weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
6,276 Commits 45 Branches 0 Tags 96 MiB
81f22fd49c
Commit Graph

6276 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
jetstack-bot
52bba1dcdb
Merge pull request #4656 from TerryHowe/helm-ignore 
Minor clean-up to helm chart
 2021-12-17 12:21:13 +00:00
jetstack-bot
3b3e661d7f
Merge pull request #4669 from munnerz/update-runc 
Update runc dependency to 1.0.3
 2021-12-17 11:20:13 +00:00
jetstack-bot
0b8eba629c
Merge pull request #4554 from SgtCoDFish/maker 
Makefile flow
 2021-12-17 10:37:13 +00:00
jetstack-bot
cc49bc232c
Merge pull request #4667 from wallrj/move-deprecated-api-structs 
Stop exporting deprecated API types; move them to an internal package
 2021-12-16 16:37:09 +00:00
Richard Wall
57ba9bd71c Register the deprecated API kinds 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 16:04:01 +00:00
James Munnelly
2041994b12 Update runc dependency to 1.0.3 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-16 15:45:25 +00:00
Richard Wall
43cdb6233f Fix cmacme import path 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 14:52:30 +00:00
Richard Wall
9aaffe6b0a Re-instate the SchemeBuilder variable 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 14:19:25 +00:00
Richard Wall
36c4de9881 Update import paths 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
17a2ec5198 update-bazel.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
1fc14676f6 Move deprecated type definitions to the internal package 
find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git mv -k $d/*.go internal/apis/$g/$v/; done

find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git rm -rf $d/; done

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
jetstack-bot
71de30931f
Merge pull request #4666 from wallrj/remove-client-code-for-deprecated-api-versions 
Remove client code for deprecated api versions
 2021-12-16 10:49:09 +00:00
Richard Wall
2c16d49c8c ./hack/update-bazel.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-15 16:41:15 +00:00
Richard Wall
97125afd6e Remove typed client packages 
find pkg/client/ -type d -name v1alpha2 -o -name v1alpha3 -o -name v1beta1 | xargs git rm -r

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-15 16:40:33 +00:00
Richard Wall
a21b745d01 ./hack/update-codegen.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-15 16:30:19 +00:00
Richard Wall
50f376130f Don't generate client code for deprecated API versions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-15 16:29:51 +00:00
jetstack-bot
b5fbabdc6f
Merge pull request #4635 from wallrj/remove-deprecated-apis-crds 
Remove deprecated APIs from the CRD templates
 2021-12-15 13:31:33 +00:00
jetstack-bot
1b3adf3b96
Merge pull request #4636 from wallrj/remove-conversion-webhook 
Refactor the webhook testing code so that alternative CRDs and conversion handlers can be loaded in tests
 2021-12-15 12:29:33 +00:00
Ashley Davis
32d716654a
Add a makefile flow for building artifacts 
Includes targets for:

- all "server" binaries, for all arches
- all containers for all server binaries for all arches
- all client binaries (kubectl plugin / cmctl) for all arches
- the cert-manager helm chart + signature
- the cert-manager static manifests + CRDs
- tools which bazel would download, with checksum verification
- (commented out) a signed SHA256SUM file for client binaries

Upgrades from the bazel flow include that:

- we use OS-specific base images rather than just using amd64 everywhere
- we easily add support for signing artifacts at build time
- we add ".exe" to the end of windows executables
- we add a zip file for windows executables, for easier consumption
- we concatenate YAML files more robustly
- staging a full release should be much faster
- hopefully, it's easier to change things!
- licenses are trimmed down to reduce bloat in images (the license
  bundle was 1.4MB in size alone)

Changes from the bazel flow include:

- containers no longer have a symlink to the binary at an unusual
  path, but instead just have the binary at a more predictable path
  (e.g. /app/cmd/webhook/webhook instead of
  /app/cmd/webhook/webhook.runfiles/com_github_jetstack_cert_manager/cmd/webhook/webhook_/webhook)

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-12-15 09:54:15 +00:00
Ashley Davis
6734e9b746
add scripts for sha256 sum calculations 
hash.sh returns just the sha256sum of its input file

checkhash.sh uses ha.sh to get the sha256sum of its first argument and
then validates that the checksum matches the value provided in its
second argument

hash.sh isn't currently fully portable since sha256sum isn't present
by default on macOS, but it provides a single point around which we can
do hashing to validate checksums

