weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,770 Commits 45 Branches 0 Tags 96 MiB
bf6bbb19de
Commit Graph

3110 Commits

Author SHA1 Message Date
jetstack-bot
529497f150
Merge pull request #6034 from gdvalle/patch-1 
apis/acme/v1: ACMEIssuer: set omitempty on optional field
 2023-05-18 11:14:39 +01:00
jetstack-bot
022292832f
Merge pull request #6032 from inteon/fix_acme_bugs 
Fix small bugs and make small improvements in ACME code
 2023-05-12 15:19:41 +01:00
Tim Ramlot
20599d1d35
remove CertificateTemplateAddKeyUsages 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
0cf0f80b40
switch to non-deprecated functions in source code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
1c2662af82
cleanup CSR & CertificateTemplate util code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
jetstack-bot
308c1472aa
Merge pull request #6031 from inteon/remove_deprecated_3 
Replace deprecated wait.PollUntil and wait.Poll
 2023-05-10 17:52:54 +01:00
Ashley Davis
209c252005
Move webhook testing package to core module 
This package was used by at least one external importer [1] and so the
change to make the webhook live in a separate package caused an issue
which @irbekrm reported on slack. [2]

This PR moves the webhook testing code into the core cert-manager module
so it'll be importable anywhere (albeit under a new name). This change
also requires moving the webhook options into the core cert-manager
module since they're required by the webhook testing logic.

[1] 268cd2fdba/test/env/env.go (L25)

[2] https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1683650224483169

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-05-09 18:40:03 +01:00
Tim Ramlot
e08a13496d
replace deprecated wait.PollUntil() and wait.Poll() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 17:47:53 +02:00
Tim Ramlot
7d0178f27d
fix small bugs and make small improvements 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 15:22:21 +02:00
Greg
662900a1d3
apis/acme/v1: ACMEIssuer: set omitempty on optional field 
This field is marked optional in the API docs, but is required when serializing JSON. Make it optional to match.

Signed-off-by: Greg <gdvalle@users.noreply.github.com>
 2023-05-07 09:52:13 -05:00
Tim Ramlot
d656b2d9da
replace deprecated PollImmediateUntil with PollUntilContextCancel 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-07 10:15:46 +02:00
Tim Ramlot
dc12a5d0a0
revert setting flags for logging tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 18:08:29 +02:00
Tim Ramlot
8747adf629
fix feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 18:08:29 +02:00
Tim Ramlot
f0871eb6b8
further standardise logging across components 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 18:08:29 +02:00
Tim Ramlot
5091a3bff4
use same logging flags for every cli and simplify flag logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 18:08:29 +02:00
Michael Malov
99e23d5e93
Add support for json logging format 
Signed-off-by: Michael Malov <14035243+malovme@users.noreply.github.com>
 2023-05-05 18:01:16 +02:00
irbekrm
df974120ab Ensures that acmesolver implements SingularNameProvider 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-05 16:32:25 +01:00
irbekrm
3d1134a975 Update cainjector inejctable setup 
To work with latest controller runtime

