cert-manager

Author	SHA1	Message	Date
joshvanl	d89c3e71dc	Update rest of controllers with ControllerFactory Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
joshvanl	fb391a26e5	Update CertificateSigningRequest controller to use new ContextFactory Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
joshvanl	bd18c0ed86	Update CertificateRequest controllers to use new controller factory Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
joshvanl	c66591cf37	Update certificate controllers with new controller builder Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:48 +00:00
joshvanl	52a6ae2198	Adds ContextFactory to controller package. Changes controller builder to use ContextFactory Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:50:12 +00:00
joshvanl	38b7b930c8	Add tests from rebase and more policies under /internal/controller/certificates Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:31:05 +00:00
joshvanl	3b148347ad	Move temporary certificate policy init into policy package Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	a53987214f	Move certificates controller policies under `/internal/controller` Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	f1cafae95f	Refactor trigger policies to be more generic and be used by multiple controllers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	655dbfec51	Update certificates controller secrets manager since feature gate is removed Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	bdc310adeb	Update certificates secret manager to Apply managed fields when the apply feature is enabled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
joshvanl	d8548215dd	Update secret manager to include additional output formats Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-19 14:30:00 +00:00
jetstack-bot	051a763ee5	Merge pull request #4638 from JoshVanL/controllers-certificates-secret-template SecretTemplate reconciliation. SecretManager Apply	2022-01-18 13:28:57 +00:00
jetstack-bot	e2aede44c7	Merge pull request #4731 from DiptoChakrabarty/lint add go linters fixes within codebase	2022-01-18 12:52:57 +00:00
DiptoChakrabarty	ba9dccb26d	fix comments in consts Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>	2022-01-18 10:04:58 +05:30
joshvanl	419ff43312	Add more context to SecretCertificateAnnotations Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 15:15:39 +00:00
joshvanl	ee3cc828a9	Ensure the SecretTemplate matching is aware of the base annotations set on the Secret Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:41:24 +00:00
joshvanl	38084fb719	Update secret manager to include additional output formats Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:40:12 +00:00
joshvanl	b6e499a317	Fix comment and add comment about forcing apply Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	196d0011ca	Remove SecretTemplate controller and move logic into issuing controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	64d78c6e10	Update certificates controller with new secret manager signatures and tests Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	c5f101525c	Update certificates controller secrets manager since feature gate is removed Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	7a4be1edfd	Copy across an existing secret type in secrets manager since that field is immutable. Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	a56b6a8596	Fix CA injector test to only create a Secret of type `kubernetes.io/tls` since that field is immutable, and shouldn't change from Opaque Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	95ee9ee031	Force apply secrets manager if a field has a conflict with the owner Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	5660b80888	Gix golang references to feature gate package Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	d6fb5138f2	Re-add crd-certificates.yaml Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	af360ee9b3	Fix some test func names and some comments. Replaces DeDuplicate in SecretTemplate controller to use sets.Strings. Removes DeDuplicate func Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	ebc4cba48c	Make secretsmanager if statement blocks prettier Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	54c00afb13	Fix comments in secretsmanager Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	957bc0a081	Create InitWithRESTConfig() in controller test context builder to not change existing Init() consumers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	760254848b	Make RestConfig nil in acmechallenges sync_test.go Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	8b501d7d54	Also don't reconcile Certificates in SecretTemplate controller if Issuing=True Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	1319f2a5fb	Adds the certificates SecretTemplate controller to reconcile ready Certificate's Secrets on SecretTemplate changes Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	de4522d883	Update certificates secret manager to Apply managed fields when the apply feature is enabled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	685dd79c0c	Makes some minor API naming changes, and clears up some docs around the Certifcate's additional output formats. Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-14 20:00:26 +00:00
Thierry Sallé	7f8641dd94	[additionalOutputFormats] Update comments and add more tests Signed-off-by: Thierry Sallé <seuf76@gmail.com>	2022-01-14 11:10:32 +01:00
Thierry	81f308221b	Add certifcate additionalOutputFormats parameter DER Format to create key.der binary format of the private key. CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt. Added Unit and e2e tests for secret with Additional output format. Feature flag AdditionalCertificateOutputFormats to enable feature. Signed-off-by: Thierry Sallé <seuf76@gmail.com>	2022-01-14 11:10:32 +01:00
DiptoChakrabarty	e7c75832af	few more fixes Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>	2022-01-13 19:47:11 +05:30
