weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,884 Commits 45 Branches 0 Tags 96 MiB
9f36f8984b
Commit Graph

129 Commits

Author SHA1 Message Date
Jonathan Prates
9f36f8984b feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
0569997ede feat: update crds 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
joshvanl
6c5a4897b6 Adds note as to why v1beta1 is still an accepted 
`conversionReviewVersion`

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-28 15:49:50 +01:00
joshvanl
b3ece6708a Adds v1beta1 as a conversionReviewVersion but don't actually support 
it

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-28 15:36:58 +01:00
joshvanl
5680bfd4b3 Change all CRDs to no longer accept v1beta1 conversionReviewVersions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:05:58 +01:00
Inteon
c7d92681b8
add comments 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-13 17:58:28 +02:00
Inteon
0683738458
fix bug & add comment & cleanup 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-13 13:41:37 +02:00
Inteon
043bbd283e
remove helm-specific labels & add version label 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-11 17:42:32 +02:00
ulrich giraud
b9c9231305 vault issuer: specify that the caBundle must be base64-encoded 
Signed-off-by: Ulrich GIRAUD <ulrich.giraud@pole-emploi.fr>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-02 20:54:03 +02:00
jetstack-bot
02d90248de
Merge pull request #4079 from annerajb/support-ed25519 
support-ed25519
 2021-06-15 16:17:53 +01:00
Anner J. Bonilla
9546a357a5
Add support for certificates with ed25519 private keys 
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.

Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-06-14 11:17:35 +01:00
irbekrm
118cfb6029 Remove the defaulting for renewBefore from fuzzer 
We now calculate this default at reneal time

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 15:35:46 +01:00
irbekrm
acd0a98bbb Updates DefaultRenewBefore to state that it is deprecated 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 11:52:54 +01:00
irbekrm
0478bc5ee2 Updates duration and renewBefore field descriptions 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-25 12:56:55 +01:00
Tamal Saha
b1cb6422e4 Use controller-runtime v0.9.0-beta.0 
Signed-off-by: Tamal Saha <tamal@appscode.com>
 2021-05-17 08:11:19 -07:00
Maël Valais
39c9c662f7 controller-gen can now update CRDs like before 
The controller-gen tool is quite rude and won't tell you when one of the
CRD manifests cannot be parsed when the option schemapatch is used. As
an example, the following:

  sed -i 's/RFC8555/RFC8556/g' pkg/apis/certmanager/v1/types_issuer.go
  controller-gen schemapatch:manifests=./deploy/crds output:dir=./deploy/crds paths=./pkg/apis/...

should trigger a change in the crd-clusterissuers.yaml:

  @@ -3184,7 +3184,7 @@ spec:
                 type: object
                 properties:
                   acme:
  -                  description: ACME [...] communicate with a RFC8555
  +                  description: ACME [...] communicate with a RFC8556
                     type: object

Unfortunately, controller-gen v0.2.9-0.20200414181213-645d44dca7c0
silently skips faulty CRD manifests. In our case, the CRD had become a
non-YAML file (we need to use some if statements):

  {{- if .Values.webhook.url.host }}
  url: https://{{ .Values.webhook.url.host }}/convert
  {{- else }}
  service:
    name: {{ template "webhook.fullname" . }}
    namespace: {{ .Release.Namespace | quote }}
    path: /convert
  {{- end }}

Two issues can be found (we can use a YAML parser like yq for that):

1. The pipe "|" used in ".Release.Namespace | quote" makes it an invalid
   YAML file. We could rewrite that to

     {{ quote .Release.Namespace }}

  but I decided to go with actual quotes like with the rest of the
  file.

2. The {{ if }}, {{ else }} and {{ end }} are also invalid YAML syntax,
   and one easy workaround is to comment them.

So many workarounds... but it now works!

