weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,717 Commits 45 Branches 0 Tags 96 MiB
c30bd2cf53
Commit Graph

7717 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
irbekrm
c30bd2cf53 Bump Helm dependency 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-05 16:32:25 +01:00
irbekrm
df974120ab Ensures that acmesolver implements SingularNameProvider 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-05 16:32:25 +01:00
irbekrm
3d1134a975 Update cainjector inejctable setup 
To work with latest controller runtime

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-05 16:32:25 +01:00
Luca Comellini
b52ed6303d Bump sigs.k8s.io/controller-runtime 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
Luca Comellini
1bfc131e6a Bump sigs.k8s.io/controller-tools to v0.12.0 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
Luca Comellini
df6ec95cd1 Update OnAdd 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
Luca Comellini
a57c4abb14 Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-05-05 16:32:25 +01:00
jetstack-bot
ab4415837c
Merge pull request #6022 from wallrj/fix-flaky-leader-election-healthz-tests 
Fix flaky leader election healthz tests
 2023-05-05 16:26:07 +01:00
Richard Wall
83ce550c4c Simulate a remote leader that always updates its lease 
Fixes test flakes caused by the local node taking over leadership,
because it did not observe any change in the leader election record held by the
remote node.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-05-05 15:56:18 +01:00
jetstack-bot
a64088792d
Merge pull request #5991 from inteon/pr/JoshVanL/4810 
Server Side Apply: Adds support for CA Injector controller
 2023-05-05 14:21:07 +01:00
Tim Ramlot
a3dbd22752
only apply patch if patch is != nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 15:01:57 +02:00
jetstack-bot
5035dda25e
Merge pull request #6006 from vidarno/cache-private-key-hash-on-issuer-status 
Cache private key hash on issuer status
 2023-05-05 08:05:07 +01:00
jetstack-bot
e53584766b
Merge pull request #6018 from wallrj/hide-healthz-flags 
Hide the new healthz server flags
 2023-05-04 14:18:37 +01:00
jetstack-bot
346de1002d
Merge pull request #6017 from irbekrm/importable_webhook_tests 
Make external DNS webhook tests importable again
 2023-05-04 13:26:37 +01:00
irbekrm
a45a8b3a39 Adds a package comment, fixes imports 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-04 12:53:50 +01:00
irbekrm
206b6def1e Make external DNS webhook tests importable again 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-04 12:40:06 +01:00
Richard Wall
901538c24e Hide the new healthz server flags 
We are unsure about the implementation of the healthz server as a separate HTTP
server. and we may need to change it in a future release, so we want to avoid
users overriding these flags, for now.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-05-04 11:22:21 +01:00
jetstack-bot
09e71c37d4
Merge pull request #5972 from vinzent/bugfix/issue-5755 
Check JKS/PKCS12 truststore in Secrets only if issuer provides the CA
 2023-05-04 11:04:37 +01:00
vidarno
616a41ac8f Test TestRegistry_AddClient_UpdatesClientPKChecksum must compare private key with a checksum 
Signed-off-by: vidarno <>
 2023-05-03 22:17:03 +02:00
Tim Ramlot
bce882b477
use cainjector feature flags 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-03 19:52:13 +02:00
jetstack-bot
3971774d82
Merge pull request #6013 from SgtCoDFish/bumpgo 
Bump go + base images
 2023-05-03 10:21:15 +01:00
Tim Ramlot
4d81f1877a
resolve feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-03 11:18:10 +02:00
Ashley Davis
cd3194c1b5
bump base images to latest available 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-05-03 10:02:54 +01:00
Ashley Davis
cd0eb09932
bump to latest go version 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-05-03 10:01:55 +01:00
jetstack-bot
77409512fe
Merge pull request #5814 from ptrc-n/make-on-m1 
Add initial support for linux/arm64 as a dev platform
 2023-05-02 11:23:34 +01:00
jetstack-bot
694d3d1bd2
Merge pull request #5747 from inteon/request_matches_spec 
BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks
 2023-05-02 11:23:27 +01:00
vidarno
a1f156c2b6 Merge branch 'cert-manager:master' into cache-private-key-hash-on-issuer-status 
Signed-off-by: vidarno <>
 2023-05-02 11:58:18 +02:00
jetstack-bot
3c7f4fddf5
Merge pull request #5950 from inteon/use_single_vault_instance 
Use single vault instance in e2e tests
 2023-05-02 09:26:27 +01:00
vidarno
f7390903be Update tests after adding new LastPrivateKeyHash field in status of issuer CRDs 
Signed-off-by: vidarno <>
 2023-04-29 09:14:07 +02:00
vidarno
92da674e9a Update logic in function IsKeyCheckSumCached to compare private key with hash in status field of CRD instead of from Secret 
Signed-off-by: vidarno <>
 2023-04-29 09:13:54 +02:00
vidarno
4934183927 Extend CRDs and structs to include LastPrivateKeyHash field 
Signed-off-by: vidarno <>
 2023-04-29 09:12:56 +02:00
Tim Ramlot
349aaf666b
resolve feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-28 15:07:28 +02:00
Tim Ramlot
29e22e3900
account for pod not yet existing 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-28 13:05:18 +02:00
Tim Ramlot
f69dc581ea
remove custom mount approle, since all approles are now custom mounts 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-28 13:05:18 +02:00
Tim Ramlot
42e6282d02
use cluster-wide shared Vault instance 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-28 13:05:18 +02:00
jetstack-bot
b12644b9aa
Merge pull request #6000 from SgtCoDFish/boilersuite 
Use boilersuite instead of python
 2023-04-28 10:42:37 +01:00
Ashley Davis
408d175328
Use boilersuite instead of python 
Removes python boilerplate checker, updates our other use of boilerplate
templates and adds installation for boilersuite.

