weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
6,790 Commits 45 Branches 0 Tags 96 MiB
ae0632c1f0
Commit Graph

6790 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maël Valais
ae0632c1f0 make: add "make e2e-setup-kind-update-images" 
I think having a separate file for storing the various kind image
digest isn't necessary. From now on, make/cluster.sh is the "source of
truth" for everything related to kind. If you would like to see the
image that is going to be used for creating the kind cluster, you can
run:

  make/cluster.sh --show-image

To self-update the digests with the latest available digests, run:

  make/cluster.sh --update-images

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 11:26:37 +02:00
Maël Valais
c4e6ebd1a8 make/cluster.sh: remove the fixed clusterIP CIDR 10.0.0.0 
The fixed CIDR isn't necessary anymore since the makefile figures the
ClusterIP dynamically. This change also enables you to run
make/cluster.sh with an existing kind cluster.

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 11:26:37 +02:00
Maël Valais
6c57633884 make: remove the not-really-needed system dependency "perl" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:54:26 +02:00
Maël Valais
2205bafef5 e2e: WaitForAllPodsRunningInNamespaceTimeout: %s missing value in logs 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:54:26 +02:00
Maël Valais
057ce50ace make/cluster.sh: speedup etcd by using --unsafe-no-fsync 
Using --unsafe-no-fsync is OK for development deployments of etcd [1].
etcd relies on fsync for its consensus protocol.

 [1]: https://github.com/etcd-io/etcd/pull/11946
 [2]: https://etcd.io/docs/v3.5/tuning/#disk
 [3]: https://etcd.io/docs/v3.5/faq/

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-03-29 10:54:26 +02:00
Maël Valais
8b95a13078 make/e2e.sh: raise concurrency from 10 to 20 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
be093559cb e2e: raise slightly the timeouts so that ginkgo -nodes 20 works 
Moving from -nodes 10 to -nodes 20 has lowered the e2e time from 35 to
30 minutes on n1-standard-8 with a request (for the prow job pod) of
3500m (the memory limit of 12Gi is never reached).

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
a9c225d573 make: e2e-setup-kind now properly prepulls image before "kind create" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
88c29358d5 make: test-ci's XML output is a bit more readable now 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
10c4aa808f make: preload-kind-image now caches the kind image in "bin/downloaded" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
d6ebdda49c make/e2e.sh: add a backoff to the log.Logf when waiting for something 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
f70baa8d3c make: test-ci: hide fuzz_xxxx test results in the JUnit XML 
The Prow UI can't handle that many test cases (over 40,000 test cases,
53,000 XML lines).

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
f8187d17f2 make: e2e-setup-certmanager: fix the acmesolver image 
The default value for --acme-http01-solver-image was off.

 quay.io/jetstack/cert-manager-acmesolver:v1.7.0-beta.0-260-gd0abb71ef0a78d
 <-------------------------------------->
           incorrect

 cert-manager-acmesolver-amd64:v1.7.0-beta.0-260-gd0abb71ef0a78d
 <--------------------------->
           correct

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
fbb372a1a4 make/cluster.sh: don't display the networking info, it isn't helpful 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
37628bf0ed make: e2e-setup-sampleexternalissuer: bump from v0.0.0-30 to v0.1.1 
Not sure how the end-to-end tests were ever able to run previously. My
guess: the sample-external-issuer end-to-end suite is disabled.

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
b33f5280a8 make/e2e.sh: the "trace" func was showing quotes in the wrong place 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
Maël Valais
66aef65267 make: test-ci now writes JUnit XML to $ARTIFACTS/junit_make-test-ci.xml 
Previously, the XML was saved to $ARTIFACTS, which was not picked up by
the Prow UI. The XML files must be of the form: junit_*.xml.

This format is required by our Spyglass configuration (Spyglass is the
name the Prow UI) [1].

[1]: https://github.com/jetstack/testing/blob/d04c4641f/config/config.yaml#L80-L81

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-29 10:45:08 +02:00
jetstack-bot
bfcc204c2b
Merge pull request #4811 from JoshVanL/controllers-server-side-apply-certificates-shim 
Server Side Apply: Adds support for certificate-shim controllers to use SSA with Feature Gate
 2022-03-28 14:33:31 +01:00
jetstack-bot
e116d416f3
Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders 
Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate
 2022-03-28 13:11:31 +01:00
joshvanl
c1c2d2d081 Add roundtrip test to Certificate serializing. Add field manager to 
certificates-shim Create API call

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:29 +01:00
joshvanl
9d0b2590a8 Optionally Apply certificates, instead of update, in certificate-shim 
when Server-Side apply is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:28 +01:00
joshvanl
82e3b6aa43 Adds apply helper function for Certificates 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:39:09 +01:00
jetstack-bot
c30cfa1610
Merge pull request #4973 from irbekrm/restrict_duration 
Enforce minimum value of experimental.cert-manager.io/request-duration to 600s
 2022-03-28 12:34:31 +01:00
jetstack-bot
7091eaabd8
Merge pull request #4985 from SgtCoDFish/bumpbase 
Bump base images to latest versions
 2022-03-25 18:50:21 +00:00
jetstack-bot
8427ad343a
Merge pull request #4988 from maelvls/fix-make-e2e-failing 
make: in CI, copy binaries from "bin/downloaded" to "bin/tools"
 2022-03-25 18:05:21 +00:00
Maël Valais
c4809d843e make: ignore bin/ and make/ which both contain go files 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-25 18:10:51 +01:00
Maël Valais
904a00fefb make: tools version is now properly switched when switching branches 
Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-25 18:03:35 +01:00
Maël Valais
c6f1f9bc24 make: in CI, copy binaries from "bin/downlaoded" to "bin/tools" 
This is to work around the fact that binaries in hostPath-mounted
directories cannot be executed even if the permissions are correct.

