weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,113 Commits 45 Branches 0 Tags 96 MiB
aeae4b35fc
Commit Graph

733 Commits

Author SHA1 Message Date
Tathagata Paul
25d2def9b6 support serviceAccount.Labels in Helm chart 
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
 2022-03-10 15:16:53 +05:30
Joakim Ahrlin
f5275cf1cc add enum for rotationPolicy 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-03 16:31:23 +01:00
Jake Sanders
cfb1406742
Update RBAC for the new gateway API's apiGroup 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:24 +00:00
Joakim Ahrlin
eb64e6494c
update deps and BUILD files 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-01 15:05:18 +00:00
jetstack-bot
10c5d72279
Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests 
Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate
 2022-02-16 10:57:37 +00:00
joshvanl
b5ff61e02b Adds patch permissions to order/status for cert-manager controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-16 10:33:48 +00:00
jetstack-bot
56d9423744
Merge pull request #4798 from JoshVanL/controllers-server-side-apply-certificatesigningrequests 
Server Side Apply: Adds support for CertificateSigningRequest controllers to use SSA with Feature Gate
 2022-02-16 10:20:37 +00:00
jetstack-bot
9887baac33
Merge pull request #4844 from batazor/chart-servicemonitor 
Add additional check for servicemonitor
 2022-02-15 20:43:36 +00:00
jetstack-bot
0860a4141b
Merge pull request #4847 from akamac/patch-1 
add name to the exposed metrics port
 2022-02-14 14:02:52 +00:00
jetstack-bot
ad4264b6ec
Merge pull request #4841 from irbekrm/remove_annotation 
Removes cainjector annotations from CRDs
 2022-02-14 10:48:52 +00:00
jetstack-bot
12a2148df3
Merge pull request #4794 from JoshVanL/controllers-server-side-apply-issuers 
Server Side Apply: Adds support for [Cluster]Issuer controller to use SSA with Feature Gate
 2022-02-11 19:37:01 +00:00
joshvanl
3e23b6fd8a Adds patch permissions to cert-manager controller for issuers and 
clusterissuers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
49108a0278 Adds list map type to Conditions for both Issuers and Cluster Issuers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
fc21252e14 Adds patch permissions to cert-manager controller for 
certificaterequests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00
joshvanl
a4588c3401 Adds condition_list_type_test integration test for CertificateRequest object 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00
joshvanl
23ba58b008 Update CRD for field labels. Adds patch rbac to Certificates for 
cert-manager controller

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:14:31 +00:00
Alexey Miasoedov
c37e0b9b93 add name to the exposed metrics port 
Signed-off-by: Alexey Miasoedov <alexey.miasoedov@gmail.com>
 2022-02-11 18:37:09 +03:00
jetstack-bot
9ff7568f4e
Merge pull request #4809 from JoshVanL/ca-injector-remove-auditsinks-permissions 
Remove auditsinks permissions from ca-injector as it is no longer supported
 2022-02-11 13:56:01 +00:00
Victor Login
f2f771fc93
Update servicemonitor.yaml 
Signed-off-by: Login Victor <batazor111@gmail.com>
 2022-02-11 08:57:07 +03:00
irbekrm
5fd80d6ad3 Removes cainjector annotations from CRDs 
As we're no longer using cainjector to inject CA bundles to those CRDs

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-02-10 13:43:06 +00:00
joshvanl
391dea4f60 Adds patch to certificatesigningrequest permissions for controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:18:14 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
35fba365bf Update AdditionalOutputFormats comment to reflect addition of feature to 
webhook set.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:04:55 +00:00
joshvanl
83f738d665 Remove auditsinks permissions from ca-injector as it is no longer 
supported

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-31 18:46:52 +00:00
irbekrm
4b3239e8fb Removes duplicated service annotations from Helm chart 
These were added by merging multiple PRs that add similar functionality

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-25 10:26:25 +00:00
joshvanl
5019aaacfc Update SecretTemplate API comments to highlight that annotations are 
appended to base annotations

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:40:13 +00:00
joshvanl
162519869e Updates CRD with new secret template comment 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
d6fb5138f2 Re-add crd-certificates.yaml 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
81ec7d9665 Update controller rbac to allow it to patch Secrets 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Dean Coakley
17efd74753 Clean up template 
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2022-01-08 08:26:48 +00:00
Dean Coakley
c17b11fa01 Remove securityContext.enabled from helm chart 
`securityContext.enabled` was deprecated and has already been replaced by
`securityContext` which supports arbitrary yaml.

Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2022-01-08 08:26:44 +00:00
jetstack-bot
3c9510b782
Merge pull request #4329 from jwenz723/patch-1 
[Helm Chart] Add optional service annotations
 2022-01-05 12:46:45 +00:00
irbekrm
f9a9326483 Add comments on how to view all available flags for cert-manager binaries 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-31 09:15:14 +00:00
irbekrm
e500109bea Removes example setting of --cluster-resource-namespace flag from extra args 
As there is already a top level clusterResourceNamespace key in Helm values that sets the same flag

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-31 09:04:05 +00:00
jetstack-bot
52bba1dcdb
Merge pull request #4656 from TerryHowe/helm-ignore 
Minor clean-up to helm chart
 2021-12-17 12:21:13 +00:00
jetstack-bot
0b8eba629c
Merge pull request #4554 from SgtCoDFish/maker 
Makefile flow
 2021-12-17 10:37:13 +00:00
jetstack-bot
b5fbabdc6f
Merge pull request #4635 from wallrj/remove-deprecated-apis-crds 
Remove deprecated APIs from the CRD templates
 2021-12-15 13:31:33 +00:00
Ashley Davis
32d716654a
Add a makefile flow for building artifacts 
Includes targets for:

- all "server" binaries, for all arches
- all containers for all server binaries for all arches
- all client binaries (kubectl plugin / cmctl) for all arches
- the cert-manager helm chart + signature
- the cert-manager static manifests + CRDs
- tools which bazel would download, with checksum verification
- (commented out) a signed SHA256SUM file for client binaries

Upgrades from the bazel flow include that:

- we use OS-specific base images rather than just using amd64 everywhere
- we easily add support for signing artifacts at build time
- we add ".exe" to the end of windows executables
- we add a zip file for windows executables, for easier consumption
- we concatenate YAML files more robustly
- staging a full release should be much faster
- hopefully, it's easier to change things!
- licenses are trimmed down to reduce bloat in images (the license
  bundle was 1.4MB in size alone)

Changes from the bazel flow include:

- containers no longer have a symlink to the binary at an unusual
  path, but instead just have the binary at a more predictable path
  (e.g. /app/cmd/webhook/webhook instead of
  /app/cmd/webhook/webhook.runfiles/com_github_jetstack_cert_manager/cmd/webhook/webhook_/webhook)

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-12-15 09:54:15 +00:00
Richard Wall
d80c53dc16 Remove conversion webhook configurations 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:42:54 +00:00
jetstack-bot
5894ed989a
Merge pull request #4546 from munnerz/webhook-config-api 
Support loading webhook config from versioned file
 2021-12-14 10:09:02 +00:00
Terry Howe
3263a4c1fb Minor clean-up to helm chart 
Signed-off-by: Terry Howe <tlhowe@amazon.com>
 2021-12-12 05:58:44 -07:00
James Munnelly
cfbd574e75 Remove deprecation notice on webhook.securePort 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-10 12:53:00 +00:00
jetstack-bot
7166f32320
Merge pull request #4608 from ninech/add_honor_labels 
allow to honor the labels of cert-manager on conflicts
 2021-12-10 10:48:51 +00:00
James Munnelly
838a8dc153 Allow specifying minTLSVersion and cipherSuites without explicit tlsConfig 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 13:03:57 +00:00
James Munnelly
17d6a19ba2 Fix apiVersion of example config 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 12:56:34 +00:00
James Munnelly
d4beef13b8 Support configuring securePort in webhook service 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 12:56:26 +00:00
joshvanl
6d83e3111d Removes v1beta1 from webhook's admissionReviewVersions as we no longer 
support Kubernetes v1.16