jetstack-bot	778be75841	Merge pull request #4697 from irbekrm/valid_orders_update Don't fail an order that has been finalized, but the status has not been synced to Order CR	2022-01-12 08:10:03 +00:00
irbekrm	e7cc37ef71	Code review feedback Signed-off-by: irbekrm <irbekrm@gmail.com> Co-authored-by: Maël Valais <mael@vls.dev>	2022-01-11 18:09:44 +00:00
jetstack-bot	fa321b6a4b	Merge pull request #4287 from linka-cloud/acme-http-challenge-cutomer-dns Acme http challenge custom dns	2022-01-11 11:24:03 +00:00
irbekrm	24866544b8	Ensures that if alternate cert chain is specified, it is retrieved Ensures that if the cert is retrieved in a reconcile following the one that finalized the ACME order, the alternate cert chain is still respected, if specified by user Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-01-11 10:51:14 +00:00
irbekrm	de8aa2583e	Ensures that ACME orders controller does not create new order if it failed to update old order's status to valid Check the status of the ACME order if finalizing order failed to catch edge cases where the order is already finalized, but the updating of Order CR's status has failed Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-01-11 10:51:14 +00:00
jetstack-bot	2e465fbf34	Merge pull request #4628 from irbekrm/sync_cleanup Order sync cleanup	2022-01-10 20:27:04 +00:00
James Munnelly	9c04a04c7c	Move feature package into internal/controller Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-01-07 12:17:36 +00:00
Adphi	3375fa0609	http01: add custom nameservers support (#4286 ) Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>	2022-01-06 21:02:46 +01:00
jetstack-bot	019d64edcf	Merge pull request #4688 from irbekrm/renew_failed Fixes a bug where a previous failed CertificateRequest was picked up during next issuance	2022-01-04 15:08:31 +00:00
irbekrm	0a4617e582	Fix staticcheck error Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-01-04 10:11:04 +00:00
irbekrm	fac6622f5e	Delete CertificateRequest that failed during previous issuance if we are re-issuing for the same revision Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-12-22 14:54:55 +00:00
irbekrm	ff67b2a9a0	Ignore failed CRs for previous issuance in certificates-issuing controller Issuing controller should only look at 'current' CertificateRequests Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-12-22 14:51:25 +00:00
James Munnelly	81f22fd49c	Upgrade k8s.io dependencies to v0.23.1 Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-12-17 16:27:47 +00:00
joshvanl	d5503c2ed2	Change certificates controller to no longer error for a Certificate that no longer exists Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-11-30 15:13:14 +00:00
irbekrm	e48846132b	Add a couple new test cases for order finalization Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-26 16:32:02 +00:00
irbekrm	4aee0a4acd	Reduce a few calls to ACME server Ensure that when updating cert-manager Order CR's status from an existing ACME Order only one call will be made to retrieve the ACME Order Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-26 16:31:27 +00:00
irbekrm	e66c6a04d4	Fixes a typo in finalizeOrders Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-26 16:30:25 +00:00
irbekrm	7739497f22	Don't process Order CRs that have failed Ensure that cert-manager does not attempt to create new ACME Orders for cert-manager Order CRs that are in failed (errored, invalid or expired) state. If the CertificateRequest was created from a Certificate, the issuance will be retried after 1 hour Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-11-23 15:34:35 +00:00
Krzysztof Ostrowski	e35cb361c8	add comments to satisfy linter Signed-off-by: Krzysztof Ostrowski <kostrows@redhat.com> Co-authored-by: Irbe Krumina <irbekrm@gmail.com>	2021-11-04 18:15:46 +01:00
Igor Zibarev	f9ceb8a73e	Fix some lint issues regarding comments References issue #4457 Signed-off-by: Igor Zibarev <zibarev.i@gmail.com>	2021-11-02 13:57:20 +03:00
Jake Sanders	486fc49545	Add fuzzing unit tests for JKS passwords Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-10-29 15:12:51 +01:00
James Munnelly	e7dea9f2a2	Replace all references to pkg/internal with internal Signed-off-by: James Munnelly <jmunnelly@apple.com>	2021-10-21 12:27:04 +01:00
irbekrm	598ed35e4a	Uses go/crypto ListCertAlternates function to fetch alternative certificate chains This allows us to use upstream go/crypto again instead of our own fork Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-10-07 15:21:26 +01:00
Richard Wall	5d91f0a3c4	Fix flaky test by using EqualUnsorted to compare Events Supplants https://github.com/jetstack/cert-manager/pull/4297 Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-10-01 12:41:15 +01:00
irbekrm	7e9753c92e	Fix CertificateRequest test In Go 1.17 x509.CreateCertificate fails if public key doesn't match private key https://golang.org/doc/go1.17 Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-09-30 10:08:40 +01:00
joshvanl	f21a947523	Adds comment as to why the GetAuthorization is called instead of GetChallenge Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-09-16 14:44:38 +01:00
joshvanl	f83f02cc8b	Replace GetChallenge call in acmechallenge controller to GetAuthorization Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-09-15 16:05:37 +01:00
George Moldoveanu	b94b678f6d	reinstated keystore.go comment Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-10 13:33:46 +01:00
George Moldoveanu	563aeb1789	fixed keystore.go and keystore_test.go modules imports Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-10 13:28:45 +01:00
George Moldoveanu	0463681244	updates go deps and bazel files Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-02 23:45:11 +01:00
George Moldoveanu	d0151f7175	fixed TestEncodeJKSKeystore tests to work with upgraded keystore-go api (v4) Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-02 23:33:45 +01:00
George Moldoveanu	155e90d175	upgraded keystore-go to v4 and fixed code to use v4 api Signed-off-by: George Moldoveanu <mol.george@gmail.com>	2021-09-02 23:24:06 +01:00