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-25 18:01:54 +01:00
Ashley Davis
d9d960e5f7
bump base images to latest versions 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-03-25 12:04:34 +00:00
jetstack-bot
d8fee10ad8
Merge pull request #4962 from fvlaicu/fix-route53-dns-challenge 
Route53 challenges: upsert records instead of create
 2022-03-23 17:29:20 +00:00
irbekrm
2656cc18c3 Fix test failures 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:57:34 +00:00
irbekrm
09d8cb9cf8 Adds some more test cases 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:20:21 +00:00
jetstack-bot
23388bc9b8
Merge pull request #4970 from vhosakot/bump_go_to_1.17.8 
Bump Go 1.17.1 --> 1.17.8 to fix CVEs
 2022-03-22 18:52:51 +00:00
irbekrm
661abb133f Set CSR as failed if annotation duration is not a valid time 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
irbekrm
d384aef754 Enforce minimum value of experimental.cert-manager.io/request-duration to 600s 
To ensure compatibility with CSR's spec.expirationSeconds

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
jetstack-bot
0631806082
Merge pull request #4974 from irbekrm/fix_csr_events 
Use client-go scheme with core types added as event recorder scheme
 2022-03-22 17:49:51 +00:00
irbekrm
a5ed48a324 Adds a unit test for certificatesigningrequests sync function 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 15:09:33 +00:00
jetstack-bot
dc24503939
Merge pull request #4958 from irbekrm/tsig_provider 
Use our own implementation of miekg/dns.TsigProvider interface
 2022-03-22 12:18:51 +00:00
jetstack-bot
be15ce2279
Merge pull request #4953 from ajvn/feature/allow-privilege-escalation 
update: Setting allowPrivilegeEscalation to false
 2022-03-22 11:01:47 +00:00
jetstack-bot
0c454ea72e
Merge pull request #4758 from JoshVanL/design-server-side-apply 
Design Server Side Apply
 2022-03-22 10:14:46 +00:00
irbekrm
cec0a6cde8 Use client-go scheme with core types added as event recorder scheme 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 09:47:46 +00:00
jetstack-bot
cbf6d8720d
Merge pull request #4971 from SgtCoDFish/metabuilder 
Add a build source indicator to metadata
 2022-03-22 06:54:46 +00:00
Ashley Davis
5d17ec5d2d
add a build source indicator to metadata 
This makes it easier to tell when a build was made by the makefile
workflow and therefore to adjust `cmrel publish` to adapt to changes

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-03-21 21:37:03 +00:00
jetstack-bot
ca32961253
Merge pull request #4772 from irbekrm/exp_backoff 
Exponential backoff for retrying failed certificate issuances
 2022-03-21 20:31:23 +00:00
Vikram Hosakote
24e084b89e Bump Go 1.17.1 --> 1.17.8 to fix CVEs 
Signed-off-by: Vikram Hosakote <vhosakot@cisco.com>
 2022-03-21 16:05:23 -04:00
jetstack-bot
59b593b9a3
Merge pull request #4957 from enj/enj/f/exp_sec 
Use Kubernetes CSR spec.expirationSeconds to express cert duration
 2022-03-21 19:38:23 +00:00
Ivan
5c857d3737 update: Setting allowPrivilegeEscalation to false for controller, cainjector, webhook containers and for startupapicheck job 
Signed-off-by: Ivan <ivans@vaskir.co>
 2022-03-21 17:17:28 +01:00
Monis Khan
2a33c7a5c2
Use Kubernetes CSR spec.expirationSeconds to express cert duration 
This change adds the ability to express certificate duration using
the Kubernetes CSR spec.expirationSeconds field alongside the existing
approach of using the experimental.cert-manager.io/request-duration
annotation.  Both approaches are supported as the expirationSeconds
field requires Kubernetes v1.22+.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-21 09:40:32 -04:00
jetstack-bot
068c5f0870
Merge pull request #4955 from andreadecorte/4954 
Add permissions to update certificates/status to allow namespace admins to renew manually a Certificate
 2022-03-21 12:09:23 +00:00
Andrea Decorte
f6d8c4fb5b Add permissions to update certificates/status to allow namespace admins to renew manually a Certificate. Fixes #4954 
Signed-off-by: Andrea Decorte <adecorte@gmail.com>
 2022-03-21 12:08:11 +01:00