weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,068 Commits 45 Branches 0 Tags 96 MiB
95a66c25fe
Commit Graph

728 Commits

Author SHA1 Message Date
jetstack-bot
b84ea96d73
Merge pull request #5194 from Compy/master 
Support secrets for Route53 Access Key IDs
 2022-07-05 12:33:21 +01:00
joshvanl
f1d7c43276 Updates wording for aws rout53 dns CRD field comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 17:06:40 +01:00
Luca Comellini
aaa513de00
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-30 15:16:14 -07:00
Ashley Davis
eccde015ac
add CRD generation to makefile, replacing bazel 
- includes a run of make update-crds which causes some trivial changes
- updates version of YQ to latest
- makes hack/update-crds.sh just call make
- makes hack/verify-crds.sh just call make
- moves functionality of hack/verify-crds.sh to hack/check-crds.sh,
  using the makefile for generating alternative CRDs for comparison
- removes the bazel test associated with CRDs

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-27 13:25:18 +01:00
Compy
561103934d Updating and regenerating CRDs to make SecretAccessKeyID field usage more clear 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-11 10:48:10 -05:00
Compy
b9500d4364 Update CRD documentation to be a bit clearer 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-11 09:42:15 -05:00
irbekrm
6fcb3aacb2 Reverts additional check for ServiceMonitor. 
Reverts a check for whether Prometheus monitoring api resources have been
deployed before creating a ServiceMonitor as enforces dependency order
which does not fit installation model using GitOps tools as discussed in
https://github.com/cert-manager/cert-manager/pull/4844

This reverts commit f2f771fc93.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-10 11:51:47 +01:00
Compy
153e5420cf Add support for pulling Route53/AWS access key IDs out of secrets 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-08 16:33:00 -05:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
jetstack-bot
18cb322403
Merge pull request #5141 from andrewgkew/deployment-namespace-override 
Adding a namespace override for k8s resources
 2022-06-08 14:51:08 +01:00
Andrew Kew
bbdb043510 Adding new line to the end helpers file 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-06-07 16:25:33 +01:00
Ashley Davis
32b448c5ea
add URL for cert-manager website to chart, update logo URL 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-05-30 17:28:24 +01:00
Andrew Kew
e19ae66017 Adding link to the problem that has been identified in helm around sub charts and setting of namespaces 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-05-20 16:11:56 +01:00
Andrew Kew
b7700289f0 Refactored the namespace override and moved it into helper script so it can be updated in single place, then found more files that needed the value updated 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-05-20 12:39:44 +01:00
Andrew Kew
488b015b8d Added a namespace override so that the namespace where the services are deployed into can be set. Helpful when using this chart as a dependency (sub chart) 
Signed-off-by: Andrew Kew <andrew@quadcorps.co.uk>
 2022-05-19 17:31:55 +01:00
Craig Minihan
8748abde93 Set the startupapicheck nodeSelector to linux 
Signed-off-by: Craig Minihan <craig@ripcordsoftware.com>
 2022-05-17 17:41:31 +01:00
irbekrm
db8c6999a8 Remove leftover cainjector annotations from our CRDs 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-09 17:24:30 +01:00
Dean Coakley
5e4e66e3d9 Update minimum version constraint to be 1.19.0-0 
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2022-04-29 17:28:40 +01:00
Dean Coakley
894643fe88 Add minimum kubernetes version constraint to chart 
Ref: https://cert-manager.io/docs/installation/supported-releases/
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2022-04-29 17:25:08 +01:00
jetstack-bot
3897556ccc
Merge pull request #4721 from Dean-Coakley/remove-securityContext-enabled 
Remove `securityContext.enabled` from helm chart
 2022-04-28 17:39:24 +01:00
jetstack-bot
fb3f6829bd
Merge pull request #5018 from SgtCoDFish/imgloc 
Fix old logo location in helm chart
 2022-04-08 10:11:37 +01:00
jetstack-bot
d212165c8d
Merge pull request #5016 from sveba/master 
explicitly mount service-account-token in deployment
 2022-04-05 22:15:48 +01:00
Ashley Davis
248e2cce66
fix old logo location in helm chart 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-04-05 20:26:08 +01:00
Svetoslav Batchovski
d843a25202 Explicitly mount service-account-token in deployment 
Signed-off-by: Svetoslav Batchovski <svetoslav@batchovski.de>
 2022-04-05 19:16:12 +02:00
Jake Sanders
0d88032850
Remove OWNERS from helm chart 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-04-05 16:46:57 +01:00
joshvanl
67afcb2d6c Add patch permissions to challenges/status 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
jetstack-bot
86ad9962a3
Merge pull request #4967 from maelvls/gwapi-v1alpha2-optional-labels 
Gateway API: with v1alpha2, the labels have become optional
 2022-03-30 15:11:33 +01:00
jetstack-bot
00938dfa4c
Merge pull request #3605 from mikebryant/3601-default-nodeselector-linux 
fix: Set default nodeSelector to linux
 2022-03-30 13:38:33 +01:00
Jake Sanders
b72db63761
Change label description for HTTP-01 Gateway API solver and fix tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:52:34 +01:00
jetstack-bot
e116d416f3
Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders 
Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate
 2022-03-28 13:11:31 +01:00
jetstack-bot
be15ce2279
Merge pull request #4953 from ajvn/feature/allow-privilege-escalation 
update: Setting allowPrivilegeEscalation to false
 2022-03-22 11:01:47 +00:00
jetstack-bot
ca32961253
Merge pull request #4772 from irbekrm/exp_backoff 
Exponential backoff for retrying failed certificate issuances
 2022-03-21 20:31:23 +00:00
Maël Valais
4b3af946db gateway-api: with v1alpha2, the labels have become optional 
Previously, in v1alpha1, an HTTPRoute was matched to a Gateway using
the label selectors present on the Gateways. For example, with the
following Gateway:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: Gateway
  metadata:
    name: acmesolver
  spec:
    listeners:
      - protocol: HTTP
        port: 80
        routes:
          kind: HTTPRoute
          selector:
            matchLabels:
              app: foo