jetstack-bot	e5cc0be04b	Merge pull request #4399 from irbekrm/fix_renewal_issue Fix renewalTime skew issue	2021-08-23 16:36:50 +01:00
irbekrm	ec1bdc4983	Adds a test case for renewal time skew and a comment Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-08-23 15:00:57 +01:00
Eng Zer Jun	54e70d2cc4	refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated in Go 1.16. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2021-08-23 19:50:42 +08:00
irbekrm	50e90dfe6e	Fix renewalTime skew issue Ensure the time returned by RenewalTime function is the same time as that which will be read from Certificate's status Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-08-20 17:57:35 +01:00
Ashley Davis	68f5ceb3b4	Fix manually specified Certificate and CertificateRequest versions Basically all modern X.509 certs are version 3, but confusingly to specify "version 3" in an encoded cert, the version number is actually 2. For PKCS#10 CSRs, the only valid version is 1, which again confusingly has the value "0" when encoded. This was incorrect in many places, including one place in which the version number on a CSR was used as a certificate's version number, when the two are entirely unrelated. Go ignores these values, so there's no functional changes here; still, it's better to be accurate. Go ignoring CSR version and specifying 0: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958 Go ignoring Certificate version and specifying 2: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534 PKCS#10 CSR specification in RFC 2986 section 4.1: https://datatracker.ietf.org/doc/html/rfc2986#section-4 X.509 Cert specification in RFC 5280 section 4.1.2.1: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-08-19 14:48:12 +01:00
irbekrm	904d4e3c15	Don't error if owner not found in cache Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-08-17 08:31:49 +01:00
jetstack-bot	d647e543e3	Merge pull request #4276 from jakexks/gateway-http01 Experimental Gateway API support for ACME HTTP-01 Solving	2021-08-03 18:51:49 +01:00
jetstack-bot	be8079b504	Merge pull request #4293 from maelvls/fix-nil-pointer Nil pointer exception: certificateRef and TLS can now be left empty	2021-08-03 16:04:49 +01:00
Maël Valais	30af205777	nil pointer: the Gateway API is full of pointers Signed-off-by: Maël Valais <mael@vls.dev>	2021-08-03 15:43:16 +02:00
Jonathan Prates	50bb91a032	feat: update object description explaning the current behaviour Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 09:26:23 +01:00
Jonathan Prates	12363f91e2	fix: move secretTemplate validations to validation package Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	6e8f74b4f8	tests: add Labels map to the expected secret Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	e1034c219e	feat: add validation for annotations and labels Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	c5e81b13f6	fix: labels cannot be shown if no labels were changed Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	811069cac7	fix: do not create secret labels if template is empty Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	936ad33539	fix: ensure secret annotations and labels will be copied if updated in the cert Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	47bc03e7c4	feat: add support to secretTemplates Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jake Sanders	deb9ccc5a9	HTTP01 solver support for the Gateway API Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:16 +01:00
Maël Valais	e4f981da66	Revert "memory leak: clean up scheduler goroutine on cert deletion" This reverts commit `641960b6`. The reason we decided to revert this is that we are unsure about the implications of adding the scheduledWorkQueue.Forget call. The new Forget call is left untested, and it makes us nervous not to know exactly if it works as intended. The "Forget" memory leak that we are reverting now is the cause of a tiny fraction of the overall memory leakage that was fixed in the PR in the scheduler itself. Reverting this means that some goroutines will be leaked, but only when a Certificate gets removed and never recreated with the same name. Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-28 19:19:39 +02:00
jetstack-bot	d062176777	Merge pull request #4243 from inteon/improved_go_routines Cleanup goroutine management	2021-07-28 15:36:41 +01:00
Inteon	d867fcc44d	remove unnecessary wait.Until Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-27 21:43:54 +02:00
jetstack-bot	3b50d78ae4	Merge pull request #4225 from jakexks/ingressv1 Feature: Support both v1 and v1beta1 ingresses.	2021-07-27 20:11:37 +01:00
irbekrm	2ddf6fe637	Allows for annotations passed from CSR to Order to be filtered Using the value from copied-annotation-prefixes flag, where by default kubectl, fluxcd, argocd annotations are excluded Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-27 10:55:09 +01:00
Jake Sanders	83857fdc03	Remove stray reference to v1beta1 Ingress Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-07-26 20:29:35 +01:00
Irbe Krumina	3834a8fc0a	Code review feedback Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io> Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:37 +01:00
irbekrm	143c5ce38d	Adds a test for copying the annotations from Certificate Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:24 +01:00
irbekrm	ddf7e130b7	Allow users to specify which annotations should be copied from Certificate to CertificateRequest Default to all being copied except for kubectl, fluxcd, argocd annotations Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:10 +01:00
Jake Sanders	87bf05601f	Update pkg/controller/test/context_builder.go Signed-off-by: Jake Sanders <i@am.so-aweso.me> Co-authored-by: Maël Valais <mael@vls.dev>	2021-07-26 18:29:56 +01:00
Jake Sanders	67c6586161	Addressing code review comments in #4225 Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-07-26 18:29:54 +01:00

1 2 3 4 5 ...

1235 Commits