weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
4,025 Commits 45 Branches 0 Tags 96 MiB
abd13992c8
Commit Graph

1644 Commits

Author SHA1 Message Date
jetstack-bot
abd13992c8
Merge pull request #2839 from meyskens/update-miekg-dns 
Update to the latest miekg/dns
 2020-06-11 15:26:23 +01:00
jetstack-bot
89c8fc3c8d
Merge pull request #2898 from diversario/2159-remove-custom-retryer 
Remove custom retry logic from route53 package
 2020-06-11 13:58:23 +01:00
jetstack-bot
46eaf3d1a4
Merge pull request #2923 from JoshVanL/new-metrics 
Updates the metrics package + new metrics controller
 2020-06-04 12:59:38 +01:00
jetstack-bot
485e2e59a4
Merge pull request #2947 from hzhou97/no_empty_cacrt 
Do not add empty ca.crt
 2020-05-29 09:13:01 +01:00
Maartje Eyskens
c867bc7d36 Implement MessageAcceptFunc 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-05-27 17:42:34 +02:00
Maartje Eyskens
c9fbbdbde8 Update to the latest miekg/dns 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-05-27 17:42:34 +02:00
jetstack-bot
78ee463a98 Merge pull request #2946 from meyskens/fix-venafi-dn 
Add default DN back in Venafi issuer
 2020-05-27 10:35:22 +01:00
JoshVanL
e465329b80
Revert vault free port and expose listener port from metrics server 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-26 23:01:55 +01:00
Haoxiang Zhou
7229741505 Changed tests for issuing controller to expect no ca.crt instead of nil 
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
 2020-05-26 15:30:43 +01:00
Maartje Eyskens
3fa7f038b3 Check for empty Organizations instead 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-05-26 16:03:42 +02:00
Haoxiang Zhou
609eedacec Do not add ca.crt key to TLS secret if empty in expcertificates as well 
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
 2020-05-26 14:37:40 +01:00
Haoxiang Zhou
3591de614d Changed unit tests to expect no ca.crt instead of nil 
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
 2020-05-26 12:16:55 +01:00
Haoxiang Zhou
dceae33364 Do not add ca.crt key to TLS secret if empty 
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
 2020-05-26 12:16:20 +01:00
Maartje Eyskens
96cf8c717e Add default DN back in Venafi issuer 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-05-25 11:30:35 +02:00
JoshVanL
9c9fe56f0b
Update new files to use 2020 copyright 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-21 10:52:56 +01:00
JoshVanL
5539bf3495
Moves metrics controller into sub-package of ./controller/certificates 
and fix metrics listen address flag description

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-21 10:47:52 +01:00
JoshVanL
63c5e5f5c6
Cleans up metrics pkg to not require locks, and split out resources into 
different files

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-21 10:47:00 +01:00
JoshVanL
db24ca052b
Remove the Factory interface from ACME accounts, in favour of using 
package level funcs. This exposes BuildHTTPClient that instruments
metrics, which is passed to NewClient. ACME issuer has reference to
plumbed in metrics

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-21 10:44:37 +01:00
JoshVanL
3e7f7eb87e
Expose Prometheus listen address as a controller command line flag 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-18 18:21:03 +01:00
JoshVanL
92eb8d0957
Refactor controllers to use new instrumented metrics that's baked into 
all controllers

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-18 17:43:56 +01:00
JoshVanL
4dd70a6fe7
Adds new metrics controller to reconcile over Certificates and its 
Status (Ready and Expiry)

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-18 17:43:18 +01:00
JoshVanL
54eb9da7af
Adds 'Factory' interface to consume the instrumented acme client 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-18 17:42:47 +01:00
JoshVanL
fd7aa8f41c
Refactor acme client to metrics and adds a 'Factory' interface 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-18 17:42:19 +01:00
JoshVanL
9e98d7b948
Updates metrics package to be better consumable 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-05-18 17:41:14 +01:00
James Munnelly
38aa959f95 accounts: Use RWMutex instead of regular Mutex 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-05-13 14:33:49 +01:00
James Munnelly
b126a0c0e5 Use acme AccountRegistry throughout and tidy up ACME setup code 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-05-13 13:14:46 +01:00
James Munnelly
81b6c74e63 Add ACME account registry structure 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-05-13 10:08:06 +01:00
Ilya Shaisultanov
280aa2654d
Remove unused retryer 
Signed-off-by: Ilya Shaisultanov <ilya.shaisultanov@gmail.com>
 2020-05-07 11:41:13 +02:00
Ilya Shaisultanov
bebd82c1f8
Remove custom retry logic from route53 package 
ACME challenges controller already handles retry logic. This
avoid an issue where cert-manager can spam Route53 under certain
conditions, leading to throttling.

