weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
6,437 Commits 45 Branches 0 Tags 96 MiB
bfcaa3dd55
Commit Graph

439 Commits

Author SHA1 Message Date
joshvanl
419ff43312 Add more context to SecretCertificateAnnotations 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 15:15:39 +00:00
joshvanl
ee3cc828a9 Ensure the SecretTemplate matching is aware of the base annotations set 
on the Secret

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:41:24 +00:00
joshvanl
38084fb719 Update secret manager to include additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:40:12 +00:00
joshvanl
b6e499a317 Fix comment and add comment about forcing apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
196d0011ca Remove SecretTemplate controller and move logic into issuing controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
64d78c6e10 Update certificates controller with new secret manager signatures and 
tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
c5f101525c Update certificates controller secrets manager since feature gate is 
removed

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
7a4be1edfd Copy across an existing secret type in secrets manager since that field 
is immutable.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
a56b6a8596 Fix CA injector test to only create a Secret of type kubernetes.io/tls 
since that field is immutable, and shouldn't change from Opaque

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
95ee9ee031 Force apply secrets manager if a field has a conflict with the owner 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
5660b80888 Gix golang references to feature gate package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
d6fb5138f2 Re-add crd-certificates.yaml 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
af360ee9b3 Fix some test func names and some comments. Replaces DeDuplicate in 
SecretTemplate controller to use sets.Strings. Removes DeDuplicate func

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
ebc4cba48c Make secretsmanager if statement blocks prettier 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
54c00afb13 Fix comments in secretsmanager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
957bc0a081 Create InitWithRESTConfig() in controller test context builder to not 
change existing Init() consumers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
8b501d7d54 Also don't reconcile Certificates in SecretTemplate controller if 
Issuing=True

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
1319f2a5fb Adds the certificates SecretTemplate controller to reconcile ready 
Certificate's Secrets on SecretTemplate changes

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
de4522d883 Update certificates secret manager to Apply managed fields when the 
apply feature is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
jetstack-bot
019d64edcf
Merge pull request #4688 from irbekrm/renew_failed 
Fixes a bug where a previous failed CertificateRequest was picked up during next issuance
 2022-01-04 15:08:31 +00:00
irbekrm
0a4617e582 Fix staticcheck error 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-04 10:11:04 +00:00
irbekrm
fac6622f5e Delete CertificateRequest that failed during previous issuance if we are re-issuing for the same revision 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:54:55 +00:00
irbekrm
ff67b2a9a0 Ignore failed CRs for previous issuance in certificates-issuing controller 
Issuing controller should only look at 'current' CertificateRequests

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:51:25 +00:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
joshvanl
d5503c2ed2 Change certificates controller to no longer error for a Certificate that 
no longer exists

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-11-30 15:13:14 +00:00
Jake Sanders
486fc49545
Add fuzzing unit tests for JKS passwords 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-10-29 15:12:51 +01:00
George Moldoveanu
b94b678f6d
reinstated keystore.go comment 
Signed-off-by: George Moldoveanu <mol.george@gmail.com>
 2021-09-10 13:33:46 +01:00
George Moldoveanu
563aeb1789
fixed keystore.go and keystore_test.go modules imports 
Signed-off-by: George Moldoveanu <mol.george@gmail.com>
 2021-09-10 13:28:45 +01:00
George Moldoveanu
0463681244
updates go deps and bazel files 
Signed-off-by: George Moldoveanu <mol.george@gmail.com>
 2021-09-02 23:45:11 +01:00
George Moldoveanu
d0151f7175
fixed TestEncodeJKSKeystore tests to work with upgraded keystore-go api (v4) 
Signed-off-by: George Moldoveanu <mol.george@gmail.com>
 2021-09-02 23:33:45 +01:00
George Moldoveanu
155e90d175
upgraded keystore-go to v4 and fixed code to use v4 api 
Signed-off-by: George Moldoveanu <mol.george@gmail.com>
 2021-09-02 23:24:06 +01:00
irbekrm
ec1bdc4983 Adds a test case for renewal time skew and a comment 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-08-23 15:00:57 +01:00
irbekrm
50e90dfe6e Fix renewalTime skew issue 
Ensure the time returned by RenewalTime function is the same time as that which will be read from Certificate's status

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-08-20 17:57:35 +01:00
Jonathan Prates
50bb91a032 feat: update object description explaning the current behaviour 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 09:26:23 +01:00
Jonathan Prates
12363f91e2 fix: move secretTemplate validations to validation package 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
6e8f74b4f8 tests: add Labels map to the expected secret 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
e1034c219e feat: add validation for annotations and labels 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
c5e81b13f6 fix: labels cannot be shown if no labels were changed 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
811069cac7 fix: do not create secret labels if template is empty 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
936ad33539 fix: ensure secret annotations and labels will be copied if updated in the cert 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
47bc03e7c4 feat: add support to secretTemplates 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Maël Valais
e4f981da66 Revert "memory leak: clean up scheduler goroutine on cert deletion" 
This reverts commit 641960b6. The reason we decided to revert this is
that we are unsure about the implications of adding the
scheduledWorkQueue.Forget call. The new Forget call is left untested,
and it makes us nervous not to know exactly if it works as intended.

The "Forget" memory leak that we are reverting now is the cause of a
tiny fraction of the overall memory leakage that was fixed in the PR
in the scheduler itself.  Reverting this means that some goroutines will
be leaked, but only when a Certificate gets removed and never recreated
with the same name.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-28 19:19:39 +02:00
irbekrm
2ddf6fe637 Allows for annotations passed from CSR to Order to be filtered 
Using the value from copied-annotation-prefixes flag, where by default kubectl, fluxcd, argocd annotations are excluded

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-27 10:55:09 +01:00
Irbe Krumina
3834a8fc0a Code review feedback 
Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:37 +01:00
irbekrm
143c5ce38d Adds a test for copying the annotations from Certificate 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:24 +01:00
irbekrm
ddf7e130b7 Allow users to specify which annotations should be copied from Certificate to CertificateRequest 
Default to all being copied except for kubectl, fluxcd, argocd annotations

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-26 20:00:10 +01:00
jetstack-bot
ceb9fdf6ac
Merge pull request #4231 from maelvls/fix-concurrent-read-write 
Data race: fix concurrent read and write of secret annotations and certificaterequests
 2021-07-26 13:34:12 +01:00