cert-manager

Author	SHA1	Message	Date
Tim Ramlot	2dc22bc8e7	add extra comment Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-25 15:58:51 +02:00
Tim Ramlot	eac230f93e	add more test cases and fix typo Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-22 12:44:52 +02:00
Tim Ramlot	860df2294b	fix feedback: make hash secure Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-21 13:24:07 +02:00
Tim Ramlot	6006182435	add uniqueness check for names util Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-20 20:28:00 +02:00
Tim Ramlot	5d876c5b91	improvements based on PR feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-20 18:23:13 +02:00
Tim Ramlot	fa2d9333e3	BUGFIX: CertificateRequest short names must be unique. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-20 14:51:24 +02:00
Josh Soref	05117f5f75	Add cluster-autoscaler.kubernetes.io/safe-to-evict Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2023-09-14 12:47:04 -04:00
Tim Ramlot	8d75a003e9	add health probe that detects skew between 'real' system clock and 'monotonic' internal clock Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-14 13:55:44 +02:00
Eng Zer Jun	c274d7e929	refactor: remove redundant nil check From the Go specification: "3. If the map is nil, the number of iterations is 0." [1] Therefore, an additional nil check for before the loop is unnecessary. [1]: https://go.dev/ref/spec#For_range Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2023-09-05 19:05:59 +08:00
jetstack-bot	798116152c	Merge pull request #6302 from inteon/update_api_comments Review Certificate and CertificateRequest API comments	2023-09-01 12:38:39 +02:00
Tim Ramlot	b98043f6b8	apply review suggestions Co-authored-by: Maël Valais <mael@vls.dev> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-01 12:20:00 +02:00
Tim Ramlot	7c2b4adee7	Rewrite comments in cert-manager API Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-01 12:19:35 +02:00
jetstack-bot	3216d18f84	Merge pull request #6298 from inteon/feature_gates Feature gates: promote StableCertificateRequestName and SecretsFilteredCaching to Beta	2023-08-30 19:25:45 +02:00
Tim Ramlot	cf8e37291a	replace k8s.io/utils/pointer with k8s.io/utils/ptr Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-28 09:33:10 +02:00
Tim Ramlot	68cbbf8c42	update tests to work with StableCertificateRequestName featuregate being enabled by default Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-25 21:32:08 +02:00
Tim Ramlot	c70d9aba08	Rename DontAllowInsecureCSRUsageDefinition feature flag to DisallowInsecureCSRUsageDefinition and make it a Beta flag. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-25 15:18:14 +02:00
jetstack-bot	9ebc08cd64	Merge pull request #5879 from maelvls/structured-logs-deprecate Deprecate klog flags and add a deprecation message	2023-08-25 14:42:10 +02:00
Maël Valais	1c85525d45	klog: warn people that the flags may get removed in the future Signed-off-by: Maël Valais <mael@vls.dev>	2023-08-25 08:54:54 +02:00
Tim Ramlot	6a159bb2d7	fix changed slices.SortFunc signature Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-24 19:54:30 +02:00
Tim Ramlot	3fc1f8a580	upgrade all dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-24 19:54:25 +02:00
jetstack-bot	ba73f80b14	Merge pull request #6289 from inteon/acme_webhook_openapi Add openapi definitions to acme API server	2023-08-24 16:49:48 +02:00
jetstack-bot	cce304b9d6	Merge pull request #6293 from SgtCoDFish/ipv6compare Fix invalid handling of ip addresses in comparisons	2023-08-24 16:36:48 +02:00
Ashley Davis	bbbc758ccd	fix invalid handling of ip addresses in comparisons Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-08-24 15:21:42 +01:00
jetstack-bot	8d9052f3a9	Merge pull request #6291 from inteon/remove_maxpathlen Remove MaxPathLen CSR blob validation logic	2023-08-24 15:11:17 +02:00
Tim Ramlot	66b1c6e19b	only set logging settings once Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-23 14:28:40 +02:00
Tim Ramlot	1858ccf369	remove MaxPathLen CSR blob validation logic Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-23 14:24:36 +02:00
Tim Ramlot	9d2d1cd6ef	add openapi definitions to acme API server Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-23 14:12:51 +02:00
jetstack-bot	15b2643abf	Merge pull request #6253 from fayvori/master Fix messageAppRoleAuthKeyRequired error message	2023-08-17 19:01:31 +02:00
Tim Ramlot	80a3923fd2	use logsapi.LoggingConfiguration instead of logs.Options Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-17 12:51:19 +02:00
Tim Ramlot	31b5ed6620	Make webhook Logging options configurable using configfile. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-17 12:00:50 +02:00
Tim Ramlot	e8b5b2e354	Fix bug in ControllerConfiguration's defaulting of logging config, where config would not be correctly defaulted in case a partial logging configuration is provided. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-17 11:19:16 +02:00
