weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
6,773 Commits 45 Branches 0 Tags 96 MiB
bfcc204c2b
Commit Graph

2846 Commits

Author SHA1 Message Date
jetstack-bot
bfcc204c2b
Merge pull request #4811 from JoshVanL/controllers-server-side-apply-certificates-shim 
Server Side Apply: Adds support for certificate-shim controllers to use SSA with Feature Gate
 2022-03-28 14:33:31 +01:00
jetstack-bot
e116d416f3
Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders 
Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate
 2022-03-28 13:11:31 +01:00
joshvanl
c1c2d2d081 Add roundtrip test to Certificate serializing. Add field manager to 
certificates-shim Create API call

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:29 +01:00
joshvanl
9d0b2590a8 Optionally Apply certificates, instead of update, in certificate-shim 
when Server-Side apply is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:28 +01:00
jetstack-bot
c30cfa1610
Merge pull request #4973 from irbekrm/restrict_duration 
Enforce minimum value of experimental.cert-manager.io/request-duration to 600s
 2022-03-28 12:34:31 +01:00
jetstack-bot
d8fee10ad8
Merge pull request #4962 from fvlaicu/fix-route53-dns-challenge 
Route53 challenges: upsert records instead of create
 2022-03-23 17:29:20 +00:00
irbekrm
2656cc18c3 Fix test failures 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:57:34 +00:00
irbekrm
09d8cb9cf8 Adds some more test cases 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:20:21 +00:00
irbekrm
661abb133f Set CSR as failed if annotation duration is not a valid time 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
irbekrm
d384aef754 Enforce minimum value of experimental.cert-manager.io/request-duration to 600s 
To ensure compatibility with CSR's spec.expirationSeconds

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
jetstack-bot
0631806082
Merge pull request #4974 from irbekrm/fix_csr_events 
Use client-go scheme with core types added as event recorder scheme
 2022-03-22 17:49:51 +00:00
irbekrm
a5ed48a324 Adds a unit test for certificatesigningrequests sync function 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 15:09:33 +00:00
jetstack-bot
dc24503939
Merge pull request #4958 from irbekrm/tsig_provider 
Use our own implementation of miekg/dns.TsigProvider interface
 2022-03-22 12:18:51 +00:00
jetstack-bot
be15ce2279
Merge pull request #4953 from ajvn/feature/allow-privilege-escalation 
update: Setting allowPrivilegeEscalation to false
 2022-03-22 11:01:47 +00:00
irbekrm
cec0a6cde8 Use client-go scheme with core types added as event recorder scheme 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 09:47:46 +00:00
jetstack-bot
ca32961253
Merge pull request #4772 from irbekrm/exp_backoff 
Exponential backoff for retrying failed certificate issuances
 2022-03-21 20:31:23 +00:00
Monis Khan
2a33c7a5c2
Use Kubernetes CSR spec.expirationSeconds to express cert duration 
This change adds the ability to express certificate duration using
the Kubernetes CSR spec.expirationSeconds field alongside the existing
approach of using the experimental.cert-manager.io/request-duration
annotation.  Both approaches are supported as the expirationSeconds
field requires Kubernetes v1.22+.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-21 09:40:32 -04:00
irbekrm
dbad3d98f3 Rename issuanceAttempts -> failedIssuanceAttempts 
In an attempt to convey the meaning of the field better

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
4c901aefab Code review comments 
Adds test conditions to certs via patch API call instead of update to avoid conflicts

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
739c3298e8 Trigger controller backs off from issuance with an exponential backoff 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
9824ab0949 certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed 
This field tracks the number of continuous failures and is used to implement exponential backoff

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
affb5e86ef Adds IssuanceAttempts field to Certificate's status 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
2722e635dd Code review comments 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:09:29 +00:00
irbekrm
5c241ec9ef Adds a basic unit test 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:09:29 +00:00
irbekrm
0b754489d2 Cleanup of the adopted code 
Don't swallow an error, don't use naked return