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-02 10:40:44 +00:00
James Munnelly
1a96d9f32d config.cert-manager.io -> webhook.config.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
Richard Wall
704fe73b4b Remove deprectated APIs from the CRD templates 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-11-30 13:33:59 +00:00
nick
4755fccb63 improve option description 
Signed-off-by: Sebastian Nickel <nick@nine.ch>
 2021-11-26 16:27:16 +01:00
James Munnelly
553e1e0536 Add ability to configure WebhookConfiguration via the Helm chart 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:17:34 +00:00
nick
3c5e5ee05e allow to honor the labels of cert-manager 
With setting honorLabels to "true" one can get rid of the "exported_namespace" label in scraped cert-manager metrics.

Signed-off-by: Sebastian Nickel <nick@nine.ch>
 2021-11-19 15:44:23 +01:00
Ashley Davis
115b70cfef
update link to k8s security context spec 
the old link was for 1.16 and actually led to a site with a certificate error

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-11-19 13:55:02 +00:00
Ashley Davis
0e9c9e3481
bump supported k8s version in helm chart readme 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-11-19 13:54:22 +00:00
jetstack-bot
0236f0836e
Merge pull request #4556 from inteon/helm_template_cleanup 
Cleanup helm templates & fix empty 'resources' in deployment
 2021-11-15 14:27:06 +00:00
jetstack-bot
4291d207b7
Merge pull request #3883 from james-callahan/omit-servicemonitor-namespaceSelector 
No need to specify namespaceSelector when in same namespace
 2021-11-05 13:02:28 +00:00
Inteon
4a9bbce297
add spaces 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-11-01 11:45:42 +01:00
Inteon
b1445d687e
cleanup helm templates & better support for empty 'resources' in values.yaml 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-11-01 11:37:50 +01:00
Richard Wall
c6896b2f93 Set all non-v1 CRD versions as not-served 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-09-29 12:17:32 +01:00
Trey Dockendorf
3b860993c5
Allow setting Helm chart service annotations 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-09-20 12:33:39 -04:00
jetstack-bot
5ec37819e8
Merge pull request #4433 from wallrj/4431-cleanup-failed-install-hook-resources 
Cleanup hook resources from previous failed installs
 2021-09-06 11:06:28 +01:00
jetstack-bot
8f0225189e
Merge pull request #4332 from tomasfreund/feature/azure-dns-msi-id 
Add option to specify managed identity id when using azure dns
 2021-09-03 17:17:22 +01:00
Richard Wall
31821e7fd8 Cleanup hook resources from previous failed installs 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-09-03 16:36:13 +01:00
Nicolas Degory
d2209df85a Apply suggestions from code review 
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
Signed-off-by: Nicolas Degory <nicolas.degory@gmail.com>
 2021-08-29 09:24:59 -07:00
Nicolas Degory
6549344e47 PR review 
Signed-off-by: Nicolas Degory <nicolas.degory@gmail.com>
 2021-08-29 09:21:47 -07:00
Nicolas Degory
9ce9c7d2bd add startup API check job PSP 
Signed-off-by: Nicolas Degory <nicolas.degory@gmail.com>
 2021-08-29 09:21:47 -07:00
irbekrm
38ce9fc4b1 Adds a warning about sidecar proxy for startup check job 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-08-27 12:18:44 +01:00
Jake Sanders
5df1dd4932
Update Docs on solver type to reflect default service type 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-19 14:55:50 +01:00
jetstack-bot
c5a4cb9fbf
Merge pull request #4384 from jakexks/en_GB 
finalisers -> finalizers
 2021-08-18 17:23:35 +01:00
Jake Sanders
e0ecc9938a
finalisers -> finalizers 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-18 15:33:27 +01:00
irbekrm
7d30a6452c Removes status fields from CRD definitions 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-08-18 10:17:34 +01:00
jetstack-bot
30c40f8f15
Merge pull request #4348 from inteon/upgrade_deps_v0.22.0 
Upgrade deps (kube v0.22.0)
 2021-08-14 01:07:12 +02:00
Inteon
b13eb0483b
upgrade deps to latest version (kube v0.22.0) 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-13 23:38:59 +02:00
Tomáš Freund
8e737dd1b7 move azure managed identity config to nested struct, improve validation 
Signed-off-by: Tomáš Freund <tomas.freund@datamole.cz>
 2021-08-13 16:17:08 +02:00
Ashley Davis
e0e5a50f31
fix mistakenly changed CRDs for v1beta1 (#4352) 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-13 13:44:05 +01:00
jwenz723
71c376c935
Add webhook service annotations: 
Signed-off-by: Jeff Wenzbauer <jwenz723@gmail.com>
 2021-08-09 16:26:03 -06:00
Jeff Wenzbauer
01635752ea
Add documentation of serviceAnnotations 
Signed-off-by: Jeff Wenzbauer <jwenz723@gmail.com>
 2021-08-09 16:14:19 -06:00
Jeff Wenzbauer
9201d5de5b
Add use of .Values.serviceAnnotations in Service 
Signed-off-by: Jeff Wenzbauer <jwenz723@gmail.com>
 2021-08-09 16:13:47 -06:00
jetstack-bot
17a5066400
Merge pull request #4308 from Dean-Coakley/fix-chart-readme 
Fix chart readme install command
 2021-08-09 09:33:49 +01:00
Dean Coakley
19eae6e81b Fix chart prerequisites Kubernetes version 
Ref: https://cert-manager.io/docs/installation/supported-releases/

Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2021-08-05 13:20:19 +01:00
Dean Coakley
b42a566d4f Fix helm install commands for helm 3.x clients 
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2021-08-05 13:14:35 +01:00
Dean Coakley
c76ae73b00 Fix chart install command to include version 
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
 2021-08-05 13:12:03 +01:00
jetstack-bot
34cb511980
Merge pull request #4050 from longkai/fix-ssa 
explicitly specify port protocol field to allow server side apply
 2021-08-04 11:40:23 +01:00
jetstack-bot
d647e543e3
Merge pull request #4276 from jakexks/gateway-http01 
Experimental Gateway API support for ACME HTTP-01 Solving
 2021-08-03 18:51:49 +01:00
jetstack-bot
b5f80c428e
Merge pull request #4234 from inteon/add_startupapicheck 
Add startup api check Job
 2021-08-03 17:41:49 +01:00
Jake Sanders
23e1acdd5c
Update Gateway HTTPRoute Label doc string 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 15:26:40 +01:00
Jake Sanders
c2d7a98192
Remove PodTemplate from Gateway Solver, rename to GatewayHTTPRoute 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 14:26:45 +01:00
jetstack-bot
c333ace179
Merge pull request #4072 from Marfeel/master 
Add a name to Prometheus scraping service port for Istio compatibillity
 2021-08-03 11:43:19 +01:00
Fran Sanjuán
21bbdaced6 Set fixed port name 
Signed-off-by: Fran Sanjuán <francesc.sanjuan@marfeel.com>
 2021-08-03 11:55:38 +02:00
Jonathan Prates
50bb91a032 feat: update object description explaning the current behaviour 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 09:26:23 +01:00
Jonathan Prates
9f36f8984b feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
0569997ede feat: update crds 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jake Sanders
b38869b551
Gateway HTTP01: Make docs better, only enable gateway solver if gateway API is found 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:23 +01:00
Jake Sanders
34a844b150
Fix validation test, add RBAC for gateway API 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:21 +01:00
Jake Sanders
deb9ccc5a9
HTTP01 solver support for the Gateway API 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:16 +01:00
Jake Sanders
6f6213c5fd
APIs and validation 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:09 +01:00
Inteon
06e2ac2d41
change weight of hook resources and only delete after all hooks have finished 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-30 17:31:25 +02:00