weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,826 Commits 45 Branches 0 Tags 96 MiB
948a2cf77c
Commit Graph

50 Commits

Author SHA1 Message Date
James Munnelly
948a2cf77c Add more OWNERS files with auto-labels 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-24 19:38:31 +00:00
James Munnelly
8840925e3e Fix append in CA issue function 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-09 11:39:48 +00:00
Mike Bryant
4fa6d9775c feat: Include entire certificate chain if provided 
Allow a user to provide an entire certificate chain to the ca issuer. Include that chain in all generated certificates

Signed-off-by: Mike Bryant <m@ocado.com>
 2019-01-09 11:39:48 +00:00
James Munnelly
0fcc0c666c Update copyright header year 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-07 15:07:55 +00:00
James Munnelly
943e545697 Switch issuer.Issue to return a pointer and fix up setting secret fields 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-30 11:47:08 +00:00
James Munnelly
f8fe9ef21f Remove requeue option and fix small race in controllers 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-29 12:23:21 +00:00
James Munnelly
dc97dde2ef Make Certificate Ready condition behaviour consistent between all issuer types 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-28 17:00:51 +00:00
James Munnelly
cf402848b9 Add RSA/ECDSA unit tests for CA issuer 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-07 11:14:54 +00:00
jetstack-bot
9eab875005
Merge pull request #967 from munnerz/unused-args 
Remove unused arg from GenerateTemplate
 2018-10-16 14:36:36 +01:00
James Munnelly
03c6f1229f Remove unused arg from GenerateTemplate 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-16 12:29:38 +01:00
James Munnelly
7f6d658ee0 Tidy up CA Issuer's use of status conditions 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:01:06 +01:00
James Munnelly
039a086f58 run //hack:update-bazel 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:40 +01:00
James Munnelly
847d0c6152 Refactor controllers to return Response structures 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:38 +01:00
Max Ehrlich
58efbc068c
Update CA issuer to return the CA cert pem 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-13 17:07:14 -04:00
James Munnelly
db65d6a170 run //hack:update-bazel 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-09-13 11:24:48 +01:00
James Munnelly
51195e4c5f Update license header and add header to every file 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 15:53:37 +01:00
James Munnelly
3f325d1659 Update CA issuer 2018-08-07 16:13:46 +01:00
James Munnelly
fcf812c654 Add OWNERS files to auto-label PRs. Mark apis directory as requiring a review by @munnerz. 2018-07-26 13:01:58 +01:00
Afolabi Badmos
445e522432 Add support for EC keys 
- This PR adds two fields to CertificateSpec:
  - `keyAlgorithm`, denotes which algorithm to use when generating
    a private key. Can be either `rsa` or `ecdsa`. When not set, the
    default algorithm used `rsa`.
  - `keySize`, denotes the key size of the private key being generated.
    For `rsa`, minimum key size is 2048 and maximum is 8192.
    For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
    See https://golang.org/pkg/crypto/elliptic

- `keySize` can be set without being explicit about `keyAlgorithm`.
  - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
    be used as the key algorithm.

- `keyAlgorithm` can be set without being explicit about `keySize`.
  - If `keyAlgorithm` is specified and `keySize` is not provided, key size
    key size of `256` will be used for `ecdsa` key algorithm and
    key size of `2048` will be used for `rsa` key algorithm.

- helper functions in `pki` package now return crypto.PrivateKey
 2018-07-17 12:42:07 -04:00
James Munnelly
1fd8cdf13e Create common GenerateCSR and GenerateTemplate methods for creating Certificate/CertificateRequest 2018-06-08 15:15:27 +01:00
Tim
54067d5446
Add Key Encipherment bit to Key Usage extension 
Google Chrome rejects the certificate for SSL connections if the Key Usage extension does not include the keyEncipherment purpose.
 2018-04-17 16:25:10 -07:00
James Munnelly
f1b3b4b962 Update CA issuer witih changes to UpdateStatusCondition 2018-04-09 15:43:26 +01:00
James Munnelly
f2ddd1d111 Change DNSNames/CommonNameForCertificate function to not return an error 2018-04-04 23:37:37 +01:00
William Johansson
6ff1746898 Bundle the CA public key in issued certificate 
If the CA used is only an intermediate CA, and the root CA is trusted by
the client, the client needs help verifying the certificate chain.
 2018-02-18 21:28:22 +01:00
James Munnelly
7f656f9ed4 Update CA issuer 2017-11-04 00:12:33 +00:00
James Munnelly
fa7e052ac1 Move to github.com/jetstack/cert-manager repo 2017-11-03 16:41:39 +00:00
James Munnelly
6bd606a7ce Fix ClusterIssuers. Update test name. Add comments. 2017-11-03 15:51:34 +00:00
James Munnelly
eb4be6859e Update controllers and issuers for new SharedInformerFactory 2017-11-03 15:26:19 +00:00
James Munnelly
7875268247 Fix imports 2017-11-03 14:48:41 +00:00
James Munnelly
a4a40bdf2d Fix checking for invalid data in issuer secrets 2017-10-26 22:47:17 +01:00
James Munnelly
59e2af767a Perform Issuer/ClusterIssuer status updates in controller 2017-10-16 12:59:46 +01:00
James Munnelly
9d933d9e11 Only update certificate status in the controller package to stop conflicts 2017-10-13 20:15:29 +01:00
James Munnelly
2600cb8e14 Fix up altName->dnsName change 2017-10-13 14:04:14 +01:00
James Munnelly
a4b1d346c7 Fix invalid check for empty certificate domains 2017-10-13 13:05:21 +01:00
James Munnelly
489f073d3a Require altName or subject name are specified in CA issuer 2017-10-13 12:52:36 +01:00
James Munnelly
187e91f9ae Default commonName to first altName if not specified 2017-10-13 12:50:07 +01:00
James Munnelly
f8107e6fcc Use CommonName and AltNames fields on Certificate resource 2017-10-13 12:50:07 +01:00
James Munnelly
a2d9733f21 Update implementation for new field names/types 2017-10-13 11:43:52 +01:00
James Munnelly
cd4b482410 Check Secret namespace in ClusterIssuer checks. Add TODO. 2017-09-22 09:52:09 +01:00
James Munnelly
7fffd67c86 Fix issuer CA for ClusterIssuer resources 2017-09-22 09:39:03 +01:00
James Munnelly
dc608f709d Support Certificates referencing ClusterIssuers 2017-09-22 01:46:05 +01:00
James Munnelly
7c425ee86f Switch issuer implementations to use GenericIssuer 2017-09-21 23:27:41 +01:00
James Munnelly
c4980baaca Use context throughout issuer implementation 2017-09-21 20:45:43 +01:00
James Munnelly
d506d35cf1 Don't log issuance & renew success/failure twice 2017-09-11 10:47:59 +01:00
James Munnelly
bef938454b Fix passing public key to obtainCertificate 2017-09-11 10:47:59 +01:00
James Munnelly
87df7a0d81 Update CA issuer to log to Event Recorder 2017-09-11 10:47:59 +01:00
James Munnelly
e26ddc8307 Fix UpdateStatusCondition call 2017-09-11 10:47:58 +01:00
James Munnelly
54a850383f Use SecretTLSKey/SecretTLSCert functions 2017-09-11 10:47:58 +01:00
James Munnelly
ae3171b8bf Add initial CA issuer work 2017-09-11 10:47:58 +01:00
James Munnelly
92d4fef10e Update k8s.io dependencies. Update to new DeepCopy generator. 2017-07-22 13:47:38 +01:00