weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,152 Commits 45 Branches 0 Tags 96 MiB
96dd8849ca
Commit Graph

2920 Commits

Author SHA1 Message Date
irbekrm
584147df37 Document that pod template spec should be used instead of flags 
For configuring ACME HTTP-01 solver pod

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-08-09 15:26:10 +01:00
jetstack-bot
07677c57bc
Merge pull request #5366 from munnerz/privatekey-regen-test 
Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried
 2022-08-05 16:23:30 +01:00
James Munnelly
7b4d04cdef bugfix: fix issue where CertificateRequests marked InvalidRequest were not properly marked as Failed 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
11ada1d3d3 rename policyEvaluator->BuildReadyConditionFromChain 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
jetstack-bot
ca9e48c7e3
Merge pull request #5323 from JoshVanL/controllers-certificatesigningrequests-selfsigned-no-fail-missing-secret 
[SelfSigned] CertificateSigningRequest: don't mark failed when referenced Secret doesn't exist
 2022-07-21 15:58:56 +01:00
joshvanl
91e0a5ceca TestManyPasswordLengths: pre-create password test cases outside of 
concurrent tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-21 09:30:28 +01:00
joshvanl
bbc6823163 When a CertificateSigningRequest using the SelfSigned issuer references 
a Secret which does not exist, return error, rather than marking the
request as failed.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-20 13:39:11 +01:00
Joe Bowbeer
cbb476929e strengthen securityContexts 
Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>
 2022-07-06 10:47:26 -07:00
jetstack-bot
b84ea96d73
Merge pull request #5194 from Compy/master 
Support secrets for Route53 Access Key IDs
 2022-07-05 12:33:21 +01:00
joshvanl
245746de07 Cleans up the logic for testing that the route53 dns access ID Key secret is valid 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 17:06:44 +01:00
joshvanl
f1d7c43276 Updates wording for aws rout53 dns CRD field comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 17:06:40 +01:00
jetstack-bot
5a4e7654d4
Merge pull request #5097 from lucacome/bump-k8s-deps 
Bump k8s.io dependencies
 2022-07-04 14:44:45 +01:00
irbekrm
bcc691db08 Bump informerResyncPeriod 
As minimum resync period in client-go is 1s. Also makes sure that the tests don't sleep for 'too long'.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-07-04 08:52:02 +01:00
jetstack-bot
5c6bc8fb4e
Merge pull request #5250 from irbekrm/remove_networking_beta 
Removes support for networking/v1beta1 Ingress
 2022-07-01 16:52:38 +01:00
jetstack-bot
d15d2d51ec
Merge pull request #5199 from irbekrm/fix_keyrotation_warning 
Fix keyrotation warning
 2022-06-30 14:14:03 +01:00
irbekrm
1d326af871 Runs ./hack/update-bazel.sh 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-30 10:20:40 +01:00
irbekrm
05a3133b34 Removes support for networking/v1beta1 Ingress 
As the lowest version of Kubernetes that we support now is v1.20 that serves v1 networking

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-30 09:24:59 +01:00
Peter Fiddes
30847edaad
Increase Venafi issuer timeout on retrieving certificate 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2022-06-29 09:51:14 +01:00
jetstack-bot
3ecf7ae5bb
Merge pull request #5239 from oGi4i/issue-4997 
Add private key Ingress annotations to set private key properties for Certificate
 2022-06-28 21:21:23 +01:00
oGi4i
cb2cabb06f
Add private key Ingress annotations to set private key properties for Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-28 17:45:08 +03:00
Ashley Davis
eccde015ac
add CRD generation to makefile, replacing bazel 
- includes a run of make update-crds which causes some trivial changes
- updates version of YQ to latest
- makes hack/update-crds.sh just call make
- makes hack/verify-crds.sh just call make
- moves functionality of hack/verify-crds.sh to hack/check-crds.sh,
  using the makefile for generating alternative CRDs for comparison
- removes the bazel test associated with CRDs

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-27 13:25:18 +01:00
Ashley Davis
22c0f45e22
add a make variant for codegen tools 
- runs "make update-codegen"
- adds codegen verification to make tests
- changes hack/(update|verify)-codegen.sh to just call make
- removes bazel codegen test so it's not automatically run in CI

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-24 09:58:01 +01:00
Ashley Davis
d5ca2585d6
Increase ACME client HTTP timeout to 90s 
This is the final part of implementing
https://github.com/cert-manager/cert-manager/pull/5214

This timeout is shorter than the 2 minute timeout we increased
controllers to - that's because we'd generally expect that controller
sync loops would need to do additional actions before and after making
HTTP requests.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-22 11:35:05 +01:00
Ashley Davis
5ee43c115a
Remove timeouts in ACME logging middleware 
Logging middleware probably isn't the place for this in any case, but
more broadly there's little need to add additional timeouts here since
we have a context timeout configured during issuance and ACME timeouts
configured at the level of the HTTP client we use.

