weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,253 Commits 45 Branches 0 Tags 96 MiB
9b90f50be8
Commit Graph

877 Commits

Author SHA1 Message Date
jetstack-bot
9b90f50be8
Merge pull request #6549 from SgtCoDFish/standalone-apicheck 
Add separate startupapicheck binary
 2024-01-03 11:12:22 +00:00
Tim Ramlot
646a0698b6
undo docs change 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 10:56:18 +01:00
Tim Ramlot
2882d4a0c7
make fix more general (eg. support levels > 5) 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 10:52:59 +01:00
ChrisDevo
449fb81595
Fix comment about allowed logLevel values (see: pkg/logs/logs.go#L44-49) 
Signed-off-by: ChrisDevo <chris.devine@berkeley.edu>
 2024-01-03 10:39:02 +01:00
ChrisDevo
519197b511
Improve parsing of helm global.logLevel (only accept integers 0-5, inclusive) 
Signed-off-by: ChrisDevo <chris.devine@berkeley.edu>
 2024-01-03 10:39:02 +01:00
Ashley Davis
b3b14fda41
add separate startupapicheck binary 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-01-02 17:17:50 +00:00
dylanhitt
751ca52626 docs: declare updated kube version in artifact hub doc 
Signed-off-by: Dylan Hitt <dylan.hitt1@gmail.com>
 2023-12-28 22:44:46 -05:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
Avi Sharma
c72fc28773 Fix controller feautregates config in helm 
Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>
 2023-11-17 21:38:44 +05:30
Richard Wall
a2ca3c714f Enable verbose logging in startupapicheck by default 
So that if it fails, users can know exactly what caused the failure.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-11-17 09:09:41 +00:00
Jeremy Campbell
dc876fef16
Add x509 v3 CA Issuers Extension 
Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>
 2023-11-16 12:45:16 -06:00
jetstack-bot
b0ed333413
Merge pull request #6459 from shlomitubul/master 
feat(helm) Add support for PodMonitor
 2023-11-16 14:45:00 +01:00
Richard Wall
a0e5afc0f4 Increase the webhook timeout to its maximum value 
Users sometimes report that the connection between the K8S API server and the
cert-manager webhook server times out.

But the error message is often only "context deadline exceeded",
which doesn't help the user know what phase of the HTTPS connection timed out.

It could be during DNS resolution, TCP connection, TLS negotiation, HTTP channel
negotiation, or slow HTTP response from the webhook server.

So this change increases the context timeout to its maximum value
so that the underlying timeout error message has more chance of being returned to the end user.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-11-15 17:54:43 +00:00
Richard Wall
8eb547d9cb Remove redundant / misleading runAsNonRoot examples from values.yaml 
`runAsNonRoot` is already set to true in the *Pod*SecurityContext,
so there isn't really any reason to set it at the Container SecurityContext too.

Having it in the example values.yaml file gives the misleading impression that
runAsNonRoot is not the default.

 * https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-31 11:08:54 +00:00
jetstack-bot
32418051c3
Merge pull request #6460 from erikgb/helm-ca-injector-feature-gates 
feat(helm): allow configuration of cainjector feature gates
 2023-10-31 11:39:20 +01:00
Richard Wall
6d206795c7 Enable readOnlyRootFilesystem by default 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-31 09:55:23 +00:00
Erik Godding Boye
af3e88c6da
feat(helm): allow configuration of cainjector feature gates 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2023-10-31 10:54:17 +01:00
ShlomiTubul
0a16c4ecd2 feat(helm) Add support for PodMonitor 
Signed-off-by: ShlomiTubul <shlomi.tubul@placer.ai>
 2023-10-30 22:38:09 +02:00
ABWassim
5ab8a6b71c fix(helm): templating of required value in controller and webhook configmaps 
Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>
 2023-10-23 09:23:51 +02:00
Zois Pagoulatos
c4986a93c8
Fix typo in values.yml 
Affinty -> Affinity

