weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
4,864 Commits 45 Branches 0 Tags 96 MiB
89cff72df2
Commit Graph

2029 Commits

Author SHA1 Message Date
jetstack-bot
89cff72df2
Merge pull request #3552 from mt-inside/clarify-cert-ref-namespace 
Minor log message clarification
 2021-01-15 11:54:55 +01:00
Maartje Eyskens
be205c04e6 Run a codegen update 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-01-08 15:05:32 +01:00
Matt Turner
44f69ce015 Minor log message clarification 
Supplying just a name, rather than a namespace/name, for a cainjector
source reference, results in the generic error message "invalid
certificate name". This condition is detected on its own branch so we
can be more specific.

Signed-off-by: Matt Turner <matturner@gmail.com>
 2021-01-07 19:21:11 +00:00
jetstack-bot
f19a5e6402
Merge pull request #3463 from wallrj/2667-acme-stalled-orders 
Wait for order-controller to add certificate data to the Order
 2020-12-17 16:30:41 +00:00
jetstack-bot
5b2d0d660e
Merge pull request #3465 from wallrj/3396-ingress-renew-before 
Add duration and renew-before Ingress annotations to set those fields on the Certificate
 2020-12-16 15:50:04 +00:00
Richard Wall
9cd3eaabf7 Add a duration Ingress annotation to set the duration field on Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-16 09:40:28 +00:00
Maartje Eyskens
7078a5c7b8 Rename the User Agent fields 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-15 17:25:18 +01:00
Richard Wall
27d0f011be Delete Order if its certificate data is bad or unexpected 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:46:52 +00:00
Richard Wall
fb01c3b3c2 Tests for handling of Orders with bad certificates 
* Badly formed certificates, and
* certificates with an unexpected public key.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:44:59 +00:00
Richard Wall
98e2f1c8f3 Wait for order-controller to add certificate data to the Order 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
02883417ee Re-organise the handling of non-failed but not-yet-valid Orders 
Exit early in this case and move the happy case to the end of the function.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
26aa0e29fa Add a renew-before Ingress annotation to set the renewBefore field on the Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
Richard Wall
bae51b92b2 Simplify some ingress-shim helper functions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
jetstack-bot
cdc53b65cb
Merge pull request #3500 from meyskens/update-copy 
Update copyright to cert-manager project
 2020-12-15 10:12:31 +00:00
jetstack-bot
34396bc93b
Merge pull request #3499 from meyskens/ingress-netk8sbeta1 
Migrate Ingress to networking.k8s.io/v1beta1
 2020-12-14 09:50:12 +00:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
jetstack-bot
2c521609de
Merge pull request #3477 from tharun208/feat/profiling 
Added profiling for controller
 2020-12-11 14:11:10 +00:00
Tharun
b4df9b3567 removed gorilla mux and used profiling util 
Signed-off-by: Tharun <rajendrantharun@live.com>
 2020-12-11 17:54:55 +05:30
jetstack-bot
fcf54969dd
Merge pull request #3489 from exceptionfactory/3373-truststore-p12 
Add creation of truststore.p12 from CA
 2020-12-11 10:21:07 +00:00
Maartje Eyskens
c6e84d7c83 Switch informer to networking 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-09 16:36:11 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
exceptionfactory
9a32867a6f Updated CRDs #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-08 11:49:31 -05:00
exceptionfactory
e9dfbb7a1a Updated PKCS12 API docs and corrected code formatting #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-08 11:23:16 -05:00
Maartje Eyskens
65281efff1 Migrate Ingress to networking.k8s.io/v1beta1 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 14:46:01 +01:00
jetstack-bot
7c53f88f19
Merge pull request #3476 from maelvls/unit-test-backoff-one-hour 
Move the 'back off for 1 hour' logic to a unit-tested func
 2020-12-08 11:02:17 +01:00
Maël Valais
62f8db6e6a refactor(issuing): PR review: use MustCreateCryptoBundle directly 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
6484010f5c fix(issuing): wait until req matches cert before setting failure 
The issuing controller wasn't checking if the certificate request that
it picked up is up to date. That resulted in the certificate being set
to "Failing" and "Issuing = False" due to an old certificate request
that was created during a previous issuance. The certificate would then
become stale.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
17cd05ecab test(issuing): new test: when req mismatches, cert can't be updated 
This new unit test highlights an unexpected behavior of the issuing
controller: the issuing controller is updating the certificate's status
when the certificate request has a failure ("Reason = Failed"), but the
controller might have picked up an out-of-date certificate request.