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-05-11 17:29:06 +02:00
Jake Sanders
79d8d9cb7b
Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" 
This reverts commit 80f27739b5, reversing
changes made to 96604d02a3.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:25 +01:00
Jake Sanders
8ca19b26f9
Revert "Merge pull request #3946 from inteon/fix_kubectl_apply" 
This reverts commit c7514d9262, reversing
changes made to 49cbedf262.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:18 +01:00
Inteon
b44e347ce1 remove podTemplate field from ACMEChallengeSolverHTTP01Istio 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-30 13:15:01 +02:00
Anton Johansson
96a0859ac7
Add support to allow CRD conversion webhooks from outside of the cluster 
Related to #3876

Signed-off-by: Anton Johansson <hello@anton-johansson.com>
 2021-04-28 12:49:10 +02:00
Inteon
2299e8d8a6 Apply suggestions from code review 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
jetstack-bot
b5be5a8730
Merge pull request #3877 from irbekrm/move_crypto_fork 
Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org
 2021-04-13 13:28:15 +01:00
irbekrm
fc9d966a1c Certificate's revision history limit validated by webhook 
To avoid helm upgrade issues, see https://github.com/jetstack/cert-manager/issues/3880

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 14:59:28 +01:00
irbekrm
d213b4bfdb Standardize deprecation warnings 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 09:38:49 +01:00
irbekrm
09af959071 Issuer's ACME EAB algorithm can no longer be set 
It is hardcoded to HS256 in golang.org/x/crypto

Also, we now use a fork of golang.org/x/crypto
in cert-manager org.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-09 10:28:19 +01:00
jetstack-bot
a8c75fab1a
Merge pull request #3773 from JoshVanL/certificate-revision-history-limit 
Certificate revision history limit
 2021-03-26 11:13:58 +00:00
jetstack-bot
dffbf391db
Merge pull request #3733 from jakexks/renewBefore 
Clarify the default values for the renewBefore and duration fields
 2021-03-24 10:53:46 +00:00
joshvanl
59ca6ca850 Move CertificateRequest revisionHistoryLimit validation to OpenAPI 
validation

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 15:58:14 +00:00
joshvanl
72904ca2c1 Updates CertificateRequest printColumn with a new Denied column 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
fb54272d17 Adds Approved condition status as additionalPrinterColumn for pretty 
printing

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
jetstack-bot
fedea03a16
Merge pull request #3774 from JoshVanL/kubectl-get-cr-username 
Add Requestor to kubectl output, moves Issuer name from wide to default outpt
 2021-03-15 18:00:15 +00:00
joshvanl
d2b98828b3 Adds Username to kubectl get output, moves issuer name from wide to 
default

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 16:52:51 +00:00
joshvanl
e6ece1f36b Updates Issuer CRDs with new ObservedGeneration field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:06:22 +00:00
joshvanl
7146f9702d Adds revisionHistoryLimit field to CRD 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:54:35 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
jetstack-bot
c2634d3538
Merge pull request #3613 from JoshVanL/certificate-condition-observed-generation 
Certificate condition observed generation
 2021-03-08 09:47:45 +00:00
Josh Soref
3b957488c3 spelling: will 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Jake Sanders
e19a9f3800
Add default duration to duration field doc 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-03-04 17:18:33 +00:00
joshvanl
b3cab7e265 Updates the CRDs with the Certificate Condition observedGeneration field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:11 +00:00
Jake Sanders
5aedd544d7
Clarify the default value for the renewBefore field 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-03-04 15:37:47 +00:00
irbekrm
959e581368 Removes implementation-specific comment from api 
Co-authored-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-10 13:29:05 +00:00
irbekrm
59f52139dc Finishes sentences with a full stop 
Co-authored-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-10 09:43:34 +00:00
irbekrm
863c709a19 Removes minimum and maximum fields from Certificate CRD 
This was done to fix Helm data type conversion problem- see issue #3644 for more context

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-09 17:08:29 +00:00
joshvanl
46d4e61a18 Updates CRDs to include new identity fields to CertificateRequests 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:23:52 +00:00
jetstack-bot
35febb1717
Merge pull request #3505 from hugoboos/ocsp-server 
Add option to specify OCSP server #3497
 2021-02-05 11:27:37 +00:00
jetstack-bot
4fe609156b
Merge pull request #3538 from chulkilee/patch-1 
Fix comments for docs on types_certificate.go
 2021-02-03 15:09:11 +00:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
Chulki Lee
e90b494da6 Fix go comments for API docs 
- Use backticks, not single/double quotes for enum values
- Fix allowed values
- Remove unnecessary quote

Signed-off-by: Chulki Lee <chulki.lee@gmail.com>
 2021-01-22 20:21:19 +09:00