInformerFactory unconditionally; only listen for VirtualServices conditionally Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:20:49 +02:00
Inteon	624e2b9e69	add ACME HTTP01 Istio support Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:19:53 +02:00
joshvanl	8f5b03427c	Fix options_test.go boilerplate header Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 11:28:01 +00:00
joshvanl	6ef840972c	Change controller options to return a set of enabled controllers, and log enabled controllers on start Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 11:28:01 +00:00
joshvanl	5c3e02d7a5	Changes the controllers flag to allow disabling controllers. This is the same behaviour as kube-controller-manager Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 11:28:01 +00:00
joshvanl	0382c9d8b2	Adds a cert-manager-controller flag to disable controllers, for example, the certificaterequests-approver Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 11:28:01 +00:00
irbekrm	b852e97ffb	Removes the deprecated renew-before-expiry flag Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-02-21 10:22:25 +00:00
jetstack-bot	cdc53b65cb	Merge pull request #3500 from meyskens/update-copy Update copyright to cert-manager project	2020-12-15 10:12:31 +00:00
Maartje Eyskens	ab0cd57dc5	Use The cert-manager Authors. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-11 19:04:13 +01:00
jetstack-bot	2c521609de	Merge pull request #3477 from tharun208/feat/profiling Added profiling for controller	2020-12-11 14:11:10 +00:00
Maartje Eyskens	1788a9d758	Update copyright to cert-manager project Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-08 19:04:49 +01:00
Tharun	b67da63a4e	Added profiling for controller Signed-off-by: Tharun <rajendrantharun@live.com>	2020-11-22 12:15:52 +05:30
Richard Wall	a33abd2060	Plumb through the flag provided defaultRenewBeforeExpiryDuration Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-11-19 12:44:18 +00:00
Maartje Eyskens	7d1cd33081	Make resyncPeriod constant Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-22 10:25:10 +02:00
Maartje Eyskens	00d2b3b79e	Set the resync period to 10 hours Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-21 15:19:22 +02:00
Maartje Eyskens	5dfb4d409b	Make Kubernetes API QPS throtteling configurable Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-14 17:16:44 +02:00
Matthias Frey	2f2253afaf	make propagation check period configurable Signed-off-by: Matthias Frey <freym@users.noreply.github.com>	2020-09-24 11:28:49 +02:00
JoshVanL	c83ef5ee77	Fixes client-go logs to use infof Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-08-27 11:04:09 +02:00
Richard Wall	a70298180a	Run a script to update v1alpha2 usage to v1 Script is available at https://github.com/jetstack/cert-manager/pull/3201 Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-08-20 14:26:51 +01:00
Richard Wall	0388599674	Rename import to make way for corev1 and v1 api imports later Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-08-19 15:04:54 +01:00
Maartje Eyskens	3259fdfe9b	Implement feedback Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-12 10:59:42 +02:00
Maartje Eyskens	827ce9c5ad	Revert log levels on errors Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-12 10:59:42 +02:00
Maartje Eyskens	bdc8b346c6	Log NS as info Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-12 10:59:42 +02:00
Maartje Eyskens	86dee5ed41	Set error log levels Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-12 10:59:41 +02:00
Maartje Eyskens	fecd0b3518	Set all log levels for info Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-12 10:59:41 +02:00
Maartje Eyskens	9dd00905e9	Update klog Signed-off-by: Maartje Eyskens <maartje@eyskens.me> klog v2 Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-12 10:59:41 +02:00
James Munnelly	2280480c02	Remove old certificates controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-07-01 11:46:13 +01:00
JoshVanL	e465329b80	Revert vault free port and expose listener port from metrics server Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-26 23:01:55 +01:00
JoshVanL	db24ca052b	Remove the Factory interface from ACME accounts, in favour of using package level funcs. This exposes BuildHTTPClient that instruments metrics, which is passed to NewClient. ACME issuer has reference to plumbed in metrics Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-21 10:44:37 +01:00
JoshVanL	3e7f7eb87e	Expose Prometheus listen address as a controller command line flag Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-18 18:21:03 +01:00
JoshVanL	8214cb4b70	Initialise new metrics implementation and pass through new instrumented ACME client Factory Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-18 17:44:36 +01:00
James Munnelly	b126a0c0e5	Use acme AccountRegistry throughout and tidy up ACME setup code Signed-off-by: James Munnelly <james@munnelly.eu>	2020-05-13 13:14:46 +01:00
James Munnelly	ba33c823a3	Add 'keystores' stanza to CertificateSpec to allow dynamic keystore configuration Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 17:58:18 +01:00
James Munnelly	8aaca4a2ad	expcertificates: add readiness controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-20 15:08:31 +01:00
James Munnelly	cde13aa6fd	Add requestmanager controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-20 15:08:31 +01:00
James Munnelly	a53288b4c1	Enable keymanager and issuing controller with feature gate Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-16 19:10:41 +01:00
James Munnelly	dee93c4fb9	Add ExperimentalCertificateControllers feature gate Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-15 12:26:53 +01:00
James Munnelly	822b9e17a0	Remove AdditionalRunFuncs from base controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-03-30 20:43:00 +01:00
James Munnelly	20ee4833dd	Remove webhookbootstrap controller Signed-off-by: James Munnelly <james@munnelly.eu>	2020-03-30 14:26:05 +01:00

1 2 3

121 Commits