weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,552 Commits 45 Branches 0 Tags 96 MiB
b8a1f3d6fb
Commit Graph

5552 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jetstack-bot
b8a1f3d6fb
Merge pull request #4070 from irbekrm/3969_parameterize_and_document_image_building 
3969 parameterize and document image building
 2021-06-15 16:45:53 +01:00
Irbe Krumina
6183a2d2b6 Suggestions from code review 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-15 16:23:53 +01:00
jetstack-bot
02d90248de
Merge pull request #4079 from annerajb/support-ed25519 
support-ed25519
 2021-06-15 16:17:53 +01:00
jetstack-bot
91540b14a2
Merge pull request #4100 from JoshVanL/certificate-signing-request-selfsigned 
CertificateSigningRequest selfsigned controller
 2021-06-15 12:36:39 +01:00
joshvanl
19f94c877d Remove references to CA private key from SelfSigned CSR controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 12:13:52 +01:00
Anner J. Bonilla
9546a357a5
Add support for certificates with ed25519 private keys 
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.

Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-06-14 11:17:35 +01:00
joshvanl
72800ae0f2 Wires up the SelfSigned CertificateSigningRequest controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-14 10:19:28 +01:00
joshvanl
d5007c2e37 Adds the CertificateSigningRequest selfsigned controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-14 10:18:54 +01:00
jetstack-bot
5e2a6883c1
Merge pull request #4092 from irbekrm/renew_override 
Remove the default renewBefore value
 2021-06-11 16:23:49 +01:00
irbekrm
118cfb6029 Remove the defaulting for renewBefore from fuzzer 
We now calculate this default at reneal time

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 15:35:46 +01:00
jetstack-bot
fa40ccdff5
Merge pull request #4090 from JoshVanL/e2e-conformance-vault-check-chain 
Check certificate chain for Vault Issuer in E2E
 2021-06-11 12:29:49 +01:00
irbekrm
acd0a98bbb Updates DefaultRenewBefore to state that it is deprecated 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 11:52:54 +01:00
irbekrm
67f14240eb Update renewBefore descriptions 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 10:32:36 +01:00
irbekrm
e6b748047d Remove the default renewBefore value 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 10:03:12 +01:00
joshvanl
35aaf00395 Check certificate chain for Vault Issuer 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-10 20:25:31 +01:00
jetstack-bot
3242b83b12
Merge pull request #4081 from JoshVanL/certificate-signing-request-ca-e2e 
Certificate Signing Request CA e2e
 2021-06-09 13:13:30 +01:00
joshvanl
6dc95cc63c Adds comment that the kube CSR e2e tests require the feature gate to 
pass

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-09 11:42:02 +01:00
joshvanl
9ef5fef3a1 Changes kube CSR CA e2e tests to be more readable and improve validation 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-09 11:36:21 +01:00
jetstack-bot
4f2f0075a9
Merge pull request #4056 from RinkiyaKeDad/del_framework.go 
deleting test/e2e/framework/config/framework.go
 2021-06-09 11:09:30 +01:00
joshvanl
abdd1f54fa Fix CA CertificateSigningRequest controller to return potential error 
from updating failed status

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-07 17:48:49 +01:00
joshvanl
590e01f3d0 Add ExperimentalCertificateSigningRequestControllers=true as default 
experimental controller to enable in devel/addon/cert-manager/install.md

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-07 17:34:39 +01:00
joshvanl
5a64222475 Adds CA Issuer CertificateSigningRequest e2e test 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-07 15:32:54 +01:00
joshvanl
d4fd4f9acc Move determining Issuer resource Kind into CSR/util 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-07 15:27:43 +01:00
jetstack-bot
5875c828c6
Merge pull request #4074 from JoshVanL/certificate-request-acme-revert-ca.crt 
Reverts ACME issuer from forming a chain bundle and populating the ca.crt
 2021-06-04 16:10:23 +01:00
RinkiyaKeDad
438a0fff13 removed nil line 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-04 13:10:04 +05:30
irbekrm
55495393cd Add some extra comments 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-03 14:52:57 +01:00
RinkiyaKeDad
662bc5030c removed more stuff 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-03 12:37:27 +05:30
joshvanl
1678d0833e Reverts ACME issuer from forming a chain bundle and populating the 
ca.crt

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-02 12:21:50 +01:00
irbekrm
a55f9d9ac1 Adds some extra comments 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-01 10:05:51 +01:00
irbekrm
bb2bf6494b Pass the Go binary arg explicitly (for clarity) 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-01 09:09:05 +01:00
irbekrm
4413774944 Removes unused Bazel deps 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-01 08:49:30 +01:00
irbekrm
d16b830ab4 Allow to build cert-manager images with a custom base image 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-01 08:48:51 +01:00
irbekrm
1cb4406e3c Remove select statement for base 
We use the same base for all arches

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-01 08:47:28 +01:00
irbekrm
d79a058b14 Allow controlling whether cgo is enabled via flags to Bazel 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-01 08:47:06 +01:00
irbekrm
401f5c603e Add a note on stamping 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-01 08:46:49 +01:00
jetstack-bot
528305b5ed
Merge pull request #4064 from JoshVanL/certificate-request-issuer-ca 
Certificate Signing Request Issuer CA
 2021-05-28 10:57:11 +01:00
joshvanl
36bd7a459c Changes CSR util signername to use if statements rather than switch 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-28 10:34:43 +01:00
joshvanl
acc5431f1b Fix signernames to allow clusterissuers with dots in name 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-28 10:13:00 +01:00
joshvanl
9e1b0342d0 Updates with review comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 18:48:50 +01:00
jetstack-bot
5632379132
Merge pull request #4067 from wallrj/artifacthub-annotations-2 
Add ArtifactHUB pre-release annotations to the Helm chart
 2021-05-27 16:27:14 +01:00
Richard Wall
1f3c3df090 Add ArtifactHUB pre-release annotations to the Helm chart 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-27 13:58:52 +01:00
jetstack-bot
a80198c03d
Merge pull request #4065 from jetstack/revert-4049-artifacthub-annotations 
Revert "Add ArtifcactHUB pre-release annotation to the Helm chart"
 2021-05-27 13:02:34 +01:00
Richard Wall
8792a17396 Revert "Add ArtifcactHUB pre-release annotation to the Helm chart" 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-27 12:16:06 +01:00
joshvanl
60d5974115 Moves CertificateSigningRequest controller to feature gate flag 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 12:00:56 +01:00
joshvanl
e014b6655d Use ca.crt with the CertificateSigningRequest CA controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 10:49:21 +01:00
joshvanl
459b5e31b0 RBAC permissions for signing and managing cert-manager 
CertificateSigningRequersts Issuers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 00:35:58 +01:00
joshvanl
62dee4783e Adds CertificateSigningRequest CA Issuer controller as optional 
controller

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 00:32:24 +01:00
joshvanl
3b74c34089 Adds CertificateSigningRequest CA Issuer controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 00:25:02 +01:00
joshvanl
c5c206cace Adds base CertificateSigningRequest cert-manager controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 00:23:50 +01:00
joshvanl
b38519fe66 Adds kube certificates v1 API utils 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 00:18:29 +01:00