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-05 16:32:25 +01:00
Luca Comellini
1bfc131e6a Bump sigs.k8s.io/controller-tools to v0.12.0 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
Luca Comellini
df6ec95cd1 Update OnAdd 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
Luca Comellini
a57c4abb14 Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
jetstack-bot
ab4415837c
Merge pull request #6022 from wallrj/fix-flaky-leader-election-healthz-tests 
Fix flaky leader election healthz tests
 2023-05-05 16:26:07 +01:00
Richard Wall
83ce550c4c Simulate a remote leader that always updates its lease 
Fixes test flakes caused by the local node taking over leadership,
because it did not observe any change in the leader election record held by the
remote node.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-05-05 15:56:18 +01:00
jetstack-bot
a64088792d
Merge pull request #5991 from inteon/pr/JoshVanL/4810 
Server Side Apply: Adds support for CA Injector controller
 2023-05-05 14:21:07 +01:00
Tim Ramlot
a3dbd22752
only apply patch if patch is != nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 15:01:57 +02:00
jetstack-bot
5035dda25e
Merge pull request #6006 from vidarno/cache-private-key-hash-on-issuer-status 
Cache private key hash on issuer status
 2023-05-05 08:05:07 +01:00
jetstack-bot
09e71c37d4
Merge pull request #5972 from vinzent/bugfix/issue-5755 
Check JKS/PKCS12 truststore in Secrets only if issuer provides the CA
 2023-05-04 11:04:37 +01:00
vidarno
616a41ac8f Test TestRegistry_AddClient_UpdatesClientPKChecksum must compare private key with a checksum 
Signed-off-by: vidarno <>
 2023-05-03 22:17:03 +02:00
Tim Ramlot
bce882b477
use cainjector feature flags 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-03 19:52:13 +02:00
Tim Ramlot
4d81f1877a
resolve feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-03 11:18:10 +02:00
jetstack-bot
694d3d1bd2
Merge pull request #5747 from inteon/request_matches_spec 
BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks
 2023-05-02 11:23:27 +01:00
vidarno
a1f156c2b6 Merge branch 'cert-manager:master' into cache-private-key-hash-on-issuer-status 
Signed-off-by: vidarno <>
 2023-05-02 11:58:18 +02:00
vidarno
f7390903be Update tests after adding new LastPrivateKeyHash field in status of issuer CRDs 
Signed-off-by: vidarno <>
 2023-04-29 09:14:07 +02:00
vidarno
92da674e9a Update logic in function IsKeyCheckSumCached to compare private key with hash in status field of CRD instead of from Secret 
Signed-off-by: vidarno <>
 2023-04-29 09:13:54 +02:00
vidarno
4934183927 Extend CRDs and structs to include LastPrivateKeyHash field 
Signed-off-by: vidarno <>
 2023-04-29 09:12:56 +02:00
Thomas Müller
12483d3d54 Check JKS/PKCS12 truststores only if issuer provides the CA 
The current policy check for keystores in Secrets creates a loop because
the truststore.jks or truststore.p12 will never exist when the issuer didn't
provide the CA certificate. This behaviour was introduced by #5597

The JKS and PKCS12 truststores are only added to the Secret
if the CA is provided by the issuer. The CertificateRequest API
reference states:

> The PEM encoded x509 certificate of the signer, also known
> as the CA (Certificate Authority). This is set on a best-effort basis by
> different issuers. If not set, the CA is assumed to be unknown/not available.

This change will only check the PKCS12/JKS truststores if the CA cert from the
issuer exists in the secret.

Fixes #5755

Signed-off-by: Thomas Müller <thomas@chaschperli.ch>
 2023-04-27 17:09:41 +02:00
jetstack-bot
19104fcb4a
Merge pull request #5962 from wallrj/5670-controller-manager-liveness-probe 
Report controller-manager as unhealthy if leader election has failed to renew the lease but process is wedged
 2023-04-27 15:09:54 +01:00
Tim Ramlot
927cef3c22
switch to SSA for cainjector 
Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-26 17:04:11 +02:00
Richard Wall
dd34e58b5a Make it clear that the tests are concerned only with LeaderElection healthz 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 10:50:03 +01:00
Richard Wall
4d182e9c7b Add /livez endpoint which reports the leaderElection status 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 07:53:26 +01:00
irbekrm
300fe72ff0 Code review 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-25 13:45:06 +01:00
irbekrm
0d1d66d900 Fixes tests 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-25 06:20:58 +01:00
irbekrm
3d82e94789 Ensures metadata only is cached for pods and services 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-25 06:20:58 +01:00
Tobo Atchou
ee638a91ff cert-manager-webhook to provide logs when handling request 
Signed-off-by: Tobo Atchou <tobo.atchou@gmail.com>
 2023-04-22 10:41:44 +02:00
jetstack-bot
ece30e655f
Merge pull request #5949 from TrilokGeer/key-replace-sha256checksum 
Fixes status change on privateKey update on acme issuer
 2023-04-18 15:04:07 +01:00
jetstack-bot
bfa7eaaf0d
Merge pull request #5766 from irbekrm/cainjector_limit_controllers 
Cainjector limit controllers
 2023-04-18 11:14:21 +01:00
TrilokGeer
bdc0cb7c40 Fixes status change on privateKey update on acme issuer 
Signed-off-by: TrilokGeer <tgeer@redhat.com>
 2023-04-14 21:33:44 +05:30
Tim Ramlot
415da885a1
remove ioutil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-07 11:19:52 +02:00
jetstack-bot
50501d2f64
Merge pull request #5824 from irbekrm/controller_partial_metadata 
Controller partial metadata
 2023-04-06 15:38:02 +01:00
irbekrm
7e6f2be820 Fixes goimports 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-05 16:29:41 +01:00