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-12-15 09:54:15 +00:00
Ashley Davis
7a99e7c834
add script for writing make variables for base images 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-12-15 09:54:12 +00:00
Richard Wall
d80c53dc16 Remove conversion webhook configurations 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:42:54 +00:00
Richard Wall
4eedf4fcfd Test conversion code using sample CRDs and remove conversion configuration from cert-manager CRDs 
* Generate CRDs for the sample API types
* Allow alternative CRDs to be loaded into the envtest API server
* Override the conversion configuration of the CRDs
* Show webhook server logs in tests
* Simplify the loading of the test API CRDs
* Allow the ConversionHandler to be overridden in tests

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:33:22 +00:00
jetstack-bot
c43710f22c
Merge pull request #4665 from jetstack/jahrlin-add-to-owners 
add jahrlin to OWNERS
 2021-12-14 15:27:33 +00:00
Joakim Ahrlin
81e9527aa6 add jahrlin to OWNERS 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2021-12-14 13:28:42 +01:00
jetstack-bot
5894ed989a
Merge pull request #4546 from munnerz/webhook-config-api 
Support loading webhook config from versioned file
 2021-12-14 10:09:02 +00:00
Terry Howe
3263a4c1fb Minor clean-up to helm chart 
Signed-off-by: Terry Howe <tlhowe@amazon.com>
 2021-12-12 05:58:44 -07:00
James Munnelly
cfbd574e75 Remove deprecation notice on webhook.securePort 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-10 12:53:00 +00:00
jetstack-bot
7166f32320
Merge pull request #4608 from ninech/add_honor_labels 
allow to honor the labels of cert-manager on conflicts
 2021-12-10 10:48:51 +00:00
jetstack-bot
4afe2f00a8
Merge pull request #4640 from JoshVanL/metrics-clock-time-seconds-gauge 
Adds `clock_time_seconds_gauge` metric which returns the current clock time, based on unix time since time began
 2021-12-07 09:48:57 +00:00
joshvanl
4d40bdcd96 Fix tests after metrics comment changes. 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-07 07:42:27 +00:00
joshvanl
27c43b317e Adds deprecated message to clock_time_metrics 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-07 07:10:27 +00:00
James Munnelly
838a8dc153 Allow specifying minTLSVersion and cipherSuites without explicit tlsConfig 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 13:03:57 +00:00
James Munnelly
17d6a19ba2 Fix apiVersion of example config 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 12:56:34 +00:00
James Munnelly
d4beef13b8 Support configuring securePort in webhook service 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 12:56:26 +00:00
jetstack-bot
7923823cff
Merge pull request #4639 from JoshVanL/webhook-remove-webhook-admissionReviewVersions-v1beta1 
Removes v1beta1 from webhook's admissionReviewVersions as we no longer support Kubernetes v1.16
 2021-12-02 18:26:44 +00:00
joshvanl
b4f2d4982b Ensure clockTimeSecondsGauge is registered. Updates metrics integration 
tests to include gauge clock metric

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-02 12:11:20 +00:00
joshvanl
51e728688f Adds clock_time_seconds_gauge metric which returns the current clock 
time, based on unix time since time began

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-02 11:27:22 +00:00
joshvanl
6d83e3111d Removes v1beta1 from webhook's admissionReviewVersions as we no longer 
support Kubernetes v1.16

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-02 10:40:44 +00:00
jetstack-bot
3191293cb8
Merge pull request #4637 from JoshVanL/certificats-dont-error-on-delete 
Change Certificates controller to no longer error for a Certificate that no longer exists
 2021-12-01 14:19:25 +00:00
James Munnelly
ce3f3fc1f2 Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
1a96d9f32d config.cert-manager.io -> webhook.config.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
joshvanl
d5503c2ed2 Change certificates controller to no longer error for a Certificate that 
no longer exists

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-11-30 15:13:14 +00:00
jetstack-bot
ce019f059c
Merge pull request #4615 from johnwchadwick/version-check-disregard-failed-pods 
Only consider running pods when determining version
 2021-11-30 14:14:45 +00:00
Richard Wall
704fe73b4b Remove deprectated APIs from the CRD templates 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-11-30 13:33:59 +00:00
jetstack-bot
e089811c17
Merge pull request #4623 from irbekrm/bump_ingress 
Installs v1 ingress-nginx for e2e tests against kube 1.23
 2021-11-30 11:52:45 +00:00
irbekrm
06696befdb Installs v1 ingress-nginx for e2e tests against kube 1.23 
Also bumps the versions of ingress dependency used in tests

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-29 10:14:58 +00:00
nick
4755fccb63 improve option description 
Signed-off-by: Sebastian Nickel <nick@nine.ch>
 2021-11-26 16:27:16 +01:00
James Munnelly
9fce2ba5b0 Move files to create config.webhook.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 15:15:44 +00:00