cert-manager

Author	SHA1	Message	Date
Richard Wall	d80c53dc16	Remove conversion webhook configurations Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-12-14 17:42:54 +00:00
Richard Wall	704fe73b4b	Remove deprectated APIs from the CRD templates Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-11-30 13:33:59 +00:00
Richard Wall	c6896b2f93	Set all non-v1 CRD versions as not-served Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-09-29 12:17:32 +01:00
jetstack-bot	8f0225189e	Merge pull request #4332 from tomasfreund/feature/azure-dns-msi-id Add option to specify managed identity id when using azure dns	2021-09-03 17:17:22 +01:00
Jake Sanders	5df1dd4932	Update Docs on solver type to reflect default service type Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-19 14:55:50 +01:00
irbekrm	7d30a6452c	Removes status fields from CRD definitions Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-08-18 10:17:34 +01:00
jetstack-bot	30c40f8f15	Merge pull request #4348 from inteon/upgrade_deps_v0.22.0 Upgrade deps (kube v0.22.0)	2021-08-14 01:07:12 +02:00
Inteon	b13eb0483b	upgrade deps to latest version (kube v0.22.0) Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-08-13 23:38:59 +02:00
Tomáš Freund	8e737dd1b7	move azure managed identity config to nested struct, improve validation Signed-off-by: Tomáš Freund <tomas.freund@datamole.cz>	2021-08-13 16:17:08 +02:00
Ashley Davis	e0e5a50f31	fix mistakenly changed CRDs for v1beta1 (#4352 ) Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-08-13 13:44:05 +01:00
jetstack-bot	d647e543e3	Merge pull request #4276 from jakexks/gateway-http01 Experimental Gateway API support for ACME HTTP-01 Solving	2021-08-03 18:51:49 +01:00
jetstack-bot	b5f80c428e	Merge pull request #4234 from inteon/add_startupapicheck Add startup api check Job	2021-08-03 17:41:49 +01:00
Jake Sanders	23e1acdd5c	Update Gateway HTTPRoute Label doc string Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-03 15:26:40 +01:00
Jake Sanders	c2d7a98192	Remove PodTemplate from Gateway Solver, rename to GatewayHTTPRoute Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-03 14:26:45 +01:00
Jonathan Prates	50bb91a032	feat: update object description explaning the current behaviour Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 09:26:23 +01:00
Jonathan Prates	9f36f8984b	feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	0569997ede	feat: update crds Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jake Sanders	b38869b551	Gateway HTTP01: Make docs better, only enable gateway solver if gateway API is found Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:23 +01:00
Jake Sanders	deb9ccc5a9	HTTP01 solver support for the Gateway API Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:16 +01:00
Jake Sanders	6f6213c5fd	APIs and validation Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:09 +01:00
Inteon	0eabaec743	change startupapicheck to helm post-install hook Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-30 16:04:55 +02:00
joshvanl	6c5a4897b6	Adds note as to why `v1beta1` is still an accepted `conversionReviewVersion` Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-28 15:49:50 +01:00
joshvanl	b3ece6708a	Adds v1beta1 as a `conversionReviewVersion` but don't actually support it Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-28 15:36:58 +01:00
joshvanl	5680bfd4b3	Change all CRDs to no longer accept v1beta1 conversionReviewVersions Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-26 17:05:58 +01:00
Inteon	c7d92681b8	add comments Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-13 17:58:28 +02:00
Inteon	0683738458	fix bug & add comment & cleanup Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-13 13:41:37 +02:00
Inteon	043bbd283e	remove helm-specific labels & add version label Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-11 17:42:32 +02:00
ulrich giraud	b9c9231305	vault issuer: specify that the caBundle must be base64-encoded Signed-off-by: Ulrich GIRAUD <ulrich.giraud@pole-emploi.fr> Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-02 20:54:03 +02:00
jetstack-bot	02d90248de	Merge pull request #4079 from annerajb/support-ed25519 support-ed25519	2021-06-15 16:17:53 +01:00
Anner J. Bonilla	9546a357a5	Add support for certificates with ed25519 private keys Note that using ed25519 on the public internet is not currently recommended, since it's not widely supported. You'd likely not be able to use an Ed25519 cert with an ACME issuer today. Ed25519 certs might be useful for internal PKI, though - an ed25519 CA issuer, say - or for testing ed25519 certs before they become more widely available on the public internet. They're not currently supported by Vault, Venafi or ACME (Letsencrypt) issuers. Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com> Signed-off-by: Anner J. Bonilla <annerjb@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-06-14 11:17:35 +01:00
