weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,260 Commits 45 Branches 0 Tags 96 MiB
964f4bbd8d
Commit Graph

1299 Commits

Author SHA1 Message Date
joshvanl
e804431dba Fire event for informational purposes when the CertificateRequest has not yet been approved. 
Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-10-23 18:04:58 +01:00
jetstack-bot
277bcfc305
Merge pull request #5504 from sathyanarays/nit_fix 
[NIT] Changing variable name to denote right type
 2022-10-14 17:17:30 +01:00
jetstack-bot
da3265115b
Merge pull request #5387 from Tolsto/vault-ca-bundle-secret-ref 
Add option to load Vault CA bundle from Kubernetes Secret
 2022-10-13 09:55:09 +01:00
Sathyanarayanan Saravanamuthu
1bc773cbcf [NIT] Changing variable name to denote right type 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-12 13:41:23 +05:30
Sathyanarayanan Saravanamuthu
204fa78dd8 [NIT] Changing variable name to denote right type 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-12 13:37:35 +05:30
Sathyanarayanan Saravanamuthu
2969202fe2 Addressing review comments 
Co-authored-by: Cody W Eilar <ecody@vmware.com>

Signed-off-by: Cody W Eilar <ecody@vmware.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-11 17:22:38 +05:30
Sathyanarayanan Saravanamuthu
40947b0ef4 Generate Certificate Request with predictable name 
Co-authored-by: Cody W Eilar <ecody@vmware.com>

Signed-off-by: Cody W Eilar <ecody@vmware.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-11 17:01:26 +05:30
Tim Ramlot
e917e4a103
log more information on why the get CertificateRequest request failed 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-10-05 18:53:53 +02:00
Tim Ramlot
39fa9f51b4 upgrade dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-09-26 11:43:12 +02:00
Renato Costa
162777aab2 Fix incorrect uses of loop variable 
This fixes two instances where loop variables were being incorrectly
used:

- using a loop variable in a closure passed to `ginkgo.It()` is
incorrect, as the capture happens by reference and only the last test
case will be executed (multiple times).
- a similar issue happens in the context of a goroutine; specifically,
we need to create a copy of the `runDurationFunc` before calling it in
a goroutine as done by the controller's `Run` function.

With regards to the second issue, I believe it never came to the
surface because, in production code, only one `runDurationFunc` is
passed; tests don't exercise the multiple funcs path either.

Issues were automatically found with the `loopvarcapture` linter.

Signed-off-by: Renato Costa <renato@cockroachlabs.com>
 2022-08-26 15:08:30 -04:00
jetstack-bot
12f98dbc7e
Merge pull request #5376 from inteon/upgrade_gateway_api 
Upgrade gateway api to v0.5.0
 2022-08-25 16:08:10 +01:00
jetstack-bot
d1a8f7f52d
Merge pull request #5336 from JoshVanL/controllers-certificaterequests-secrets-informer 
CertificateRequest: re-sync SelfSigned CertificateRequest when target Secret is informed.
 2022-08-23 16:46:23 +01:00
Nils
81e6c24293 fixup! Add option to load Vault CA bundle from Kubernetes Secret 
Co-authored-by: Josh van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-21 07:41:15 +03:00
joshvanl
7b168cc059 Updates selfsigned CertificateSigningRequest controller with new Secret 
informer, and no longer mark the request as Failed when the private key
Secret is malformed. This behaviour matches the CertificateRequest
self signed controller.

Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-09 11:16:10 +01:00
joshvanl
fc9554a617 Adds secret handler function for selfsigned CertificateSigningRequest 
controller, which re-syncs requests which reference the Secret via the
`experimental.cert-manager.io/private-key-secret-name` annotation.

Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-09 11:14:22 +01:00
joshvanl
b03e6f11f5 Updates ACME CertificateSigningRequest for new informer registration 
format

Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-09 11:13:29 +01:00
joshvanl
dfd1e512d8 Update CertificateSigningRequest controller to accept a list of 
RegisterExtraInformerFn, which control the extra informers.

Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-09 11:12:41 +01:00
joshvanl
ccf579cf31 Adds extra informer for the CertificateRequest SelfSigned controller, 
so that CertificateRequets will be re-synced on informed Secrets which
are referenced with "cert-manager.io/private-key-secret-name"

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-08-09 08:39:50 +01:00
Tim Ramlot
836793e7e3 upgrade gateway api to v0.5.0 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-08 08:52:59 +00:00
jetstack-bot
07677c57bc
Merge pull request #5366 from munnerz/privatekey-regen-test 
Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried
 2022-08-05 16:23:30 +01:00
James Munnelly
7b4d04cdef bugfix: fix issue where CertificateRequests marked InvalidRequest were not properly marked as Failed 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
11ada1d3d3 rename policyEvaluator->BuildReadyConditionFromChain 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
jetstack-bot
ca9e48c7e3
Merge pull request #5323 from JoshVanL/controllers-certificatesigningrequests-selfsigned-no-fail-missing-secret 
[SelfSigned] CertificateSigningRequest: don't mark failed when referenced Secret doesn't exist
 2022-07-21 15:58:56 +01:00
joshvanl
91e0a5ceca TestManyPasswordLengths: pre-create password test cases outside of 
concurrent tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-21 09:30:28 +01:00
joshvanl
bbc6823163 When a CertificateSigningRequest using the SelfSigned issuer references 
a Secret which does not exist, return error, rather than marking the
request as failed.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-20 13:39:11 +01:00
jetstack-bot
5a4e7654d4
Merge pull request #5097 from lucacome/bump-k8s-deps 
Bump k8s.io dependencies
 2022-07-04 14:44:45 +01:00
irbekrm
bcc691db08 Bump informerResyncPeriod 
As minimum resync period in client-go is 1s. Also makes sure that the tests don't sleep for 'too long'.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-07-04 08:52:02 +01:00
jetstack-bot
5c6bc8fb4e
Merge pull request #5250 from irbekrm/remove_networking_beta 
Removes support for networking/v1beta1 Ingress
 2022-07-01 16:52:38 +01:00
jetstack-bot
d15d2d51ec
Merge pull request #5199 from irbekrm/fix_keyrotation_warning 
Fix keyrotation warning
 2022-06-30 14:14:03 +01:00
irbekrm
1d326af871 Runs ./hack/update-bazel.sh 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-30 10:20:40 +01:00
irbekrm
05a3133b34 Removes support for networking/v1beta1 Ingress 
As the lowest version of Kubernetes that we support now is v1.20 that serves v1 networking

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-30 09:24:59 +01:00
oGi4i
cb2cabb06f
Add private key Ingress annotations to set private key properties for Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-28 17:45:08 +03:00
Ashley Davis
a40fdd64b5
Incease issuer and clusterissuer controller timeouts 
This follows ideas presented in
https://github.com/cert-manager/cert-manager/pull/5214

It might be nice to add these big timeouts globally to all controllers
but we're intentionally keeping these changes small and targeted for now
in order to minimise the risk when backporting these changes.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-22 11:35:00 +01:00
Joost Buskermolen
40bda26e8b
Set static (Cluster)Issuers timeout to 90 seconds 
Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
 2022-06-22 11:16:37 +01:00
Rodrigo Fior Kuntzer
afeb543c3c CertificateRequests controllers must wait for the core secrets informer to be synced 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2022-06-22 07:21:32 +02:00
oGi4i
3148b17fa5
Add revision history limit Ingress annotation to set field on the Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-21 15:12:09 +03:00
irbekrm
bb124a0f61 Corrects the cert.spec.privateKey path in logs 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-09 15:30:08 +01:00
irbekrm
ede76c3c25 Clarifies the warning if private key cannot be regenerated, but spec has changed 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-09 14:41:35 +01:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
irbekrm
df3bb59af5 Ensure that Venafi client for CSRs gets initialized with metrics 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-16 17:23:33 +01:00
Richard Wall
1ade01f819 Addressed code review feedback and simplified the unit-tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-14 14:24:13 +01:00
Richard Wall
557d14a0cd Refactor the update and updateStatus to a single deferred function 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-12 16:51:30 +01:00
jetstack-bot
4ec33298a2
Merge pull request #5081 from wallrj/3640-cleanup 
Challenge cleanup improvements
 2022-05-05 11:19:28 +01:00
Irbe Krumina
1d917ef311 Revert "Use Apply instead of Update to modify resources in tests" 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-03 11:31:47 +01:00
Richard Wall
6a4fffbedc Test that the cleanup is performed 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 17:51:34 +01:00
Richard Wall
5f867bff37 Use a more reliable check for deletion 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 16:49:23 +01:00
jetstack-bot
eb76f331ad
Merge pull request #5077 from irbekrm/tests_apply 
Use Apply instead of Update to modify resources in tests
 2022-04-29 13:23:00 +01:00
jetstack-bot
31d0c3ab41
Merge pull request #5051 from wallrj/3640-set-and-consume-challenge-finalizer-in-one-place 
Set the challenge cleanup finalizer in the Sync function
 2022-04-28 15:43:24 +01:00