Fixes #2159.

Signed-off-by: Ilya Shaisultanov <ilya.shaisultanov@gmail.com>
 2020-05-07 00:14:05 +02:00
James Munnelly
982b21bb06 Fix bug that could lead to validation to fail when attempting to update immutable field 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-05-01 12:33:14 +01:00
James Munnelly
3e8649abc2 Handle ACME orders with already valid authorizations upon first fetch through new 'initialState' field 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-05-01 12:33:14 +01:00
James Munnelly
9cb68d1d91 Remove serverAuth default usage & remove unused DefaultKeyUsage functions 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-04-30 15:57:12 +01:00
jetstack-bot
c0c74216d5
Merge pull request #2843 from JoshVanL/certificate-issuing-controller-temporary-certificate 
Issuing controller temporary certificate support
 2020-04-30 12:30:55 +01:00
JoshVanL
a4cfd41ce7
Updates comments to proper working/capitalisation 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-30 11:53:42 +01:00
Mehdi Abaakouk
13c2539a78 cloudfare: update per_page max to 100 
cloudfare just changed the maximum of per_page in their API to 100.

  Warning  PresentError  2m41s (x11 over 75m)  cert-manager
  Error presenting challenge: Cloudflare API Error
  Error: 9205: Per_Page must be a number between 5 and 100

This change fixes that.

Signed-off-by: Mehdi Abaakouk <sileht@sileht.net>
 2020-04-28 15:25:27 +02:00
jetstack-bot
59ff99811b
Merge pull request #2851 from munnerz/fixup-webhook-requestkind 
Support Kubernetes 1.15 and below properly in validating webhook
 2020-04-28 13:18:29 +01:00
James Munnelly
c641443e92 Support Kubernetes 1.15 and below properly in validating webhook 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-04-28 11:51:58 +01:00
JoshVanL
dc4ba16051
Adds comments to clarify issuing_controller_test Certificate current 
revision

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-28 11:03:26 +01:00
JoshVanL
d830db4ef7
Adds more temp cert tests, don't issue temp cert of different private 
key and use shared GenerateLocallySignedCertificate

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-27 16:31:12 +01:00
JoshVanL
c115e6c2bf
internal/test.go accepts fixed clock and Shares 
generaleLocallySignedCertificate

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-27 16:29:58 +01:00
JoshVanL
7d1d94fedb
Adds issuing controller temporary certificate units tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-26 19:39:08 +01:00
JoshVanL
095976548d
Adds temporary certificate logic to issuing controller based on 
annotation

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-26 19:16:57 +01:00
JoshVanL
92c2d3c7c4
Moves secretmanager and testing util into separate package to refactor 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-26 15:45:10 +01:00
JoshVanL
11961b992d
Moves Certificate Issuing validation logic and key fetch earlier in sync 
loop

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-04-26 15:01:32 +01:00
Maartje Eyskens
f2b36483a4 Set Issuer kind specific to Issuer if cert-manager.io/issuer is specified. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-04-24 16:16:04 +02:00
jetstack-bot
49e1a7a51c
Merge pull request #2825 from meyskens/add-origin-tag 
Add cert-manager origin tag in Venafi
 2020-04-22 16:48:02 +01:00
Maartje Eyskens
3747cf2000 Fix up test and make code look nicer 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-04-22 17:08:34 +02:00
Maartje Eyskens
453640dd4d Add cert-manager origin tag in Venafi 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-04-22 16:42:55 +02:00
James Munnelly
7978fbe081 Address review feedback and include truststore.jks with JKS mode enabled 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-04-22 15:20:49 +01:00
James Munnelly
ba33c823a3 Add 'keystores' stanza to CertificateSpec to allow dynamic keystore configuration 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-04-21 17:58:18 +01:00