weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,901 Commits 45 Branches 0 Tags 96 MiB
a819025a4b
Commit Graph

7901 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Ramlot
a819025a4b
the chart will now disallow you to specify both the minAvailable and maxUnavailable values without issues 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-14 16:43:32 +02:00
Rouke Broersma
314163d461
Document that maxUnavailable takes precedence over minAvailable 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
29c270cf79
Fix conditions if maxUnavailable 0 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
5c5b1c6551
Fix pdb conditions 
Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
773afd3da4
Allow maxUnavailable in certmanager pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
eb2b4d8fbc
Allow maxUnavailable in webhook pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Rouke Broersma
659c95e202
Allow maxUnavailable in cainjector pdb 
Signed-off-by: Rouke Broersma <mobrockers@gmail.com>
 2023-07-14 16:16:32 +02:00
Ashley Davis
a76003f737
Merge pull request #6056 from inteon/improve_pki_webhook 
Improve CertificateRequest's CSR validation code
 2023-07-11 16:31:37 +01:00
jetstack-bot
e36a8c3b43
Merge pull request #6206 from inteon/remove_vcert_fork 
Remove VCert fork dependency replace statement
 2023-07-10 13:14:10 +02:00
Tim Ramlot
4d7f6281d0
use pki validation code for CSR validation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-10 12:48:12 +02:00
Tim Ramlot
90f84b9c40
remove VCert fork dependency replace statement 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-10 11:26:16 +02:00
jetstack-bot
22c64abd02
Merge pull request #6204 from inteon/move_framework 
REVERT: Move e2e framework back to e2e module
 2023-07-10 10:30:14 +02:00
Tim Ramlot
7098c25a55
move e2e framework back to e2e module 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-07 19:26:10 +02:00
jetstack-bot
843deed22f
Merge pull request #6199 from inteon/add_validation_to_pki 
Add validation to pki CertificateTemplate functions
 2023-07-07 09:32:14 +02:00
Tim Ramlot
dcf3c99e63
fix Kubernetes CSR tests, making sure the Usages match what is encoded in the CSR blob 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
jetstack-bot
914944c020
Merge pull request #6176 from inteon/reconcile_managed_annotations_and_labels 
Reconcile when managed annotations/ labels are out-of-sync
 2023-07-04 11:55:29 +02:00
Tim Ramlot
bfa61c7804
add comments explaining what the label and annotation checks do 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:28 +02:00
Tim Ramlot
c16a34e0b1
use .Delete() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:24 +02:00
jetstack-bot
e66a92ac52
Merge pull request #6182 from inteon/stricter_certificaterequest_csr_webhook_validation 
BUGFIX: Stricter CertificateRequest CSR webhook validation
 2023-06-29 18:10:43 +02:00
Tim Ramlot
1649730a0d
Update internal/controller/certificates/policies/checks.go 
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 12:54:20 +01:00
jetstack-bot
7482de8bac
Merge pull request #6191 from Richardds/fix-dns-01-cloudflare 
Handle multiple Cloudflare DNS01 challenges for the same FQDN
 2023-06-28 13:08:39 +02:00
Tim Ramlot
2f56c3c89a
add DontAllowInsecureCSRUsageDefinition feature gate to disable the strict CSR validation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-28 11:11:32 +02:00
Richard Boldiš
2b2ada9491 fix: handle multiple cloudflare dns-01 challenges for the same FQDN 
Signed-off-by: Richard Boldiš <richard@boldis.dev>
 2023-06-27 18:13:35 +02:00
jetstack-bot
956dd47132
Merge pull request #6187 from AcidLeroy/honor-kind-cluster-name 
Honor KIND_CLUSTER_NAME for e2e-setup & clean
 2023-06-27 17:46:55 +02:00
Cody W. Eilar
daf5b8f763 Honor KIND_CLUSTER_NAME for e2e-setup & clean 
- Prior to this commit, regardless what was put for KIND_CLUSTER_NAME,
  the name of the cluster was always "kind". Furthermore, when running
  make clean, only clusters named "kind" were cleaned up. With a few
  minor fixes, this commit solves the problem so that kind clusters with
  different names can be used when running tests.

Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Cody Eilar <cody@codyeilar.com>
 2023-06-27 09:35:07 -06:00
jetstack-bot
b66fe4ae77
Merge pull request #6189 from wallrj/static-e2e-test-build 
Static e2e test build
 2023-06-27 14:32:55 +02:00
Richard Wall
7ee4c0b1e1 Use the correct path in the the example command 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-06-27 12:49:13 +01:00
Richard Wall
cc0782b917 Reduce binary size by stripping dwarf tables and symbol tables 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-06-27 12:47:08 +01:00
Richard Wall
87b3e321c8 Disable CGO when compiling an e2e.test binary 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-06-27 12:46:31 +01:00
jetstack-bot
8eb032a95a
Merge pull request #6110 from jkroepke/serviceMonitor 
[helm] Add prometheus.servicemonitor.endpointAdditionalProperties
 2023-06-26 11:29:55 +02:00
Tim Ramlot
63387015d0
make CertificateRequest webhook validation more strict (the Usages array should always be the source of truth) 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-26 10:08:13 +02:00
Tim Ramlot
3938c75850
improve (Extended)KeyUsage parsing to be more consistent 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-26 10:06:55 +02:00
jetstack-bot
9d5a4d936b
Merge pull request #6178 from AcidLeroy/fix-presubmit-for-osx 
Remove the "--tmpdir" flag from mktemp
 2023-06-24 10:20:32 +02:00
Cody W. Eilar
5741efb28e Remove the "--tmpdir" flag from mktemp 
- The OS X version of mktemp doesn't support the --tmpdir flag.
- According to the doc for mktemp on OSX: "If no arguments are passed or if only the -d flag is passed mktemp behaves as if -t tmp was supplied."
- This will continue to work for Linux based versions of mktemp.

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-06-23 15:37:03 -06:00
jetstack-bot
14f81d4270
Merge pull request #6171 from maelvls/update-cmd/ctl/v1.13.0-alpha.0 
[Release v1.13.0-alpha.0] Update cmd/cmctl's go.mod to v1.13.0-alpha.0
 2023-06-23 17:24:39 +02:00
Tim Ramlot
a9339849e5
improve label and annotation checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 17:05:42 +02:00
jetstack-bot
4d1486bbfc
Merge pull request #6168 from inteon/add_public_key_match 
Add SecretPublicKeysDiffersFromCurrentCertificateRequest check
 2023-06-23 16:55:40 +02:00
jetstack-bot
386d2a1448
Merge pull request #6173 from inteon/document_parsesinglecertificatechain 
Improve documentation of pki.ParseSingleCertificateChain
 2023-06-23 10:43:39 +02:00
Tim Ramlot
229f99c197
update testcase based on feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 09:14:38 +02:00
Tim Ramlot
02b008fe6d
improve documentation of ParseSingleCertificateChain 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-22 12:46:08 +02:00
jetstack-bot
885c66da93
Merge pull request #6172 from netthier/patch-1 
Add SenseLabs to USERS.md
 2023-06-22 09:50:18 +02:00
nett_hier
a1867545bd
Add SenseLabs to USERS.md 
Signed-off-by: nett_hier <66856670+netthier@users.noreply.github.com>
 2023-06-21 17:57:14 +02:00
Tim Ramlot
19377b43b1
fix feedback from @wallrj 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-21 15:31:20 +02:00
jetstack-bot
18a55d98da
Merge pull request #6170 from inteon/fix_broken_users_logo 
Fix broken image link in USERS.md
 2023-06-21 14:11:19 +02:00
jetstack-bot
529893556b
Merge pull request #6154 from inteon/fix_basic_constraints_alpha_feature 
BUGFIX: I incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature
 2023-06-21 14:01:26 +02:00
jetstack-bot
f9ffb76c5c
Merge pull request #6129 from cert-manager/remove_name_selector_admission_webhook 
Remove unused 'name' namespaceSelector
 2023-06-21 14:01:19 +02:00
jetstack-bot
3159ea59e7
Merge pull request #6162 from inteon/remove_replace 
Remove old miekg/dns replace statement
 2023-06-21 13:32:19 +02:00
jetstack-bot
88ab565235
Merge pull request #6167 from nordix-metal3/lentzi90/users-metal3 
Add Metal3 to users
 2023-06-21 11:46:19 +02:00
Lennart Jern
8afddba9f7
Add Metal3 to users 
Signed-off-by: Lennart Jern <lennart.jern@est.tech>
 2023-06-21 10:49:29 +03:00