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:09:29 +00:00
irbekrm
3a21f961ca Use our own implementation of github.com/miekg/dns.TsigProvider interface 
To allow us to both upgrade the upstream library and keep supporting HMACMD5 as RFC2136 TSIG algorithm although it was deprecated in the upstream library

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:09:29 +00:00
Florin Vlaicu
8621b09aab It seems ther is a need to perfrom upsert instead of a simple create. 
Signed-off-by: Florin Vlaicu <19238716+fvlaicu@users.noreply.github.com>
 2022-03-18 18:46:23 +02:00
irbekrm
587e02cee9 Replaces dns v0.41 -> v0.34 
This is so as to avoid dropping support for HMacMD5 value for issuer.spec.acme.solvers.dns01.rfc2136.tsigAlgorithm

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-17 20:14:55 +00:00
Ivan
d397aa5462 update: Setting allowPrivilegeEscalation to false 
Signed-off-by: Ivan <ivans@vaskir.co>
 2022-03-17 11:05:46 +01:00
jetstack-bot
14578120ed
Merge pull request #4789 from UKHomeOffice/whitelist-annotation-override 
Allow whitelist-source-range ingress annotation to be overridden
 2022-03-11 14:44:35 +00:00
Joakim Ahrlin
f5275cf1cc add enum for rotationPolicy 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-03 16:31:23 +01:00
Jake Sanders
09bbd541ef
update gateway-shim controller unit tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:21 +00:00
Jake Sanders
457fa3ca2c
Fix unit tests for Gateways 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:20 +00:00
Jake Sanders
c08f46711a
Add contour, weed out some more references to v1alpha1 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:19 +00:00
Joakim Ahrlin
eb64e6494c
update deps and BUILD files 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-01 15:05:18 +00:00
Jake Sanders
c96d91d586
Update the sig-network Gateway API support to v1alpha2 
Co-authored-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:17 +00:00
joshvanl
944f9d4103 Change controller context rate limiter test to ensure they are the same 
pointer

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-22 09:15:10 +00:00
Ashley Davis
6420aa4bfa
fix imports in a few files 
this is according to our policy on organizing imports, see:
https://cert-manager.io/docs/contributing/coding-conventions/#organizing-imports

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-18 17:42:45 +00:00
joshvanl
810820f914 Remove duplicate fieldManager variable 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-16 11:59:24 +00:00
DiptoChakrabarty
ee069f2c45 fix comments to reduce golint issues 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2022-02-16 17:28:08 +05:30
jetstack-bot
10c5d72279
Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests 
Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate
 2022-02-16 10:57:37 +00:00
joshvanl
e5a30240e7 Set field manager string to acmeorders controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-16 10:33:48 +00:00
joshvanl
8fd5641305 Set FieldManager in Create Orders API calls 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-16 10:33:48 +00:00
joshvanl
0802489f4e Updates Order controller to support apply call when feature gate it 
enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-16 10:33:48 +00:00
jetstack-bot
56d9423744
Merge pull request #4798 from JoshVanL/controllers-server-side-apply-certificatesigningrequests 
Server Side Apply: Adds support for CertificateSigningRequest controllers to use SSA with Feature Gate
 2022-02-16 10:20:37 +00:00
jetstack-bot
12a2148df3
Merge pull request #4794 from JoshVanL/controllers-server-side-apply-issuers 
Server Side Apply: Adds support for [Cluster]Issuer controller to use SSA with Feature Gate
 2022-02-11 19:37:01 +00:00
joshvanl
085b2bf34b Updates issuer and cluster issuer controllers to optionally user server 
side apply

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
49108a0278 Adds list map type to Conditions for both Issuers and Cluster Issuers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
da67eb2b65 Adds explicit field manager to requestsmanager controller Create call 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00
joshvanl
38ce8b3bcf Always user Create operation when creating new CertificateRequest 
object

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:22:33 +00:00