weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
6,255 Commits 45 Branches 0 Tags 96 MiB
b5fbabdc6f
Commit Graph

6255 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jetstack-bot
b5fbabdc6f
Merge pull request #4635 from wallrj/remove-deprecated-apis-crds 
Remove deprecated APIs from the CRD templates
 2021-12-15 13:31:33 +00:00
jetstack-bot
1b3adf3b96
Merge pull request #4636 from wallrj/remove-conversion-webhook 
Refactor the webhook testing code so that alternative CRDs and conversion handlers can be loaded in tests
 2021-12-15 12:29:33 +00:00
Richard Wall
d80c53dc16 Remove conversion webhook configurations 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:42:54 +00:00
Richard Wall
4eedf4fcfd Test conversion code using sample CRDs and remove conversion configuration from cert-manager CRDs 
* Generate CRDs for the sample API types
* Allow alternative CRDs to be loaded into the envtest API server
* Override the conversion configuration of the CRDs
* Show webhook server logs in tests
* Simplify the loading of the test API CRDs
* Allow the ConversionHandler to be overridden in tests

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:33:22 +00:00
jetstack-bot
c43710f22c
Merge pull request #4665 from jetstack/jahrlin-add-to-owners 
add jahrlin to OWNERS
 2021-12-14 15:27:33 +00:00
Joakim Ahrlin
81e9527aa6 add jahrlin to OWNERS 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2021-12-14 13:28:42 +01:00
jetstack-bot
5894ed989a
Merge pull request #4546 from munnerz/webhook-config-api 
Support loading webhook config from versioned file
 2021-12-14 10:09:02 +00:00
James Munnelly
cfbd574e75 Remove deprecation notice on webhook.securePort 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-10 12:53:00 +00:00
jetstack-bot
7166f32320
Merge pull request #4608 from ninech/add_honor_labels 
allow to honor the labels of cert-manager on conflicts
 2021-12-10 10:48:51 +00:00
jetstack-bot
4afe2f00a8
Merge pull request #4640 from JoshVanL/metrics-clock-time-seconds-gauge 
Adds `clock_time_seconds_gauge` metric which returns the current clock time, based on unix time since time began
 2021-12-07 09:48:57 +00:00
joshvanl
4d40bdcd96 Fix tests after metrics comment changes. 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-07 07:42:27 +00:00
joshvanl
27c43b317e Adds deprecated message to clock_time_metrics 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-07 07:10:27 +00:00
James Munnelly
838a8dc153 Allow specifying minTLSVersion and cipherSuites without explicit tlsConfig 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 13:03:57 +00:00
James Munnelly
17d6a19ba2 Fix apiVersion of example config 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 12:56:34 +00:00
James Munnelly
d4beef13b8 Support configuring securePort in webhook service 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-03 12:56:26 +00:00
jetstack-bot
7923823cff
Merge pull request #4639 from JoshVanL/webhook-remove-webhook-admissionReviewVersions-v1beta1 
Removes v1beta1 from webhook's admissionReviewVersions as we no longer support Kubernetes v1.16
 2021-12-02 18:26:44 +00:00
joshvanl
b4f2d4982b Ensure clockTimeSecondsGauge is registered. Updates metrics integration 
tests to include gauge clock metric

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-02 12:11:20 +00:00
joshvanl
51e728688f Adds clock_time_seconds_gauge metric which returns the current clock 
time, based on unix time since time began

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-02 11:27:22 +00:00
joshvanl
6d83e3111d Removes v1beta1 from webhook's admissionReviewVersions as we no longer 
support Kubernetes v1.16

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-12-02 10:40:44 +00:00
jetstack-bot
3191293cb8
Merge pull request #4637 from JoshVanL/certificats-dont-error-on-delete 
Change Certificates controller to no longer error for a Certificate that no longer exists
 2021-12-01 14:19:25 +00:00
James Munnelly
ce3f3fc1f2 Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
1a96d9f32d config.cert-manager.io -> webhook.config.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
joshvanl
d5503c2ed2 Change certificates controller to no longer error for a Certificate that 
no longer exists