you would have to use the following labels on the HTTPRoute in order to
get the above Gateway to be used:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: HTTPRoute
  metadata:
    labels:
      app: foo

With v1alpha2, the label selectors have been dropped. Instead, the
HTTPRoute has to give a direct reference to the Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: HTTPRoute
    spec:
      parentRefs:
        - kind: Gateway
          name: acmesolver
          namespace: traefik

This means that the "labels" field on the gatewayHTTPRoute solver is now
optional:

    apiVersion: cert-manager.io/v1
    kind: Issuer
    spec:
      acme:
        solvers:
          - http01:
              gatewayHTTPRoute:
                labels:              | This field is
                  app: test          | now optional.
                parentRefs:
                  - kind: Gateway
                    name: acmesolver

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-21 17:39:10 +01:00
Ivan
5c857d3737 update: Setting allowPrivilegeEscalation to false for controller, cainjector, webhook containers and for startupapicheck job 
Signed-off-by: Ivan <ivans@vaskir.co>
 2022-03-21 17:17:28 +01:00
Andrea Decorte
f6d8c4fb5b Add permissions to update certificates/status to allow namespace admins to renew manually a Certificate. Fixes #4954 
Signed-off-by: Andrea Decorte <adecorte@gmail.com>
 2022-03-21 12:08:11 +01:00
jetstack-bot
3266d13578
Merge pull request #4937 from illrill/feature/optional-rbac-aggregation 
Make aggregation to user-facing ClusterRoles optional
 2022-03-21 09:00:23 +00:00
irbekrm
dbad3d98f3 Rename issuanceAttempts -> failedIssuanceAttempts 
In an attempt to convey the meaning of the field better

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
affb5e86ef Adds IssuanceAttempts field to Certificate's status 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
Erik Godding Boye
94d1149760 docs: improve featureGates Helm chart value documentation 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2022-03-15 21:28:46 +01:00
jetstack-bot
8179f68050
Merge pull request #4932 from 4molybdenum2/service-account-labels-helm 
support serviceAccount.Labels in Helm chart
 2022-03-15 17:44:50 +00:00
Tathagata Paul
7161870cea minor commenting fixes 
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
 2022-03-15 17:42:47 +05:30
Tathagata Paul
67ed2ffd26 added optional labels for webhook, startupapicheck and cainjector service accounts 
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
 2022-03-11 22:00:25 +05:30
jetstack-bot
8ebd63c7e9
Merge pull request #4913 from jahrlin/validate-privatekey-rotationpolicy 
add validation for certificate.spec.privateKey.rotationPolicy
 2022-03-11 13:28:35 +00:00
Richard Johansson
edf38b66c2 Make aggregation to user-facing ClusterRoles optional 
Signed-off-by: Richard Johansson <richard.jimmy.johansson@gmail.com>
 2022-03-10 15:50:32 +01:00
David Bond
4a4dd03245
Switch leader election to use Lease objects 
Previously, cert-manager supported both ConfigMap & Lease objects for leader election. This commit modifies
the leader-election code to now solely use Lease objects in both the controller & ca-injector. The related
RBAC for ConfigMap resources has also been removed.

This change means that you cannot upgrade to the version containing this commit from cert-manager 1.3.

Related to #3766

Signed-off-by: David Bond <davidsbond93@gmail.com>
 2022-03-10 12:38:50 +00:00
Tathagata Paul
25d2def9b6 support serviceAccount.Labels in Helm chart 
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
 2022-03-10 15:16:53 +05:30
Joakim Ahrlin
f5275cf1cc add enum for rotationPolicy 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-03 16:31:23 +01:00
Jake Sanders
cfb1406742
Update RBAC for the new gateway API's apiGroup 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:24 +00:00
Joakim Ahrlin
eb64e6494c
update deps and BUILD files 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-01 15:05:18 +00:00
jetstack-bot
10c5d72279
Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests 
Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate
 2022-02-16 10:57:37 +00:00