cert-manager

Author	SHA1	Message	Date
Tim Ramlot	c1fe43efe7	bump code generators Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-05-17 19:14:03 +02:00
Tim Ramlot	1248be8bba	add contextcheck linter exceptions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-05-07 12:37:04 +02:00
Tim Ramlot	ae98ba806b	fix gocritic linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-29 15:50:47 +02:00
Tim Ramlot	a8b5178fc5	fix dupword linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-29 13:47:25 +02:00
Tim Ramlot	9db044b232	fix gci linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-29 13:47:25 +02:00
Erik Godding Boye	8f99f40cbb	Upgrade K8s dependencies to v0.30.0 Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2024-04-28 13:02:36 +02:00
Tim Ramlot	01b298a580	move to Makefile modules Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-10 18:53:40 +02:00
Tim Ramlot	23373e4323	correctly initialize loggers, create contexts and pass contexts Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-03-08 14:32:31 +01:00
Tim Ramlot	90dc8ccde0	disable APIPriorityAndFairness using config instead of feature flag Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 17:40:46 +01:00
Tim Ramlot	a0f2849425	run 'make update-codegen' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 16:18:35 +01:00
Tim Ramlot	3fc1f8a580	upgrade all dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-24 19:54:25 +02:00
Tim Ramlot	9d2d1cd6ef	add openapi definitions to acme API server Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-23 14:12:51 +02:00
irbekrm	524998abdf	Don't run API Priority and Fairness controller in webhook extension apiserver Because it is not needed and can cause issues with older versions of kube Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-22 12:53:15 +01:00
Tim Ramlot	f0871eb6b8	further standardise logging across components Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
irbekrm	df974120ab	Ensures that acmesolver implements SingularNameProvider Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-05 16:32:25 +01:00
vidarno	616a41ac8f	Test TestRegistry_AddClient_UpdatesClientPKChecksum must compare private key with a checksum Signed-off-by: vidarno <>	2023-05-03 22:17:03 +02:00
vidarno	f7390903be	Update tests after adding new LastPrivateKeyHash field in status of issuer CRDs Signed-off-by: vidarno <>	2023-04-29 09:14:07 +02:00
vidarno	92da674e9a	Update logic in function IsKeyCheckSumCached to compare private key with hash in status field of CRD instead of from Secret Signed-off-by: vidarno <>	2023-04-29 09:13:54 +02:00
jetstack-bot	ece30e655f	Merge pull request #5949 from TrilokGeer/key-replace-sha256checksum Fixes status change on privateKey update on acme issuer	2023-04-18 15:04:07 +01:00
TrilokGeer	bdc0cb7c40	Fixes status change on privateKey update on acme issuer Signed-off-by: TrilokGeer <tgeer@redhat.com>	2023-04-14 21:33:44 +05:30
irbekrm	e14d17b1b0	Adds a couple comments to ACME call methods Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
Tim Ramlot	f36c06f10d	move cmd/util/ to internal/cmd/util/, since it is also imported by packages outside of cmd/ Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-02-28 12:38:59 +01:00
irbekrm	1834afaa00	A bunch of comments on webhook solver functionality With the goal of making folks working on these parts of code be aware that this is the one bit that will be imported in external projects Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-18 17:41:02 +00:00
Ashley Davis	c5924f54a1	add + use CABundle field for ACME servers in issuers Previously it wasn't possible to set a custom CA bundle for an ACME server, leading users to either patch the cert-manager system CA bundle manually or else use SkipTLSVerify which is a security issue. This adds CABundle for ACME, similar to what we have for Vault and Venafi TPP issuers. Longer term we'd like to have a more fully featured approach. It would for example make sense to support loading CA bundles from ConfigMaps or Secrets (similar to what we do for Vault issuers today), but for now this change is the simplest change. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-15 16:21:07 +00:00
Tim Ramlot	99ed9f3e06	add comment Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-09-23 10:30:32 +02:00
Tristan Deloche	878d84a2fa	Ensure forward-compatibility with k8s.io/apiserver's Storage interface Signed-off-by: Tristan Deloche <tde@hey.com>	2022-09-20 16:10:22 +01:00
Ashley Davis	fb231ab641	Remove bazel 🎉 This removes all .bazel and .bzl files, and a bunch of scripts relating to bazel, now that it's been entirely replaced. There are still a few places where traces could be removed, but this removes the brunt of the bazel stuff that remains. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-07-26 11:38:50 +01:00
