weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
6,020 Commits 45 Branches 0 Tags 96 MiB
b2f7aa57ea
Commit Graph

2601 Commits

Author SHA1 Message Date
jetstack-bot
e5cc0be04b
Merge pull request #4399 from irbekrm/fix_renewal_issue 
Fix renewalTime skew issue
 2021-08-23 16:36:50 +01:00
irbekrm
ec1bdc4983 Adds a test case for renewal time skew and a comment 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-08-23 15:00:57 +01:00
Eng Zer Jun
54e70d2cc4
refactor: move from io/ioutil to io and os package 
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-08-23 19:50:42 +08:00
irbekrm
50e90dfe6e Fix renewalTime skew issue 
Ensure the time returned by RenewalTime function is the same time as that which will be read from Certificate's status

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-08-20 17:57:35 +01:00
jetstack-bot
38ab6f4bdd
Merge pull request #4365 from jonathansp/master 
fix: flaky test when comparing unordered elements
 2021-08-20 13:02:44 +01:00
jetstack-bot
0ff741c9d2
Merge pull request #4392 from SgtCoDFish/fixversions 
Fix manually specified Certificate and CertificateRequest versions
 2021-08-20 12:16:45 +01:00
Jake Sanders
5df1dd4932
Update Docs on solver type to reflect default service type 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-19 14:55:50 +01:00
Jake Sanders
f1ac6efade
Add integration test for ensuring default solver service type is NodePort 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-19 14:52:23 +01:00
Jake Sanders
326783ca32
Fix regression in solver service builder - default service type should be NodePort rather than empty 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-19 14:51:21 +01:00
Ashley Davis
68f5ceb3b4
Fix manually specified Certificate and CertificateRequest versions 
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.

For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.

This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.

Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.

Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958

Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534

PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4

X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-19 14:48:12 +01:00
jetstack-bot
bea6c20e26
Merge pull request #4369 from irbekrm/improve_owner_not_found_errors 
Improve owner not found errors
 2021-08-18 17:23:29 +01:00
Jake Sanders
38ce03e3ec
Fix regression in Ingress PathType introduced in v1.5.0 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-18 15:16:23 +01:00
irbekrm
904d4e3c15 Don't error if owner not found in cache 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-08-17 08:31:49 +01:00
Jonathan Prates
1ff50d3dd8 fix: flaky test when comparing unordered elements 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-16 15:04:01 +01:00
jetstack-bot
30c40f8f15
Merge pull request #4348 from inteon/upgrade_deps_v0.22.0 
Upgrade deps (kube v0.22.0)
 2021-08-14 01:07:12 +02:00
Inteon
b13eb0483b
upgrade deps to latest version (kube v0.22.0) 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-13 23:38:59 +02:00
Inteon
e439749e92
rerun git tags command when //:version changes 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-13 22:59:38 +02:00
jetstack-bot
54c66769bc
Merge pull request #4353 from SgtCoDFish/beta1dnscrds 
Fix mistakenly changed CRDs for v1beta1
 2021-08-13 15:40:11 +02:00
Ashley Davis
e0e5a50f31
fix mistakenly changed CRDs for v1beta1 (#4352) 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-13 13:44:05 +01:00
Inteon
91ec4c773a
use correct contexts everywhere & don't restart apiserver to add crds 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-12 20:05:01 +02:00
Inteon
abc39053b2
resolve .Stop() failures 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-07 10:19:07 +02:00
jetstack-bot
f3ec43f474
Merge pull request #4310 from jakexks/gateway-feature-gate 
Put Gateway-API support behind a feature-gate.
 2021-08-06 16:27:00 +01:00
jetstack-bot
8772aec7d3
Merge pull request #4311 from SgtCoDFish/http01timeout 
Adds an explicit timeout when pre-checking HTTP-01 challenges
 2021-08-06 12:29:20 +01:00
Ashley Davis
e787888c31
adds an explicit timeout when pre-checking HTTP-01 challenges 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-05 15:22:51 +01:00
Jake Sanders
36aa9e2501
The gateway-api support is now gated behind --feature-gate=ExperimentalGatewayAPISupport=true 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-05 14:37:54 +01:00
jetstack-bot
d647e543e3
Merge pull request #4276 from jakexks/gateway-http01 
Experimental Gateway API support for ACME HTTP-01 Solving
 2021-08-03 18:51:49 +01:00
jetstack-bot
be8079b504
Merge pull request #4293 from maelvls/fix-nil-pointer 
Nil pointer exception: certificateRef and TLS can now be left empty
 2021-08-03 16:04:49 +01:00
Jake Sanders
2b9fc73dcb
Fix Gateway validation tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 15:53:04 +01:00
Jake Sanders
23e1acdd5c
Update Gateway HTTPRoute Label doc string 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 15:26:40 +01:00
Maël Valais
30af205777 nil pointer: the Gateway API is full of pointers 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-08-03 15:43:16 +02:00
Jake Sanders
c2d7a98192
Remove PodTemplate from Gateway Solver, rename to GatewayHTTPRoute 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 14:26:45 +01:00
jetstack-bot
d0f4c82baf
Merge pull request #4226 from inteon/simple_kubectl_check_version 
add 'kubectl cert-manager version'
 2021-08-03 12:36:19 +01:00
Jonathan Prates
50bb91a032 feat: update object description explaning the current behaviour 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 09:26:23 +01:00
Jonathan Prates
aed1d7137e feat: add validation to block annotations containing cert-manager.io/ prefix 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
12363f91e2 fix: move secretTemplate validations to validation package 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
6e8f74b4f8 tests: add Labels map to the expected secret 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
e1034c219e feat: add validation for annotations and labels 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
c5e81b13f6 fix: labels cannot be shown if no labels were changed 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
d8be463426 fix: update autogenerated converison code 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
811069cac7 fix: do not create secret labels if template is empty 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
9f36f8984b feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
1f87c098a1 fix: update autogenerated code 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Simon Prates
91cecb65e1 fix: add optional annotation to secretTemplate field 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
 2021-08-03 01:19:11 +01:00
Jonathan Simon Prates
82f1828857 fix: typo in function's comment 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
d29e89c948 chore: update function documentation and fix typo 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
936ad33539 fix: ensure secret annotations and labels will be copied if updated in the cert 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
47bc03e7c4 feat: add support to secretTemplates 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jake Sanders
b38869b551
Gateway HTTP01: Make docs better, only enable gateway solver if gateway API is found 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:23 +01:00
Jake Sanders
34a844b150
Fix validation test, add RBAC for gateway API 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:21 +01:00
Jake Sanders
deb9ccc5a9
HTTP01 solver support for the Gateway API 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:16 +01:00