jetstack-bot	061c1337e6	Merge pull request #6275 from inteon/use_int32_instead_of_int WebhookConfiguration: change the types of ports from int to int32	2023-08-16 12:18:05 +02:00
Tim Ramlot	db1fcdabb1	add comment explaining port 0 behavior Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-16 11:08:36 +02:00
Tim Ramlot	b19d11d267	change the types of ports in the WebhookConfiguration: internal: int -> int32 public: int -> *int32 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-15 20:53:58 +02:00
Ashley Davis	87102cf47e	add tests for ipv6 in ingress-shim Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-08-15 10:52:57 +01:00
jetstack-bot	9462d8ae9d	Merge pull request #6267 from zhangzhiqiangcs/distinguish-dns-names-ip-address distinguish dns names and ip address	2023-08-15 11:00:03 +02:00
zhangzhiqiang02	a518056e0b	distinguish dns names and ip address Signed-off-by: zhangzhiqiang02 <zhangzhiqiang02@megvii.com>	2023-08-15 09:56:36 +08:00
guiyong.ou	ad27e88a4b	fix small possible Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>	2023-08-14 19:51:52 +08:00
guiyong.ou	3d76c20f51	cleanup: some redundant code clean up Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>	2023-08-14 17:36:25 +08:00
jetstack-bot	9d618a17fb	Merge pull request #6242 from inteon/restructure_controller_configfile Restructure the controller configfile	2023-08-10 15:37:09 +02:00
Tim Ramlot	f50167ce31	restructure the controller configfile Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-10 11:30:33 +02:00
Ignat Belousov	17c34eaafa	Returned time to each function Signed-off-by: Ignat Belousov <ignat.belousov2000@yahoo.com>	2023-08-10 10:05:37 +02:00
Ignat Belousov	88f1500843	Fix messageAppRoleAuthKeyRequired error message Signed-off-by: Ignat Belousov <ignatbelousov@Ignats-MacBook-Pro.local>	2023-08-10 10:05:37 +02:00
Ashley Davis	a53bec25e7	Update nameserver lookup test to use upstream targets In the long term I don't think this test should be run as a unit test because it can randomly break due to changes in DNS config we don't control, which is a pretty poor user experience for someone trying to change unrelated code. If we're going to run this kind of check, we should probably run it as a periodic rather than a presubmit, perhaps with the test being run on presubmit when the DNS util code is changed. But that's all more work than I can really do now. Instead, I'll copy what the upstream go-lego is doing, which should unblock us for now: `07c4daeff3/challenge/dns01/nameserver_test.go` Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-08-09 09:27:30 +01:00
Tim Ramlot	ae287461d0	prepare cmctl improvements Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-01 10:32:35 +02:00
Cody W. Eilar	282a6d58a9	Preserve internal types - Needed to add custom conversion functions to handle conversions from public facing types to internal ones. Signed-off-by: Cody W. Eilar <ecody@vmware.com>	2023-07-27 16:44:38 -07:00
Cody W. Eilar	6212b63e51	Address the non-optional values in internal config - This commit changes the internal config to have fewer number of optional parameters. It changes the types to match the ones that are already present in https://github.com/kubernetes/apimachinery/blob/master/pkg/apis/meta/v1/conversion.go so that custom converters do not have to be written for types "int" and "float32". Signed-off-by: Cody W. Eilar <ecody@vmware.com>	2023-07-27 16:44:38 -07:00
Cody W. Eilar	1243fe285b	Add to ability to start controller with config file Signed-off-by: Cody W. Eilar <ecody@vmware.com>	2023-07-27 16:44:38 -07:00
jetstack-bot	9de9809ac5	Merge pull request #6108 from inteon/ctl_logging Use logging library with json support in cmctl (part 1)	2023-07-27 17:54:51 +02:00
jetstack-bot	0b9366c0fb	Merge pull request #6232 from inteon/fix_log_reassignment [BUGFIX] Incorrect re-assignment of cross-invocation variable	2023-07-26 13:35:07 +02:00
Ashley Davis	7e1ce241ac	use supplied context where possible this was discovered as part of the investigation into #6104 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-07-26 11:06:31 +01:00
Tim Ramlot	c7d0e0a13e	instead of creating a new local log variable, we were updating the cross-invocation log variable and were adding more Values to the log variable, causing high memory usage and incorrect log messages Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-25 20:31:47 +02:00
jetstack-bot	4de06a19d7	Merge pull request #6152 from inteon/improve_policy_chain_v0 Improve Trigger, Readiness and PostIssuance Policy chains	2023-07-24 17:06:42 +02:00
Tim Ramlot	36ddf19e2e	improve Trigger, Readiness and PostIssuance Policy chains Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-24 09:42:19 +02:00
Luca Comellini	3ff638b6f3	Bump k8s.io dependencies Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-07-20 10:35:20 -07:00
