cert-manager

Author	SHA1	Message	Date
Tim Ramlot	41404a7fd7	rename UseCertificateRequestNameConstraints to NameConstraints Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 15:49:18 +01:00
jetstack-bot	cc8925ae9f	Merge pull request #6404 from SpectralHiss/hef/otherNameSANs Other name sans support in Certificates	2024-01-03 14:16:23 +00:00
Ashley Davis	b3b14fda41	add separate startupapicheck binary Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2024-01-02 17:17:50 +00:00
SpectralHiss	4bdee5f010	Rename otherNameSANs to otherNames * Improve the CRD godoc comments Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 16:21:56 +00:00
Tim Ramlot	7b7912022a	Add feature gate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:16:06 +00:00
tanujd11	bc75f8488d	fix: structure of nameconstraint in CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-11 18:00:15 +05:30
tanujd11	8d362439a8	fix UTs Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	50d84c1bbc	nits: added new line at EOF and comment fix Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:42 +05:30
Richard Wall	2264de13f3	Use latest version of the bestpractice Helm values Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-27 14:33:47 +01:00
Richard Wall	1329c71f27	Add a dedicated rule for kindest node And explain why Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-26 16:00:18 +01:00
Richard Wall	4d2a227794	Remove the multi-arch variant Because it was also broken and was being supplied with digests of single-architecture images rather than multi-arch manifests Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 14:52:10 +01:00
Richard Wall	c34bddace7	Update ingress-nginx image checksums Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 14:19:30 +01:00
Richard Wall	5db745b103	Fix the digest check for single-arch images Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 13:52:50 +01:00
Richard Wall	ecada9c30f	Upgrade ingress NGINX Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 13:16:13 +01:00
Richard Wall	a1164b9c4f	Use sample-external-issuer v0.4.0 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 11:16:35 +01:00
Richard Wall	108291dc30	Update make/e2e-setup.mk Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Richard Wall <wallrj@users.noreply.github.com>	2023-10-06 10:40:34 +01:00
Richard Wall	4497ad5103	MAKELEVEL was a bad choice which prevents me running the e2e.test binary from my OLM Makefile Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-05 15:28:46 +01:00
Tim Ramlot	29e834dedd	downgrade pebble Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-24 19:54:29 +02:00
Tim Ramlot	3fc1f8a580	upgrade all dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-24 19:54:25 +02:00
Cody W. Eilar	daf5b8f763	Honor KIND_CLUSTER_NAME for e2e-setup & clean - Prior to this commit, regardless what was put for KIND_CLUSTER_NAME, the name of the cluster was always "kind". Furthermore, when running make clean, only clusters named "kind" were cleaned up. With a few minor fixes, this commit solves the problem so that kind clusters with different names can be used when running tests. Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Cody Eilar <cody@codyeilar.com>	2023-06-27 09:35:07 -06:00
irbekrm	acf07419f5	Fix a bug in helm chart where webhook had controller feature gates passed This will break anyone who relied on featureGates field to pass feature gates to webhook- they will need to use the new webhook.featureGates field Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-23 12:44:31 +01:00
Tim Ramlot	927cef3c22	switch to SSA for cainjector Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-26 17:04:11 +02:00
Tim Ramlot	3ed79f9129	upgrade vault Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-25 09:22:19 +02:00
jetstack-bot	659530cf40	Merge pull request #5980 from inteon/dont_cache_local_images Don't place locally built unversioned images in the cached downloads folder	2023-04-24 16:30:14 +01:00
Tim Ramlot	af60cb4b70	don't place locally built unversioned images in the cached downloads folder Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-24 11:07:23 +02:00
irbekrm	6315b7bf15	Adds kube 1.27 kind image, makes it default Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-24 08:50:39 +01:00
Richard Wall	1d200d04d3	Upgrade to sample-external-issuer v0.3.0 Includes a linux/arm64 Docker image Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2023-04-18 12:38:41 +01:00
Tim Ramlot	d602087446	remove Helm burst limit Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-11 14:51:18 +02:00
Tim Ramlot	7c037f2912	optimise QPS, Burst and concurrent-workers values for faster e2e tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-11 14:51:18 +02:00
