weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,306 Commits 45 Branches 0 Tags 96 MiB
bffebe2cb6
Commit Graph

968 Commits

Author SHA1 Message Date
joshvanl
b543d103d5 Change optimistic logging to be Info, rather than debug 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-28 14:19:15 +01:00
joshvanl
8da0e25ced Don't log on default log level when an error occurs in optimistic 
locking

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-28 14:16:37 +01:00
Inteon
2d7dfcb462 start DynamicSharedInformerFactory unconditionally; only listen for VirtualServices conditionally 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
jetstack-bot
b95836421f
Merge pull request #3878 from JoshVanL/certificate-request-controller-denied-ready-condition 
Set the Ready condition to False when a CertificateRequest has been denied for all CertificateRequests that reference a cert-manager.io signer
 2021-04-13 17:22:11 +01:00
jetstack-bot
06b68d35e0
Merge pull request #3835 from RinkiyaKeDad/3620_constants_in_eventf 
chore: used constants for string literals when recording new events
 2021-04-13 15:14:11 +01:00
RinkiyaKeDad
0b87eeae97 added reason prefix for all 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-04-13 16:40:56 +05:30
joshvanl
e05adbf06b Remove expected events when Ready Denied condition set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:20:07 +01:00
joshvanl
ff3e4bb07d Don't fire an event when the Denied ready condition is set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:19:44 +01:00
joshvanl
50a84eaf1d Sets the Ready condition to False when a request is Denied 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:34:32 +01:00
joshvanl
1d75fc480e Adds Denied to certificaterequests reporter 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:26:15 +01:00
Maël Valais
88a6fa1315 issuing-controller: explain why we do the Ready + Denied checks 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-08 15:16:36 +02:00
RinkiyaKeDad
bba7c1011d added prefix and made constants public 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-04-08 12:17:15 +05:30
jetstack-bot
2dd6b6e224
Merge pull request #3795 from JoshVanL/certificates-issuing-retry-denied-requests 
Adds Denied check to CertificateRequests in issuing controller to retry denied requests
 2021-04-06 21:34:57 +01:00
jetstack-bot
10a871dc62
Merge pull request #3444 from maelvls/bug-certificaterequest-not-updated 
Bug: certificaterequest not updated after its certificate is updated
 2021-04-06 20:17:57 +01:00
jetstack-bot
6ad91e0700
Merge pull request #3833 from JoshVanL/controller-issuer-context 
Pass context through to client calls in controllers and acme issuer
 2021-04-06 18:53:57 +01:00
Maël Valais
8f5a094b0c trigger-controller: PR comment: failure mode -> failure state 
Cf. https://github.com/jetstack/cert-manager/pull/3444#pullrequestreview-629189131

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 19:14:49 +02:00
Maël Valais
181d4ee281 DataForCertificate: typo certitificate -> certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 19:06:21 +02:00
Maël Valais
a7486d5025 DataForCertificate: "Failure" CR condition -> "Failed" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:58:31 +02:00
Maël Valais
2361f355aa DataForCertificate: PR comment: certificate -> cert-manager certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:44:26 +02:00
Maël Valais
de0de24aad DataForCertificate: PR comment: mode -> state 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:42:17 +02:00
Maël Valais
c875518da1 DataForCertificate: PR comment: mismatch -> does not match 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:34:18 +02:00
Maël Valais
8b41ec1d54 DataForCertificate: PR comment: distinguish X.509 vs. Kubernetes cert 
The cert-manager team tends to use the word "certificate" for two very
different contexts:

1. sometimes, we use the word "certificate" to refer to a X.509
   certificate (a blob of ASN.1-encoded data and then PEM-formated);
2. and sometimes we refer to "certificate" as one item of the Kubernetes
   custom resource /apis/cert-manager.io/v1/certificates.

This commit makes sure the reader understands that we are talking about
the Kubernetes object here.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:25:48 +02:00
Maël Valais
a724f1ce31 DataForCertificate: PR comment: mismatches is a noun 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:59 +02:00
Maël Valais
c1d722b116 DataForCertificate: fix diagrams' Failed conditions 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
6c9477439c trigger-controller: hint people to look at gatherer.go diagrams 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
497f561ef7 DataForCertificate: hint people to look at gatherer.go diagrams 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
068a1c466f DataForCertificate: better wording for the "error returned" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
f588d4138a DataForCertificate: explain what the "current" and "next" CRs are used for 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:47 +02:00
Maël Valais
a1a43b6784 DataForCertificate: PR comment: explain why we return a "duplicate CR" err 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:29 +02:00
Maël Valais
450d27f5d0 trigger-controller: PR comment: and -> if there is 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
c1bf35f4ed trigger-controller: further comments on shouldBackoffReissuingOnFailure 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
a2bbdb7c51 DataForCertificate: explain what is the "next" certificate request 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
27f258cf3c trigger-controller: PR comment: use a single "fixedClock" 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
36c2cc4d3b trigger-controller: PR comment: explain what "if nextCR != nil" is about 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
85128f26ce trigger-controller: PR comment: rephrase log about skipping issuance 
The log message:

    multiple CertificateRequests found for the 'next' revision 2,
    skipping issuance until no more duplicate.

can be better phrased as:

    multiple CertificateRequests are found for the 'next' revision 2,
    issuance is skipped until there are no more duplicates.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
05c1fb9fc2 trigger-controller: reissue on mismatch using NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
eb6d1399fc DataForCertificate: the func now fetches NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
9305766ff2 trigger-controller: add two unit tests to showcase #3250 
Note that I had initially made createCryptoBundle public since I found
it inconvenient to have to pass a testing.T when we know that we should
never be  failing inside this func (I mean, the failure  zould not be due
to a wrong test case).

After a comment from Maartje, I realize that I could just use an anonymous
function for that purpose.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
747aba056c createCryptoBundle: cert-manager.io/certificate-revision was wrong 
It was set to a pointer value instead of the actual int value.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
joshvanl
a072738c42 Move canceled context defer to first in stack for [cluster]issuer 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-06 16:26:18 +01:00
joshvanl
c9d2a63802 Update failIssueCertificate signature and give more context in comment 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:30:29 +01:00
joshvanl
06cffcdf59 Adds Denied check to CertificateRequests in issuing controller to retry 
denied requests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:21:23 +01:00
Richard Wall
20510e45f0 Update cainjector to use stable API versions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-01 17:23:28 +01:00
RinkiyaKeDad
ab912ef120 chore: added constants for non repeating ones also 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-04-01 15:46:54 +05:30
RinkiyaKeDad
067f6ac1e4 chore: used constants for repeated string literals in record.EventRecorder.Eventf function calls 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-04-01 13:00:40 +05:30
joshvanl
18ae2295f9 Pass context through to client calls in controllers and acme issuer 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-31 20:34:12 +01:00
Salman
800d6019bf Replace reflect.DeepEqual with semantic equality check and remove status marshal 
Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>
 2021-03-27 12:49:14 +05:30
Salman
572bfb9111 Replace reflect.DeepEqual with semantic equality check 
Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>
 2021-03-27 12:49:14 +05:30
jetstack-bot
19ae739ab7
Merge pull request #3760 from SgtCoDFish/selfsigned-validity-3634 
selfsigned: warn when certs are issued with empty issuer DNs
 2021-03-26 12:30:58 +00:00