This is the second part of implementing the timeouts proposal from
https://github.com/cert-manager/cert-manager/pull/5214

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-22 11:35:04 +01:00
Ashley Davis
a40fdd64b5
Incease issuer and clusterissuer controller timeouts 
This follows ideas presented in
https://github.com/cert-manager/cert-manager/pull/5214

It might be nice to add these big timeouts globally to all controllers
but we're intentionally keeping these changes small and targeted for now
in order to minimise the risk when backporting these changes.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-22 11:35:00 +01:00
Joost Buskermolen
40bda26e8b
Set static (Cluster)Issuers timeout to 90 seconds 
Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
 2022-06-22 11:16:37 +01:00
Rodrigo Fior Kuntzer
afeb543c3c CertificateRequests controllers must wait for the core secrets informer to be synced 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2022-06-22 07:21:32 +02:00
oGi4i
3148b17fa5
Add revision history limit Ingress annotation to set field on the Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-21 15:12:09 +03:00
Compy
809849ba86 Fixing unit tests around SecretAccessKeyID pointers 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-17 23:45:26 -05:00
Compy
9c47be0964 Changed SecretAccessKeyID member to pointer as it is optional and tagged omitempty. Added issuer tests for access key ID secret validation. Added issuer API validations for AccessKeyID/SecretAccessKeyID. 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-17 22:52:17 -05:00
Joakim Ahrlin
de08109be0 add VerifyCredentials to Venafi issuers setup 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-06-14 12:26:38 +02:00
Compy
561103934d Updating and regenerating CRDs to make SecretAccessKeyID field usage more clear 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-11 10:48:10 -05:00
Compy
2b4333d89f Fixing typo in error message 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-09 22:11:19 -05:00
Compy
5ae36cc396 Enforce validation on either accessKeyID or accessKeyIDSecretRef being specified, but not both. Drop unneeded unit test 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-09 21:18:23 -05:00
Compy
a5d600096f Add unit test for testing access key ID secrets as well as priority when both accessKeyIDSecretRef and accessKeyID are specified 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-09 19:51:10 -05:00
irbekrm
bb124a0f61 Corrects the cert.spec.privateKey path in logs 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-09 15:30:08 +01:00
irbekrm
ede76c3c25 Clarifies the warning if private key cannot be regenerated, but spec has changed 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-09 14:41:35 +01:00
Compy
153e5420cf Add support for pulling Route53/AWS access key IDs out of secrets 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-08 16:33:00 -05:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
Luca Comellini
091549620b
Bump Go to 1.18 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-02 15:50:13 -07:00
Cody W. Eilar
2da5974fb4 Improve logging output for webhook cert renewal 
- Make "cert-manager certificate" explicit in log output
- Include DNSNames for context

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2022-05-24 12:48:45 -07:00
irbekrm
df3bb59af5 Ensure that Venafi client for CSRs gets initialized with metrics 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-16 17:23:33 +01:00
Richard Wall
1ade01f819 Addressed code review feedback and simplified the unit-tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-14 14:24:13 +01:00
Richard Wall
557d14a0cd Refactor the update and updateStatus to a single deferred function 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-12 16:51:30 +01:00
jetstack-bot
4ec33298a2
Merge pull request #5081 from wallrj/3640-cleanup 
Challenge cleanup improvements
 2022-05-05 11:19:28 +01:00
Irbe Krumina
1d917ef311 Revert "Use Apply instead of Update to modify resources in tests" 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-03 11:31:47 +01:00
Richard Wall
6a4fffbedc Test that the cleanup is performed 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 17:51:34 +01:00
Richard Wall
5f867bff37 Use a more reliable check for deletion 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 16:49:23 +01:00