weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
6,710 Commits 45 Branches 0 Tags 96 MiB
b72db63761
Commit Graph

2816 Commits

Author SHA1 Message Date
Jake Sanders
b72db63761
Change label description for HTTP-01 Gateway API solver and fix tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:52:34 +01:00
Maël Valais
4b3af946db gateway-api: with v1alpha2, the labels have become optional 
Previously, in v1alpha1, an HTTPRoute was matched to a Gateway using
the label selectors present on the Gateways. For example, with the
following Gateway:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: Gateway
  metadata:
    name: acmesolver
  spec:
    listeners:
      - protocol: HTTP
        port: 80
        routes:
          kind: HTTPRoute
          selector:
            matchLabels:
              app: foo

you would have to use the following labels on the HTTPRoute in order to
get the above Gateway to be used:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: HTTPRoute
  metadata:
    labels:
      app: foo

With v1alpha2, the label selectors have been dropped. Instead, the
HTTPRoute has to give a direct reference to the Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: HTTPRoute
    spec:
      parentRefs:
        - kind: Gateway
          name: acmesolver
          namespace: traefik

This means that the "labels" field on the gatewayHTTPRoute solver is now
optional:

    apiVersion: cert-manager.io/v1
    kind: Issuer
    spec:
      acme:
        solvers:
          - http01:
              gatewayHTTPRoute:
                labels:              | This field is
                  app: test          | now optional.
                parentRefs:
                  - kind: Gateway
                    name: acmesolver

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-21 17:39:10 +01:00
irbekrm
587e02cee9 Replaces dns v0.41 -> v0.34 
This is so as to avoid dropping support for HMacMD5 value for issuer.spec.acme.solvers.dns01.rfc2136.tsigAlgorithm

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-17 20:14:55 +00:00
jetstack-bot
14578120ed
Merge pull request #4789 from UKHomeOffice/whitelist-annotation-override 
Allow whitelist-source-range ingress annotation to be overridden
 2022-03-11 14:44:35 +00:00
Joakim Ahrlin
f5275cf1cc add enum for rotationPolicy 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-03 16:31:23 +01:00
Jake Sanders
09bbd541ef
update gateway-shim controller unit tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:21 +00:00
Jake Sanders
457fa3ca2c
Fix unit tests for Gateways 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:20 +00:00
Jake Sanders
c08f46711a
Add contour, weed out some more references to v1alpha1 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:19 +00:00
Joakim Ahrlin
eb64e6494c
update deps and BUILD files 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-01 15:05:18 +00:00
Jake Sanders
c96d91d586
Update the sig-network Gateway API support to v1alpha2 
Co-authored-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:17 +00:00
joshvanl
944f9d4103 Change controller context rate limiter test to ensure they are the same 
pointer

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-22 09:15:10 +00:00
Ashley Davis
6420aa4bfa
fix imports in a few files 
this is according to our policy on organizing imports, see:
https://cert-manager.io/docs/contributing/coding-conventions/#organizing-imports

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-18 17:42:45 +00:00
DiptoChakrabarty
ee069f2c45 fix comments to reduce golint issues 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2022-02-16 17:28:08 +05:30
jetstack-bot
10c5d72279
Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests 
Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate
 2022-02-16 10:57:37 +00:00
jetstack-bot
56d9423744
Merge pull request #4798 from JoshVanL/controllers-server-side-apply-certificatesigningrequests 
Server Side Apply: Adds support for CertificateSigningRequest controllers to use SSA with Feature Gate
 2022-02-16 10:20:37 +00:00
jetstack-bot
12a2148df3
Merge pull request #4794 from JoshVanL/controllers-server-side-apply-issuers 
Server Side Apply: Adds support for [Cluster]Issuer controller to use SSA with Feature Gate
 2022-02-11 19:37:01 +00:00
joshvanl
085b2bf34b Updates issuer and cluster issuer controllers to optionally user server 
side apply

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
49108a0278 Adds list map type to Conditions for both Issuers and Cluster Issuers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
da67eb2b65 Adds explicit field manager to requestsmanager controller Create call 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00
joshvanl
38ce8b3bcf Always user Create operation when creating new CertificateRequest 
object

