weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,007 Commits 45 Branches 0 Tags 96 MiB
cb2cabb06f
Commit Graph

1264 Commits

Author SHA1 Message Date
oGi4i
cb2cabb06f
Add private key Ingress annotations to set private key properties for Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-28 17:45:08 +03:00
Ashley Davis
a40fdd64b5
Incease issuer and clusterissuer controller timeouts 
This follows ideas presented in
https://github.com/cert-manager/cert-manager/pull/5214

It might be nice to add these big timeouts globally to all controllers
but we're intentionally keeping these changes small and targeted for now
in order to minimise the risk when backporting these changes.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-22 11:35:00 +01:00
Joost Buskermolen
40bda26e8b
Set static (Cluster)Issuers timeout to 90 seconds 
Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
 2022-06-22 11:16:37 +01:00
Rodrigo Fior Kuntzer
afeb543c3c CertificateRequests controllers must wait for the core secrets informer to be synced 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2022-06-22 07:21:32 +02:00
oGi4i
3148b17fa5
Add revision history limit Ingress annotation to set field on the Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-21 15:12:09 +03:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
irbekrm
df3bb59af5 Ensure that Venafi client for CSRs gets initialized with metrics 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-16 17:23:33 +01:00
Richard Wall
1ade01f819 Addressed code review feedback and simplified the unit-tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-14 14:24:13 +01:00
Richard Wall
557d14a0cd Refactor the update and updateStatus to a single deferred function 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-12 16:51:30 +01:00
jetstack-bot
4ec33298a2
Merge pull request #5081 from wallrj/3640-cleanup 
Challenge cleanup improvements
 2022-05-05 11:19:28 +01:00
Irbe Krumina
1d917ef311 Revert "Use Apply instead of Update to modify resources in tests" 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-03 11:31:47 +01:00
Richard Wall
6a4fffbedc Test that the cleanup is performed 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 17:51:34 +01:00
Richard Wall
5f867bff37 Use a more reliable check for deletion 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 16:49:23 +01:00
jetstack-bot
eb76f331ad
Merge pull request #5077 from irbekrm/tests_apply 
Use Apply instead of Update to modify resources in tests
 2022-04-29 13:23:00 +01:00
jetstack-bot
31d0c3ab41
Merge pull request #5051 from wallrj/3640-set-and-consume-challenge-finalizer-in-one-place 
Set the challenge cleanup finalizer in the Sync function
 2022-04-28 15:43:24 +01:00
irbekrm
54a487f1fb certificates.Apply returns the patched certificate 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-28 14:41:22 +01:00
irbekrm
591fb3cfc9 Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-28 10:12:16 +01:00
Richard Wall
ee8c1cf738 Remove finalizer duties from the scheduling function and update and expand the tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-27 10:34:22 +01:00
Richard Wall
dd4fe97928 Set the finalizer as part of the Challenge Sync function 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-27 10:34:22 +01:00
irbekrm
cb0c8ba3e3 Log Venafi API calls 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-20 10:32:02 +01:00
irbekrm
99edfcfbfc Adds Venafi metrics 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-20 08:48:41 +01:00
lonelyCZ
53d8a07397 Add a unit test for challenges reScheduler 
Signed-off-by: lonelyCZ <531187475@qq.com>
 2022-04-08 14:35:41 +08:00
lonelyCZ
57a6d931a1 Fix the error is reported to null when it happens 
Signed-off-by: lonelyCZ <531187475@qq.com>
 2022-04-07 16:10:14 +08:00
irbekrm
0f74fc10fb Removes unnecesary check for finalizer diff in challenge sync 
No changes are made to finalizers in this function

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-01 11:53:44 +01:00
irbekrm
9a9ca2006a Adds a challenge finalizer in challenges controller 
This was previously applied in orders controller, which was causing issues when trying to remove it in challenges controller via server side apply

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-01 11:53:44 +01:00
joshvanl
82c068f0fd Updates ACME challenge controllers to use apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
jetstack-bot
e2266d7a8b
Merge pull request #4987 from wikimedia/issue-4956 
Add controller_requeue_count metric
 2022-03-29 19:53:53 +01:00
jayme-github
63e3b7a0a8 Add controller_sync_error_count metric 
Introducing a new metric controller_sync_error_count counting the
number of errors during sync() of a controller.

This adds more visibility to potential issues ranging from things like
connection problems to the API or webhooks to possible hard errors.

For context, please see #4956

Signed-off-by: Janis Meybohm <jmeybohm@wikimedia.org>
 2022-03-29 16:02:49 +02:00
joshvanl
6ee59fb9e8 Wires up new post issuance checks for issuing controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-29 13:54:27 +01:00
jetstack-bot
bfcc204c2b
Merge pull request #4811 from JoshVanL/controllers-server-side-apply-certificates-shim 
Server Side Apply: Adds support for certificate-shim controllers to use SSA with Feature Gate
 2022-03-28 14:33:31 +01:00
jetstack-bot
e116d416f3
Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders 
Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate
 2022-03-28 13:11:31 +01:00
joshvanl
c1c2d2d081 Add roundtrip test to Certificate serializing. Add field manager to 
certificates-shim Create API call

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:29 +01:00
joshvanl
9d0b2590a8 Optionally Apply certificates, instead of update, in certificate-shim 
when Server-Side apply is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-28 12:40:28 +01:00
irbekrm
2656cc18c3 Fix test failures 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:57:34 +00:00
irbekrm
09d8cb9cf8 Adds some more test cases 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-23 09:20:21 +00:00
irbekrm
661abb133f Set CSR as failed if annotation duration is not a valid time 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
irbekrm
d384aef754 Enforce minimum value of experimental.cert-manager.io/request-duration to 600s 
To ensure compatibility with CSR's spec.expirationSeconds

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
irbekrm
a5ed48a324 Adds a unit test for certificatesigningrequests sync function 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 15:09:33 +00:00
irbekrm
cec0a6cde8 Use client-go scheme with core types added as event recorder scheme 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 09:47:46 +00:00
jetstack-bot
ca32961253
Merge pull request #4772 from irbekrm/exp_backoff 
Exponential backoff for retrying failed certificate issuances
 2022-03-21 20:31:23 +00:00
Monis Khan
2a33c7a5c2
Use Kubernetes CSR spec.expirationSeconds to express cert duration 
This change adds the ability to express certificate duration using
the Kubernetes CSR spec.expirationSeconds field alongside the existing
approach of using the experimental.cert-manager.io/request-duration
annotation.  Both approaches are supported as the expirationSeconds
field requires Kubernetes v1.22+.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-21 09:40:32 -04:00
irbekrm
dbad3d98f3 Rename issuanceAttempts -> failedIssuanceAttempts 
In an attempt to convey the meaning of the field better

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
4c901aefab Code review comments 
Adds test conditions to certs via patch API call instead of update to avoid conflicts

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
739c3298e8 Trigger controller backs off from issuance with an exponential backoff 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
9824ab0949 certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed 
This field tracks the number of continuous failures and is used to implement exponential backoff

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
Jake Sanders
09bbd541ef
update gateway-shim controller unit tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:21 +00:00
Jake Sanders
457fa3ca2c
Fix unit tests for Gateways 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:20 +00:00
Jake Sanders
c08f46711a
Add contour, weed out some more references to v1alpha1 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:19 +00:00
Joakim Ahrlin
eb64e6494c
update deps and BUILD files 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-01 15:05:18 +00:00
Jake Sanders
c96d91d586
Update the sig-network Gateway API support to v1alpha2 
Co-authored-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:17 +00:00