Ashley Davis	d5ca2585d6	Increase ACME client HTTP timeout to 90s This is the final part of implementing https://github.com/cert-manager/cert-manager/pull/5214 This timeout is shorter than the 2 minute timeout we increased controllers to - that's because we'd generally expect that controller sync loops would need to do additional actions before and after making HTTP requests. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-06-22 11:35:05 +01:00
Ashley Davis	5ee43c115a	Remove timeouts in ACME logging middleware Logging middleware probably isn't the place for this in any case, but more broadly there's little need to add additional timeouts here since we have a context timeout configured during issuance and ACME timeouts configured at the level of the HTTP client we use. This is the second part of implementing the timeouts proposal from https://github.com/cert-manager/cert-manager/pull/5214 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-06-22 11:35:04 +01:00
Ashley Davis	3a055cc2f5	rename all uses of github.com/jetstack/cert-manager This was done by running the following command twice: ```bash grep -Ri "github.com/jetstack/cert-manager" . \| \ cut -d":" -f1 \| \ sort \| \ uniq \| \ xargs sed -i "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/" ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-02 09:08:31 +00:00
joshvanl	a220be5bc5	Adds user agent pipethrough for acme accounts Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
Sunghoon Kang	47d07e85de	Add test for creating ChallengeServer with solvers Signed-off-by: Sunghoon Kang <hoon@linecorp.com>	2022-01-08 22:55:21 +09:00
Sunghoon Kang	bfe3210ccc	Install APIGroup once for multiple DNS providers If we register multiple DNS providers while running the webhook server, it will cause an unexpected exit with 'WebService with duplicate root path detected' error. This issue happens because the root path of each DNS provider is equal since they share the group name. This commit installs APIGroup once for multiple DNS providers by extracting apiGroupInfo variable and InstallAPIGroup call from solver (DNS provider) loop in ChallengeServer constructor. Signed-off-by: Sunghoon Kang <hoon@linecorp.com>	2022-01-04 00:50:23 +09:00
irbekrm	598ed35e4a	Uses go/crypto ListCertAlternates function to fetch alternative certificate chains This allows us to use upstream go/crypto again instead of our own fork Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-10-07 15:21:26 +01:00
irbekrm	cb6a746726	Runs ./hack/update-all.sh New format of Go build tags gets added Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-09-30 10:08:19 +01:00
joshvanl	0c96c54416	Adds the ACME client middleware when create an ACME account Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-09-03 13:47:43 +01:00
joshvanl	a9aa3b3579	Update ACME webhook API to use apiextensions v1beta1 -> v1 Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-26 17:03:14 +01:00
Inteon	d6cd6f457d	set correct exit codes when exiting Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-22 12:57:08 +02:00
irbekrm	a42771b7e4	Adds a bunch of comments for exported types Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 10:19:43 +01:00
irbekrm	f5aa3cffd1	Removes an unnecessary newline after package comment Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 10:17:57 +01:00
Tamal Saha	da86194a9d	Update to k8s 1.21.0 tool chain Signed-off-by: Tamal Saha <tamal@appscode.com>	2021-05-17 08:11:19 -07:00
irbekrm	c97b14a216	Fix FakeRegistry.AddClient + ensure that FakeACME implements accounts.Registry Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-10 09:52:34 +01:00
irbekrm	d8367cbac8	Remove direct calls to external deps from Setup function Allow the functionality to set up a new ACME client and to retrieve and decode ACME account's key to be stubbed in tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-10 09:51:07 +01:00
Jake Sanders	196e42c221	Tidy godoc comments Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-05 16:21:24 +01:00
Jake Sanders	f194d9b732	Add godoc comments Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-05 15:59:02 +01:00
Josh Soref	e9fe56594c	spelling: wrapped Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-04 13:04:38 -05:00
Josh Soref	cb22798289	spelling: validate Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-04 13:04:38 -05:00
Josh Soref	6b3cf75fdf	spelling: instrumented Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-04 13:04:38 -05:00
Maartje Eyskens	be205c04e6	Run a codegen update Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2021-01-08 15:05:32 +01:00
Maartje Eyskens	ab0cd57dc5	Use The cert-manager Authors. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-11 19:04:13 +01:00

1 2 3

131 Commits