weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
6,586 Commits 45 Branches 0 Tags 96 MiB
b5ff61e02b
Commit Graph

2797 Commits

Author SHA1 Message Date
joshvanl
0802489f4e Updates Order controller to support apply call when feature gate it 
enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-16 10:33:48 +00:00
jetstack-bot
56d9423744
Merge pull request #4798 from JoshVanL/controllers-server-side-apply-certificatesigningrequests 
Server Side Apply: Adds support for CertificateSigningRequest controllers to use SSA with Feature Gate
 2022-02-16 10:20:37 +00:00
jetstack-bot
12a2148df3
Merge pull request #4794 from JoshVanL/controllers-server-side-apply-issuers 
Server Side Apply: Adds support for [Cluster]Issuer controller to use SSA with Feature Gate
 2022-02-11 19:37:01 +00:00
joshvanl
085b2bf34b Updates issuer and cluster issuer controllers to optionally user server 
side apply

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
49108a0278 Adds list map type to Conditions for both Issuers and Cluster Issuers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
4dc6c957d4 Adds review comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:15:57 +00:00
joshvanl
37775615ff Use ApplyStatus in all Certificates controllers. When ServerSideApply 
enabled, set Issuing condition to False instead of removing it

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:15:57 +00:00
joshvanl
bdb4954c25 Adds updateOrApply to certificates controllers to optionally Apply 
certificate based on feature gate

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:14:31 +00:00
joshvanl
279a8ede99 Adds listType=map and listMapKey=type to Certificate Status Conditions 
field

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:14:31 +00:00
Ashley Davis
89bb5481cb
Increase margin of error in an otherwise unsound test 
This test can easily fail on a heavily loaded machine, such as one
running many tests in parallel.

1. The afterFunc could be delayed _massively_ on a heavily loaded
   machine, such as one running a lot of tests in parallel.
2. Requiring an accuracy of 1ms seems like a flake waiting to happen
   (as it was in this case)
3. When we write code which uses this scheduler, we can't even
   safely assume the afterFunc will _ever_ be run, let alone run
   within a 1% margin of time error. As such I don't think this
   test is providing any value beyond a general sanity check.

By increasing the allowable delta massively, we keep this test as a
sanity check but basically remove the chance of a flake. The test
essentially becomes "does afterFunc work, generally?".

Also adds a check that the elapsed time is greater than the expected
time.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-11 10:14:34 +00:00
joshvanl
9ca869c2cf Add tests to secret manager for additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:41:45 +00:00
joshvanl
57c33446bc Change import paths jetstack/cert-manager -> 
`cert-manager/cert-manager`

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:23:29 +00:00
joshvanl
b426b5acf7 Use UpdateOrApplyStatus in CertificateSigningRequest controllers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:18:14 +00:00
joshvanl
565b639ba7 Adds UpdateOrApplyStatus to CSR controllers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:18:14 +00:00
jetstack-bot
b1180c59ad
Merge pull request #4587 from SgtCoDFish/bigrename 
Rename import path
 2022-02-03 11:56:12 +00:00
jetstack-bot
3c8eee34ae
Merge pull request #4815 from JoshVanL/controllers-certificates-issuing-secrets-manager-always-force 
Always Force apply in issuing controller's secret manager
 2022-02-02 15:40:40 +00:00
jetstack-bot
d16a79db13
Merge pull request #4793 from fvlaicu/change-route53-acme-challenge-record-creation 
Use multivalue records instead of simple records
 2022-02-02 12:18:39 +00:00
Ashley Davis
b084e5804c
fix violations of our coding conventions on import ordering 
this is exposed by the rename when cert-manager internal imports are mixed in with
external imports

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 11:53:39 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
c737c3d9c6 Update secret manager test to no longer expect a non-force apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 18:04:42 +00:00
joshvanl
e5e3cf1fa2 Always Force apply in issuing controller's secret manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:57:22 +00:00
joshvanl
35fba365bf Update AdditionalOutputFormats comment to reflect addition of feature to 
webhook set.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:04:55 +00:00
joshvanl
4445f85d62 Update bazel deps 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-31 13:44:43 +00:00
joshvanl
364c02d36e Ensure RateLimiter is preserved across all built Contexts 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-31 13:38:45 +00:00
joshvanl
834e6bcb04 Set RESTConfig burst and QPS inside context factory so all clients 
inherit these values

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-31 11:34:09 +00:00
Florin Vlaicu
ff6b627401 use multivalue records instead of simple records to allow having multiple txt records for a domain. 
Signed-off-by: Florin Vlaicu <19238716+fvlaicu@users.noreply.github.com>
 2022-01-28 18:05:48 +02:00
joshvanl
fb6e0b9f00 Pass FieldManager down to issuing controller->secrets manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 13:56:29 +00:00
joshvanl
07d8d4ee3c Pipes user agent down to acme clients 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
a220be5bc5 Adds user agent pipethrough for acme accounts 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
8f0c79396f Adds rest config builder to include new user agent 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
d89c3e71dc Update rest of controllers with ControllerFactory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
fb391a26e5 Update CertificateSigningRequest controller to use new ContextFactory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
bd18c0ed86 Update CertificateRequest controllers to use new controller factory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
c66591cf37 Update certificate controllers with new controller builder 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:48 +00:00
joshvanl
52a6ae2198 Adds ContextFactory to controller package. Changes controller builder to 
use ContextFactory

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:50:12 +00:00
jetstack-bot
b12d78d364
Merge pull request #4746 from JoshVanL/controller-readiness-certificates-spec-match 
Certificates controller policies refactor
 2022-01-27 12:45:40 +00:00
jetstack-bot
39e388eaa5
Merge pull request #4762 from jakexks/use-only-ingress-annotation 
Always use the kubernetes.io/ingress.class annotation (#4537)
 2022-01-21 13:45:07 +00:00
Jake Sanders
65902d57a3
Always use the kubernetes.io/ingress.class annotation (#4537) 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-01-21 10:35:25 +00:00
James Munnelly
787ff34e38 Add copyright attribution 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 11:07:49 +00:00
James Munnelly
fa61625d5f Regenerate test CRDs 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
65b8994330 Avoid defaulting objects before validation 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
0bba671152 Ensure defaulting is applied in the correct API version during mutation 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
07a0171e98 Use regular discovery client instead of cache 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
e13c879681 Remove old handlers & admission plugins 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
708de3c580 webhook: use new admission-plugin backed validation and mutation handlers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:46 +00:00
James Munnelly
572aecd48d Add webhook admission package to implement admission control in a clearer manner 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:54:18 +00:00
joshvanl
38b7b930c8 Add tests from rebase and more policies under 
/internal/controller/certificates

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:31:05 +00:00
joshvanl
3b148347ad Move temporary certificate policy init into policy package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
a53987214f Move certificates controller policies under /internal/controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
f1cafae95f Refactor trigger policies to be more generic and be used by multiple 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00