irbekrm	118cfb6029	Remove the defaulting for renewBefore from fuzzer We now calculate this default at reneal time Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-11 15:35:46 +01:00
irbekrm	acd0a98bbb	Updates DefaultRenewBefore to state that it is deprecated Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-11 11:52:54 +01:00
irbekrm	0478bc5ee2	Updates duration and renewBefore field descriptions Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-25 12:56:55 +01:00
Tamal Saha	b1cb6422e4	Use controller-runtime v0.9.0-beta.0 Signed-off-by: Tamal Saha <tamal@appscode.com>	2021-05-17 08:11:19 -07:00
Maël Valais	39c9c662f7	controller-gen can now update CRDs like before The controller-gen tool is quite rude and won't tell you when one of the CRD manifests cannot be parsed when the option schemapatch is used. As an example, the following: sed -i 's/RFC8555/RFC8556/g' pkg/apis/certmanager/v1/types_issuer.go controller-gen schemapatch:manifests=./deploy/crds output:dir=./deploy/crds paths=./pkg/apis/... should trigger a change in the crd-clusterissuers.yaml: @@ -3184,7 +3184,7 @@ spec: type: object properties: acme: - description: ACME [...] communicate with a RFC8555 + description: ACME [...] communicate with a RFC8556 type: object Unfortunately, controller-gen v0.2.9-0.20200414181213-645d44dca7c0 silently skips faulty CRD manifests. In our case, the CRD had become a non-YAML file (we need to use some if statements): {{- if .Values.webhook.url.host }} url: https://{{ .Values.webhook.url.host }}/convert {{- else }} service: name: {{ template "webhook.fullname" . }} namespace: {{ .Release.Namespace \| quote }} path: /convert {{- end }} Two issues can be found (we can use a YAML parser like yq for that): 1. The pipe "\|" used in ".Release.Namespace \| quote" makes it an invalid YAML file. We could rewrite that to {{ quote .Release.Namespace }} but I decided to go with actual quotes like with the rest of the file. 2. The {{ if }}, {{ else }} and {{ end }} are also invalid YAML syntax, and one easy workaround is to comment them. So many workarounds... but it now works! Signed-off-by: Maël Valais <mael@vls.dev>	2021-05-11 17:29:06 +02:00
Jake Sanders	79d8d9cb7b	Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" This reverts commit `80f27739b5`, reversing changes made to `96604d02a3`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:25 +01:00
Jake Sanders	8ca19b26f9	Revert "Merge pull request #3946 from inteon/fix_kubectl_apply" This reverts commit `c7514d9262`, reversing changes made to `49cbedf262`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:18 +01:00
Inteon	b44e347ce1	remove podTemplate field from ACMEChallengeSolverHTTP01Istio Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-30 13:15:01 +02:00
Anton Johansson	96a0859ac7	Add support to allow CRD conversion webhooks from outside of the cluster Related to #3876 Signed-off-by: Anton Johansson <hello@anton-johansson.com>	2021-04-28 12:49:10 +02:00
Inteon	2299e8d8a6	Apply suggestions from code review Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:20:49 +02:00
Inteon	624e2b9e69	add ACME HTTP01 Istio support Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:19:53 +02:00
jetstack-bot	b5be5a8730	Merge pull request #3877 from irbekrm/move_crypto_fork Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org	2021-04-13 13:28:15 +01:00
irbekrm	fc9d966a1c	Certificate's revision history limit validated by webhook To avoid helm upgrade issues, see https://github.com/jetstack/cert-manager/issues/3880 Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-12 14:59:28 +01:00
irbekrm	d213b4bfdb	Standardize deprecation warnings Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-12 09:38:49 +01:00
irbekrm	09af959071	Issuer's ACME EAB algorithm can no longer be set It is hardcoded to HS256 in golang.org/x/crypto Also, we now use a fork of golang.org/x/crypto in cert-manager org. Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-09 10:28:19 +01:00
jetstack-bot	a8c75fab1a	Merge pull request #3773 from JoshVanL/certificate-revision-history-limit Certificate revision history limit	2021-03-26 11:13:58 +00:00
jetstack-bot	dffbf391db	Merge pull request #3733 from jakexks/renewBefore Clarify the default values for the renewBefore and duration fields	2021-03-24 10:53:46 +00:00
joshvanl	59ca6ca850	Move CertificateRequest revisionHistoryLimit validation to OpenAPI validation Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-23 15:58:14 +00:00
joshvanl	72904ca2c1	Updates CertificateRequest printColumn with a new Denied column Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	fb54272d17	Adds Approved condition status as additionalPrinterColumn for pretty printing Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00

1 2 3

148 Commits