The consequence is that the issuing controller would set the certificate
to "Issuing = False". That happens when a re-issuance is triggered with
an old failing certificate request.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
07fd8754f5 refactor(trigger): add test case when failure just happened 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:51:12 +01:00
Maël Valais
769303c5f8 refactor(trigger): don't backoff when exactly 60min 
As Maartje mentioned, it doesn't make sense to return backoff = true
while returning a delay of 0. Also, use time.UTC instead of time.Local.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:44:06 +01:00
Maël Valais
27d4924b5a refactor(trigger): move backoff logic to a unit-tested func 
The trigger_controller_test.go has many unrelated test cases and I
thought it would be good to have more tightly scoped functions that are
easy to review (and most importantly, the unit tests are easy to
review).

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:40:01 +01:00
exceptionfactory
c3db3ee7cd Simplified return handling for PKCS12 functions #3733 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-03 07:20:31 -06:00
jetstack-bot
0bcf759a25
Merge pull request #3433 from sorah/vault-issuer-exclude-root 
Handle Vault issuer working as intermediate correctly
 2020-12-03 09:23:14 +01:00
jetstack-bot
fe84c50f7b
Merge pull request #3485 from maelvls/bug-spurious-updates-aws 
Strip X-Amzn-RequestId to avoid spurious challenge updates
 2020-12-02 15:42:33 +01:00
exceptionfactory
9dd90f8f2b Added creation of truststore.p12 from CA for #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-01 14:37:42 -05:00
Maël Valais
8d8dd02245 dns01-aws: aws-sdk-go already honors the proxy settings 
No need for setting http.DefaultClient manually.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-01 13:26:29 +01:00
jetstack-bot
6fd14b0241
Merge pull request #3464 from wallrj/3396-renew-before-expiry-duration 
Fix and deprecate the --renew-before-expiration-duration flag
 2020-12-01 12:07:06 +01:00
Maël Valais
8a5748be94 dns01-aws: strip request id from aws errors 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-01 11:11:05 +01:00
Maël Valais
cccc0b1d4d dns01-aws: add test that reveals the request id issue 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-11-30 13:31:12 +01:00
Sorah Fukumori
f768afd0a3
vault: change condition precise 
Signed-off-by: Sorah Fukumori <her@sorah.jp>
 2020-11-28 18:13:49 +09:00
Sorah Fukumori
90c4f9e561
Avoid named return variables 
Co-authored-by: Maartje Eyskens <maartje@eyskens.me>
Signed-off-by: Sorah Fukumori <her@sorah.jp>
 2020-11-28 18:06:49 +09:00
jetstack-bot
7fbdd64876
Merge pull request #3347 from meyskens/acme-duration 
Add duration into ACME
 2020-11-24 10:37:01 +01:00
Tharun
b67da63a4e Added profiling for controller 
Signed-off-by: Tharun <rajendrantharun@live.com>
 2020-11-22 12:15:52 +05:30
Maartje Eyskens
a869c59cb7 Remove internal API tags and annotations 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 13:42:24 +01:00
jetstack-bot
92f4d7d349
Merge pull request #3384 from meyskens/no-acme-retry 
Disable Go's ACME retry logic
 2020-11-20 11:31:54 +00:00
Maartje Eyskens
d705838e83 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
66f787ef33 Fix a lost EnableNotAfterDate 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
b7014c3dbd Fix rename in json too 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
59048fed64 Rename field 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
04d88479e4 Pass duration on until ACME order creation 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00