(also removes some redundant curl args when installing kind)

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-04-28 09:46:47 +01:00
Patrick Nannt
55567bdce4 added trivy shasum 
Signed-off-by: Patrick Nannt <34661599+ptrc-n@users.noreply.github.com>
 2023-04-27 19:42:56 +00:00
jetstack-bot
eafe0d0aae
Merge pull request #5999 from SgtCoDFish/chartlinks 
Fix broken links in values.yaml
 2023-04-27 16:46:54 +01:00
Ashley Davis
40d8c0e4ec
fix broken links in values.yaml 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-04-27 16:32:34 +01:00
Thomas Müller
12483d3d54 Check JKS/PKCS12 truststores only if issuer provides the CA 
The current policy check for keystores in Secrets creates a loop because
the truststore.jks or truststore.p12 will never exist when the issuer didn't
provide the CA certificate. This behaviour was introduced by #5597

The JKS and PKCS12 truststores are only added to the Secret
if the CA is provided by the issuer. The CertificateRequest API
reference states:

> The PEM encoded x509 certificate of the signer, also known
> as the CA (Certificate Authority). This is set on a best-effort basis by
> different issuers. If not set, the CA is assumed to be unknown/not available.

This change will only check the PKCS12/JKS truststores if the CA cert from the
issuer exists in the secret.

Fixes #5755

Signed-off-by: Thomas Müller <thomas@chaschperli.ch>
 2023-04-27 17:09:41 +02:00
jetstack-bot
19104fcb4a
Merge pull request #5962 from wallrj/5670-controller-manager-liveness-probe 
Report controller-manager as unhealthy if leader election has failed to renew the lease but process is wedged
 2023-04-27 15:09:54 +01:00
Richard Wall
300d89a6cd Disable the controller liveness probe by default 
And allow configuration via Helm chart values

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-27 13:34:25 +01:00
Tim Ramlot
927cef3c22
switch to SSA for cainjector 
Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-26 17:04:11 +02:00
Richard Wall
b92482e041 Use a named port 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 13:04:52 +01:00
jetstack-bot
a33a97f7a7
Merge pull request #5992 from irbekrm/ensure_bin_exists 
Ensure _bin/scratch exists before attempting to update licenses
 2023-04-26 12:50:30 +01:00
Richard Wall
1fd11906c0 Listen on all interfaces 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 12:45:58 +01:00
Richard Wall
4288fc02e8 Don't specify the livenessprobe host 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 12:42:34 +01:00
Richard Wall
f1bf47f4cc Log the healthz server address on startup 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-04-26 12:40:17 +01:00
irbekrm
941cba7bcf Ensures that _bin/scratch exists before attempting to update licenses 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-04-26 12:37:33 +01:00