Tim Ramlot	90f84b9c40	remove VCert fork dependency replace statement Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-10 11:26:16 +02:00
jetstack-bot	843deed22f	Merge pull request #6199 from inteon/add_validation_to_pki Add validation to pki CertificateTemplate functions	2023-07-07 09:32:14 +02:00
Tim Ramlot	5ba29272c0	add validation to pki CertificateTemplate function and add support for add DontAllowInsecureCSRUsageDefinition featuregate to use old behavior in controller Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-05 13:04:21 +02:00
jetstack-bot	914944c020	Merge pull request #6176 from inteon/reconcile_managed_annotations_and_labels Reconcile when managed annotations/ labels are out-of-sync	2023-07-04 11:55:29 +02:00
jetstack-bot	e66a92ac52	Merge pull request #6182 from inteon/stricter_certificaterequest_csr_webhook_validation BUGFIX: Stricter CertificateRequest CSR webhook validation	2023-06-29 18:10:43 +02:00
Richard Boldiš	2b2ada9491	fix: handle multiple cloudflare dns-01 challenges for the same FQDN Signed-off-by: Richard Boldiš <richard@boldis.dev>	2023-06-27 18:13:35 +02:00
Tim Ramlot	3938c75850	improve (Extended)KeyUsage parsing to be more consistent Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-26 10:06:55 +02:00
Tim Ramlot	a9339849e5	improve label and annotation checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-23 17:05:42 +02:00
jetstack-bot	4d1486bbfc	Merge pull request #6168 from inteon/add_public_key_match Add SecretPublicKeysDiffersFromCurrentCertificateRequest check	2023-06-23 16:55:40 +02:00
Tim Ramlot	02b008fe6d	improve documentation of ParseSingleCertificateChain Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-22 12:46:08 +02:00
Tim Ramlot	19377b43b1	fix feedback from @wallrj Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-21 15:31:20 +02:00
jetstack-bot	529893556b	Merge pull request #6154 from inteon/fix_basic_constraints_alpha_feature BUGFIX: I incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature	2023-06-21 14:01:26 +02:00
Tim Ramlot	82499eb75b	fix failing TestNewReadinessPolicyChain test Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-20 19:06:02 +02:00
jetstack-bot	716bd301a1	Merge pull request #5003 from FlorianLiebhart/DNS-over-https-check Implement the DNS-over-HTTPS check	2023-06-20 18:04:54 +02:00
Florian Liebhart	b47c5a1361	update documentation on the DNSQuery function Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-20 10:36:27 +02:00
Florian Liebhart	ae27bfb0d6	write some unit tests for CAA Validation Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 16:27:00 +02:00
Florian Liebhart	9ddf2bab90	remove HTTPS endpoint for default nameservers; remove DNS-over-TLS Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 16:06:39 +02:00
Tim Ramlot	3a29635c66	add support for DoH and DoT Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-19 15:59:40 +02:00
Florian Liebhart	894e1f99d6	fix error for dns endpoint propagation Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
Florian Liebhart	a934bbf462	Make the DNS-Over-HTTPS Json endpoint configurable Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
Florian Liebhart	857d0aef9e	Add logging for the DNS over HTTPS selfcheck Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
Florian Liebhart	fa2f063c28	rebase master Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
Tim Ramlot	bdb685d62e	ip address is missing from error message Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 21:32:13 +02:00
Tim Ramlot	9000a06956	BUGFIX: we incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 21:31:25 +02:00
Tim Ramlot	fe4f4e4aa6	re-add TODO comment and make the message more clear Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 14:51:39 +02:00
Tim Ramlot	8ddf016b00	fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-13 16:54:32 +02:00
schrodit	53a5a95d9f	Add enableServiceLink to test pod definition Signed-off-by: schrodit <mail@timschrodi.tech>	2023-06-12 09:54:37 +02:00
schrodit	c9559882c4	Remove service links from http solver pod Signed-off-by: schrodit <mail@timschrodi.tech>	2023-06-12 09:26:22 +02:00
cui fliter	4723347260	fix function name in comments Signed-off-by: cui fliter <imcusg@gmail.com>	2023-06-07 17:17:07 +08:00
jetstack-bot	f8940ab5c4	Merge pull request #6125 from irbekrm/explain_fao Document what fao stands for in the controller.cert-manager.io/fao label	2023-06-06 14:09:45 +02:00
irbekrm	f4dc243b77	Document what fao stands for in the controller.cert-manager.io/fao label Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-06-02 13:45:10 +01:00
Tim Ramlot	c4c5899887	Update pkg/util/cmapichecker/cmapichecker.go Co-authored-by: Siggi Skulason <siggi@skulason.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-01 11:16:33 +01:00