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00
joshvanl
b2cc1b38cb Use optional apply for requestmanager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:04 +00:00
joshvanl
99fd5f3412 Use optional Apply and Apply status to CertificateRequests 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:04 +00:00
joshvanl
26c26c7ce2 Adds list type map to CR Conditions field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:21:19 +00:00
joshvanl
4dc6c957d4 Adds review comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:15:57 +00:00
joshvanl
37775615ff Use ApplyStatus in all Certificates controllers. When ServerSideApply 
enabled, set Issuing condition to False instead of removing it

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:15:57 +00:00
joshvanl
bdb4954c25 Adds updateOrApply to certificates controllers to optionally Apply 
certificate based on feature gate

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:14:31 +00:00
joshvanl
279a8ede99 Adds listType=map and listMapKey=type to Certificate Status Conditions 
field

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:14:31 +00:00
Ashley Davis
89bb5481cb
Increase margin of error in an otherwise unsound test 
This test can easily fail on a heavily loaded machine, such as one
running many tests in parallel.

1. The afterFunc could be delayed _massively_ on a heavily loaded
   machine, such as one running a lot of tests in parallel.
2. Requiring an accuracy of 1ms seems like a flake waiting to happen
   (as it was in this case)
3. When we write code which uses this scheduler, we can't even
   safely assume the afterFunc will _ever_ be run, let alone run
   within a 1% margin of time error. As such I don't think this
   test is providing any value beyond a general sanity check.

By increasing the allowable delta massively, we keep this test as a
sanity check but basically remove the chance of a flake. The test
essentially becomes "does afterFunc work, generally?".

Also adds a check that the elapsed time is greater than the expected
time.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-11 10:14:34 +00:00
joshvanl
9ca869c2cf Add tests to secret manager for additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:41:45 +00:00
joshvanl
57c33446bc Change import paths jetstack/cert-manager -> 
`cert-manager/cert-manager`

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:23:29 +00:00
joshvanl
b426b5acf7 Use UpdateOrApplyStatus in CertificateSigningRequest controllers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:18:14 +00:00
joshvanl
565b639ba7 Adds UpdateOrApplyStatus to CSR controllers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:18:14 +00:00
jetstack-bot
b1180c59ad
Merge pull request #4587 from SgtCoDFish/bigrename 
Rename import path
 2022-02-03 11:56:12 +00:00
jetstack-bot
3c8eee34ae
Merge pull request #4815 from JoshVanL/controllers-certificates-issuing-secrets-manager-always-force 
Always Force apply in issuing controller's secret manager
 2022-02-02 15:40:40 +00:00
jetstack-bot
d16a79db13
Merge pull request #4793 from fvlaicu/change-route53-acme-challenge-record-creation 
Use multivalue records instead of simple records
 2022-02-02 12:18:39 +00:00
Ashley Davis
b084e5804c
fix violations of our coding conventions on import ordering 
this is exposed by the rename when cert-manager internal imports are mixed in with
external imports

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 11:53:39 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
c737c3d9c6 Update secret manager test to no longer expect a non-force apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 18:04:42 +00:00
joshvanl
e5e3cf1fa2 Always Force apply in issuing controller's secret manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:57:22 +00:00
joshvanl
35fba365bf Update AdditionalOutputFormats comment to reflect addition of feature to 
webhook set.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:04:55 +00:00
joshvanl
4445f85d62 Update bazel deps 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-31 13:44:43 +00:00
joshvanl
364c02d36e Ensure RateLimiter is preserved across all built Contexts 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-31 13:38:45 +00:00
joshvanl
834e6bcb04 Set RESTConfig burst and QPS inside context factory so all clients 
inherit these values

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-31 11:34:09 +00:00
Florin Vlaicu
ff6b627401 use multivalue records instead of simple records to allow having multiple txt records for a domain. 
Signed-off-by: Florin Vlaicu <19238716+fvlaicu@users.noreply.github.com>
 2022-01-28 18:05:48 +02:00
joshvanl
fb6e0b9f00 Pass FieldManager down to issuing controller->secrets manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 13:56:29 +00:00
joshvanl
07d8d4ee3c Pipes user agent down to acme clients 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
a220be5bc5 Adds user agent pipethrough for acme accounts 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
8f0c79396f Adds rest config builder to include new user agent 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
d89c3e71dc Update rest of controllers with ControllerFactory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
fb391a26e5 Update CertificateSigningRequest controller to use new ContextFactory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00