weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,888 Commits 45 Branches 0 Tags 96 MiB
c746fdf356
Commit Graph

8888 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cert-manager-prow[bot]
c746fdf356
Merge pull request #7161 from wallrj/7147-cainjector-metadata-only-cache 
Reduce memory usage by only caching the metadata of Secret resources
 2024-07-12 10:31:19 +00:00
cert-manager-prow[bot]
c96e6a6b8e
Merge pull request #7164 from SgtCoDFish/bump-grpc 
Fix GHSA-xr7q-jx4m-x55m
 2024-07-10 10:20:31 +00:00
Ashley Davis
8c182d73f1
fix GHSA-xr7q-jx4m-x55m 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-07-10 11:01:15 +01:00
Richard Wall
961e81b195 Update the memory-management design document 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-07-10 10:45:28 +01:00
Richard Wall
15084fd5b8 make go-tidy 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-07-10 10:07:18 +01:00
Richard Wall
8f9ccf3b42 Reduce memory usage by only caching the metadata of Secret resources 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-07-10 10:07:18 +01:00
cert-manager-prow[bot]
659f22bf7e
Merge pull request #7155 from cert-manager/self-upgrade-master 
[CI] Merge self-upgrade-master into master
 2024-07-04 13:12:34 +00:00
cert-manager-bot
8b14e9ae0a BOT: run 'make upgrade-klone' and 'make generate' 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
 2024-07-04 00:20:14 +00:00
cert-manager-prow[bot]
af36d20702
Merge pull request #7148 from inteon/simplify_match_functions 
pki match: remove return values that are always nil
 2024-07-02 13:26:32 +00:00
Tim Ramlot
c58b08e7b7
pki match: remove return values that are always nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-02 13:38:35 +02:00
cert-manager-prow[bot]
ea349a0601
Merge pull request #7146 from lunarwhite/fix-desc 
Fix API fields description for Venafi TPP credentialsRef
 2024-07-01 14:45:32 +00:00
Yuedong Wu
df37eba376 fix API fields description for venafi tpp 
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-07-01 20:55:51 +08:00
cert-manager-prow[bot]
b497dadcb0
Merge pull request #7142 from inteon/bind_update 
Tests: use supported bind9 image and run as non-root
 2024-07-01 11:07:24 +00:00
Tim Ramlot
452ee1ea41
use supported bind9 image and run bind as non-root user 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-01 12:57:31 +02:00
cert-manager-prow[bot]
74fe287746
Merge pull request #7141 from inteon/add_bind_resource_request_and_limit 
Tests: add bind resource request to improve availability during tests
 2024-07-01 10:56:23 +00:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
Tim Ramlot
0e45b3b23b
add bind resource request to improve availability during tests, also set memory limit = request following best practice 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-28 16:05:25 +02:00
cert-manager-prow[bot]
c65c75718d
Merge pull request #7140 from inteon/bugfix_nilpointer 
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception
 2024-06-28 09:10:21 +00:00
Tim Ramlot
e906cb8db0
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-28 10:03:43 +02:00
cert-manager-prow[bot]
1b9c02e999
Merge pull request #7126 from ThatsMrTalbot/feat/helm-default-config-apiversion-and-kind 
feat: default ControllerConfiguration apiVersion and kind in helm
 2024-06-25 11:34:56 +00:00
cert-manager-prow[bot]
054887d2ef
Merge pull request #7125 from SgtCoDFish/bump-http-lib 
Bump go-retryablehttp to address CVE-2024-6104
 2024-06-25 11:09:56 +00:00
Adam Talbot
e30ad68ab2 feat: default ControllerConfiguration apiVersion and kind in helm 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-06-25 11:58:44 +01:00
Ashley Davis
817a2bfd21
bump go-retryablehttp to address CVE-2024-6104 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-06-25 11:15:52 +01:00
cert-manager-prow[bot]
46100d4c2b
Merge pull request #7124 from maelvls/make-fix-e2e_cert_manager_version 
make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works
 2024-06-25 09:28:57 +00:00
Maël Valais
dfff8c2b62 make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works 
Previously,