Signed-off-by: Zois Pagoulatos <zpagoulatos@hotmail.com>
 2023-10-14 16:10:07 +02:00
Ashley Davis
c56a2fb8a1
Merge pull request #6345 from inteon/config_cainjector 
Introduce config file for cainjector options
 2023-10-05 13:44:47 +01:00
Arin
5235391917 closes #6346 
Signed-off-by: Arin <136636751+asapekia@users.noreply.github.com>
 2023-10-01 00:04:37 +05:30
Tim Ramlot
919f809325
add config option in Helm chart 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-28 12:56:11 +02:00
jetstack-bot
8aafddb974
Merge pull request #6328 from inteon/add_clock_health 
Add health probe that detects skew between system clock and monotonic go process clock
 2023-09-27 11:37:11 +02:00
jetstack-bot
8c0462bc35
Merge pull request #6360 from ABWassim/helm-improvement-webhook-configmap 
improvement(helm): fixed empty webhook configmap + refactored
 2023-09-25 20:18:47 +02:00
ABWassim
16191e6bcc improvement(helm): fixed empty webhook configmap + refactored 
Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>
 2023-09-25 16:54:13 +02:00
ABWassim
77fcb7d2a6 improvement(helm): fixed empty controller configmap + refactored 
Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>
 2023-09-25 12:09:18 +02:00
Tim Ramlot
5d876c5b91
improvements based on PR feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-20 18:23:13 +02:00
jetstack-bot
666e073040
Merge pull request #6330 from inteon/helm_image_options 
HELM: add options for configuring image
 2023-09-19 19:06:48 +02:00
Tim Ramlot
8d75a003e9
add health probe that detects skew between 'real' system clock and 'monotonic' internal clock 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-14 13:55:44 +02:00
Tim Ramlot
9749f1253d
upgrade dependencies 
Co-authored-by: Paul Merrison <paul@tetrate.io>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-12 11:38:10 +02:00
Tim Ramlot
4edfe0e177
HELM: add options for configuring image 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-11 16:53:38 +02:00
jetstack-bot
d03c56f670
Merge pull request #6311 from hawksight/pf/scoped-mutation 
cleanup: Scope mutating webhook to only certificaterequest resources
 2023-09-05 19:50:21 +02:00
Peter Fiddes
45c4545174 cleanup: remove unecessary UPDATE for mutating webhook 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2023-09-05 14:43:48 +01:00
Tim Ramlot
468b970f81
run make update-crds 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 12:21:42 +02:00
Peter Fiddes
c77438c907 cleanup: remove acme api as it has no certificaterequest resources 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2023-08-31 08:30:47 +01:00
Peter Fiddes
b3443073fc fix: Scope mutating webhook to only certificaterequest resources 
Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>
 2023-08-30 15:49:37 +01:00
Gerald Pape
949792396c
Make enableServiceLinks configurable for DeploymentLikes 
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
 2023-08-23 14:44:31 +02:00
Erik Godding Boye
68568a8a55
feat: add view permission to all cert-manager resources to the cluster-reader aggregated cluster role 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2023-08-21 09:42:26 +02:00
Tim Ramlot
f50167ce31
restructure the controller configfile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-10 11:30:33 +02:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
jetstack-bot
cabc05824a
Merge pull request #6156 from kahirokunn/host-network-dns-policy 
chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet.
 2023-07-27 10:20:07 +02:00
jetstack-bot
615422b5bf
Merge pull request #6087 from rouke-broersma/patch-1 
fix: maxUnavailable pdb configuration cannot be used due to default set minAvailable
 2023-07-25 13:48:35 +02:00
arukiidou
740a4760b1
Update Chart.template.yaml 
add apache 2.0 license

Signed-off-by: arukiidou <arukiidou@yahoo.co.jp>
 2023-07-19 21:54:04 +09:00
jetstack-bot
e9e054b863
Merge pull request #6220 from giantswarm/webhook-netpol-indentation 
Fix indentation of Webhook NetworkPolicy matchLabels
 2023-07-18 09:55:23 +02:00