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-11-30 15:13:14 +00:00
jetstack-bot
ce019f059c
Merge pull request #4615 from johnwchadwick/version-check-disregard-failed-pods 
Only consider running pods when determining version
 2021-11-30 14:14:45 +00:00
Richard Wall
704fe73b4b Remove deprectated APIs from the CRD templates 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-11-30 13:33:59 +00:00
jetstack-bot
e089811c17
Merge pull request #4623 from irbekrm/bump_ingress 
Installs v1 ingress-nginx for e2e tests against kube 1.23
 2021-11-30 11:52:45 +00:00
irbekrm
06696befdb Installs v1 ingress-nginx for e2e tests against kube 1.23 
Also bumps the versions of ingress dependency used in tests

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-29 10:14:58 +00:00
nick
4755fccb63 improve option description 
Signed-off-by: Sebastian Nickel <nick@nine.ch>
 2021-11-26 16:27:16 +01:00
James Munnelly
9fce2ba5b0 Move files to create config.webhook.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 15:15:44 +00:00
James Munnelly
553e1e0536 Add ability to configure WebhookConfiguration via the Helm chart 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:17:34 +00:00
James Munnelly
d5133a1668 Run update-codegen.sh 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
71a69cc488 Add unit tests for configfile loading 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
48a5efea5d Fix copyright headers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
e21c6e6272 Add test for flag precedence 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
415ca56933 config API: fix up fuzz tests 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
0e1d603c93 Add support for reading config from WebhookConfiguration object 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
2e3eb29327 Register logger flags 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
97863d245f Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
afa8e5a304 Refactoring webhook initialisation to support early config handling 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
fb81666e56 Add config.cert-manager.io API group 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
jetstack-bot
a5d9c9705c
Merge pull request #4617 from jakexks/dependabot 
Update helm, opencontainers, containerd.
 2021-11-23 18:23:02 +00:00
jetstack-bot
c6cdc97365
Merge pull request #4616 from irbekrm/errored_orders 
Don't make extra ACME calls for Order CRs that have failed
 2021-11-23 17:09:03 +00:00
Jake Sanders
43583e13b3
Update bazel repos 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-11-23 16:58:59 +00:00
Jake Sanders
53b4a0e491
Update helm, opencontainers, containerd. 
This includes a minor update to the OCI spec to address
https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
and https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-11-23 16:49:56 +00:00
John Chadwick
d094e20611 Only consider running pods when checking version 
Some clusters may have failed pods that are not garbage collected. These
pods should not be considered when determining version numbers.

Signed-off-by: John Chadwick <86682572+johnwchadwick@users.noreply.github.com>
 2021-11-23 11:32:10 -05:00
irbekrm
7739497f22 Don't process Order CRs that have failed 
Ensure that cert-manager does not attempt to create new ACME Orders for cert-manager Order CRs that are in failed (errored, invalid or expired) state. If the CertificateRequest was created from a Certificate, the issuance will be retried after 1 hour

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-23 15:34:35 +00:00
jetstack-bot
5ad5ef4fb9
Merge pull request #4611 from irbekrm/k_1_23 
Add an option to create a kube 1.23 cluster
 2021-11-22 17:45:04 +00:00
irbekrm
0ee31f2542 Add an option to create a kube 1.23 cluster 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-22 16:03:06 +00:00
nick
3c5e5ee05e allow to honor the labels of cert-manager 
With setting honorLabels to "true" one can get rid of the "exported_namespace" label in scraped cert-manager metrics.

Signed-off-by: Sebastian Nickel <nick@nine.ch>
 2021-11-19 15:44:23 +01:00
jetstack-bot
dbaeff4148
Merge pull request #4607 from SgtCoDFish/supportupdate 
Update supported k8s versions in chart README
 2021-11-19 14:43:49 +00:00