  E2E_EXISTING_CHART=true E2E_CERT_MANAGER_VERSION=1.14.2 make e2e-setup-certmanager

would fail with the error:

  Error: unknown flag: --version1.14.2

Signed-off-by: Maël Valais <mael@vls.dev>
 2024-06-25 10:13:04 +02:00
cert-manager-prow[bot]
b10c02a39d
Merge pull request #7123 from cert-manager/self-upgrade-master 
[CI] Merge self-upgrade-master into master
 2024-06-25 07:47:56 +00:00
Tim Ramlot
db4ab7feb6
remove duplicate Make targets 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-25 09:34:13 +02:00
cert-manager-bot
e0b345bafe BOT: run 'make upgrade-klone' and 'make generate' 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
 2024-06-25 00:19:54 +00:00
cert-manager-prow[bot]
f037fd2c68
Merge pull request #7106 from inteon/conformance_cleanup 
Refactor Certificate conformance to tabular tests
 2024-06-24 14:29:56 +00:00
cert-manager-prow[bot]
837c6a1e06
Merge pull request #7036 from fidelity-contributions/feature/5514-venafi-issuer-ca-ref-support 
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
 2024-06-24 14:18:20 +00:00
Tim Ramlot
7eba9c8551
skip conformance test if featureGate is not enabled 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
ecf7b155ee
fix CertificateOrganization matcher 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
3703b07eba
reorder certificate conformance tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
e4669aaa00
transform certificate conformance tests into tabular tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
e9ab52c768
move duplicate certificate conformance test logic to function 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
cert-manager-prow[bot]
edfc1a3ffc
Merge pull request #7119 from inteon/conformance_venafi 
Fix Venafi conformance test
 2024-06-24 11:15:03 +00:00
Tim Ramlot
b65903f048
add missing featureset.OnlySAN required feature 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 11:32:09 +02:00
cert-manager-prow[bot]
9c28f4dc26
Merge pull request #6966 from mindw/mindw/add_proc_go_build_metrics 
Add process and go runtime metrics for controller
 2024-06-21 19:21:00 +00:00
cert-manager-prow[bot]
f7100f3dbb
Merge pull request #7110 from inteon/simplify_csr_conformance_tests 
Simplify CertificateSigningRequest conformance tests and add missing tests
 2024-06-21 15:18:00 +00:00
Tim Ramlot
c3a76a9c6e
self-review changes 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-21 15:33:13 +02:00
Gabi Davar
52be4c0945
reduced go metrics to default minimum. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 15:07:57 +03:00
Tim Ramlot
6790dac656
remove LiteralSubjectFeature from unsupported features for ACME 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-21 10:14:20 +02:00
Gabi Davar
531b1f1d59
Expose Prometheus process and go runtime metrics. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 10:31:35 +03:00
cert-manager-prow[bot]
a7bdbec9e3
Merge pull request #7105 from inteon/vault_bugfix 
BUGFIX: retry signing when encountering transient error (Vault issuer)
 2024-06-20 15:46:00 +00:00
Tim Ramlot
7572d3075f
add testcase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:06 +02:00
Tim Ramlot
9e649cc8f1
only retry when encountering a Vault non-InvalidData error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:02 +02:00
Tim Ramlot
fa6f654598
copy the unsupportedFeatures from the Certificate conformance tests to the CertificateSigningRequest conformance tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:44:49 +02:00
Tim Ramlot
05495d0e4c
fix KeyUsageCertSign check to match actual behavior for CertificateSigningRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:31:09 +02:00
Tim Ramlot
688ffd8106
add missing certificatesigningrequest conformance tests 
(tests that exist for the Certificate resousources but not for the CertificateSigningRequest resources)

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:31:09 +02:00