jetstack-bot	54b7c232f5	Merge pull request #5924 from maelvls/gowork Add a workspace file	2023-04-07 09:18:35 +01:00
Maël Valais	81b007fd91	make: uncompress pebble outside of the Go Workspace zone of influence When building Pebble, Go was mistakenly thinking that the go.work is the Go Workspace in which the Pebble module resides: main module (github.com/cert-manager/cert-manager) does not contain package github.com/cert-manager/cert-manager/_bin/downloaded/containers/amd64/pebble/pebble-ba5f81dd80fa870cbc19326f2d5a46f45f0b5ee3/cmd/pebble At first, I thought that directories prefixed with _ would be ignored (like what "go build" does), but it doesn't seem to work that way since the go.work file is looked up recursively "upwards", not downwards. The only workaround I could think of is to build Pebble outside of the tree in which go.work resides. Signed-off-by: Maël Valais <mael@vls.dev>	2023-04-06 16:50:17 +02:00
irbekrm	53918b5d6c	Adds SecretsFilteredCaching alpha feature Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Ashley Davis	f3a051d94f	add license preludes for a variety of files Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-03-14 15:46:10 +00:00
jetstack-bot	6ba1dcaf43	Merge pull request #5768 from yulng/gatewayversion Bump gateway-api version to 0.6.0	2023-03-10 12:10:05 +00:00
Maël Valais	138b75cd24	make: force the use of registry.k8s.io by ingressnginx Signed-off-by: Maël Valais <mael@vls.dev>	2023-03-03 12:50:34 +01:00
Maël Valais	716bd2a59d	e2e: update Contour to 1.24.1 and chart to 11.0.0 Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-20 18:31:13 +01:00
Rayan Das	11071f59bb	update k8s.gcr.io to registry.k8s.io Signed-off-by: Rayan Das <rayandas91@gmail.com>	2023-02-18 22:50:16 +05:30
Richard Wall	b29404b094	Stop the internal variable E2E_SETUP_DEPENDENCIES being shown in the make help output Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2023-02-15 13:01:24 +00:00
Richard Wall	17ae96cf80	Make the best-practice configuration optional in E2E tests Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2023-01-31 14:09:37 +00:00
Richard Wall	a0683195f9	Add a secure-defaults Helm chart values file and use it in E2E tests Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2023-01-26 17:22:42 +00:00
Jan-Otto Kröpke	b952058775	[helm] expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>	2023-01-14 15:16:16 +01:00
jetstack-bot	2a7fabd5ca	Merge pull request #5554 from camptocamp/helm-add-acme-http01-solver-image-override-option helm: add option to override ACME HTTP-01 solver image	2022-12-22 10:10:13 +00:00
Yann Soubeyrand	ea0bea9db0	helm: add option to override ACME HTTP-01 solver image Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>	2022-12-21 19:48:11 +01:00
Ashley Davis	31a3edf031	Bump version of contour helm chart + images Also adds a note about how to update the helm chart version, in the future Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-20 16:05:40 +00:00
Ashley Davis	1e419a468f	Enable + use k8s 1.26 for e2e tests by default Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-12-16 17:06:18 +00:00
jetstack-bot	a1391d6995	Merge pull request #5604 from maelvls/upgrade-vault-in-e2e End-to-end tests: use Vault 1.12.1 instead of the outdated Vault 1.2.3	2022-12-13 14:50:30 +00:00
irbekrm	608c3a1df0	Bumps Contour Helm chart version Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:04:18 +00:00
irbekrm	bc70233256	Tests download Gateway installation bundle Rather than whole gateway git repo Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-12-05 15:04:18 +00:00
Maël Valais	f4f72c16e6	e2e: use Vault 1.12.1 instead of the outdated 1.2.3 The main reason for bumping Vault's version is because 1.2.3 is not compatible with the config parameter `disable_iss_validation`, which is needed for accommodating the future tests [1] that rely on bound tokens and static tokens. For context, Vault 1.2.3 was released on Sep 9, 2019 [2] but `disable_iss_validation` was only added on July 21st, 2020 in Vault 1.5.0. Due to a breaking change that happened in Vault 1.5.0 [3] in which Vault started loading the pod's token instead of using the same token (to be reviewed) for authenticating. An alternative solution could have been to prevent the service account from being mounted to the pod, but I figured that having the two service accounts separated is a better practice. [1]: https://github.com/cert-manager/cert-manager/pull/5502 [2]: https://github.com/hashicorp/vault/commit/c14bd9a2 [3]: https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#150 Signed-off-by: Maël Valais <mael@vls.dev>	2022-12-02 16:36:16 +01:00
Ashley Davis	d2aab5f0d3	enable basicConstraints feature in e2e environments by default Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-11-10 13:47:30 +00:00

1 2

95 Commits