Hans Arnholm	501581ad06	issuer: acme: clouddns: Only clean up own records If running multiple certmanagers they can race against each other Signed-off-by: Hans Arnholm <hans@arnholm.dk>	2023-06-01 10:15:54 +02:00
Tim Ramlot	3490a005b1	prepare cmctl libraries to support logging Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-30 18:35:45 +02:00
jetstack-bot	c5e6bf39d6	Merge pull request #6054 from inteon/correct_versions Use Version 3 for *x509.Certificate	2023-05-26 13:57:32 +01:00
irbekrm	b1a59164e0	Don't import controller's feature gate setup into a shared library To prevent controller's feature gates from overwriting other component's feature gates Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-23 12:01:30 +01:00
irbekrm	524998abdf	Don't run API Priority and Fairness controller in webhook extension apiserver Because it is not needed and can cause issues with older versions of kube Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-22 12:53:15 +01:00
jetstack-bot	529497f150	Merge pull request #6034 from gdvalle/patch-1 apis/acme/v1: ACMEIssuer: set omitempty on optional field	2023-05-18 11:14:39 +01:00
jetstack-bot	022292832f	Merge pull request #6032 from inteon/fix_acme_bugs Fix small bugs and make small improvements in ACME code	2023-05-12 15:19:41 +01:00
Tim Ramlot	9606f4d5fe	make KeyUsage and BasicConstraints Critical extensions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:29:02 +02:00
Tim Ramlot	e7530880ce	use Version 3 for all Certificates and Version 0 for all CertificateRequests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:21:55 +02:00
Tim Ramlot	20599d1d35	remove CertificateTemplateAddKeyUsages Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
Tim Ramlot	0cf0f80b40	switch to non-deprecated functions in source code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
Tim Ramlot	1c2662af82	cleanup CSR & CertificateTemplate util code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
jetstack-bot	308c1472aa	Merge pull request #6031 from inteon/remove_deprecated_3 Replace deprecated wait.PollUntil and wait.Poll	2023-05-10 17:52:54 +01:00
Ashley Davis	209c252005	Move webhook testing package to core module This package was used by at least one external importer [1] and so the change to make the webhook live in a separate package caused an issue which @irbekrm reported on slack. [2] This PR moves the webhook testing code into the core cert-manager module so it'll be importable anywhere (albeit under a new name). This change also requires moving the webhook options into the core cert-manager module since they're required by the webhook testing logic. [1] `268cd2fdba/test/env/env.go (L25)` [2] https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1683650224483169 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-05-09 18:40:03 +01:00
Tim Ramlot	e08a13496d	replace deprecated wait.PollUntil() and wait.Poll() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-09 17:47:53 +02:00
Tim Ramlot	7d0178f27d	fix small bugs and make small improvements Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-09 15:22:21 +02:00
Greg	662900a1d3	apis/acme/v1: ACMEIssuer: set omitempty on optional field This field is marked optional in the API docs, but is required when serializing JSON. Make it optional to match. Signed-off-by: Greg <gdvalle@users.noreply.github.com>	2023-05-07 09:52:13 -05:00
Tim Ramlot	d656b2d9da	replace deprecated PollImmediateUntil with PollUntilContextCancel Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-07 10:15:46 +02:00
Tim Ramlot	dc12a5d0a0	revert setting flags for logging tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Tim Ramlot	8747adf629	fix feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Tim Ramlot	f0871eb6b8	further standardise logging across components Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Tim Ramlot	5091a3bff4	use same logging flags for every cli and simplify flag logic Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 18:08:29 +02:00
Michael Malov	99e23d5e93	Add support for json logging format Signed-off-by: Michael Malov <14035243+malovme@users.noreply.github.com>	2023-05-05 18:01:16 +02:00
irbekrm	df974120ab	Ensures that acmesolver implements SingularNameProvider Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-05 16:32:25 +01:00
irbekrm	3d1134a975	Update cainjector inejctable setup To work with latest controller runtime Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-05 16:32:25 +01:00
Luca Comellini	1bfc131e6a	Bump sigs.k8s.io/controller-tools to v0.12.0 Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-05-05 16:32:25 +01:00
Luca Comellini	df6ec95cd1	Update OnAdd Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-05-05 16:32:25 +01:00
Luca Comellini	a57c4abb14	Bump k8s.io dependencies Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-05-05 16:32:25 +01:00
jetstack-bot	ab4415837c	Merge pull request #6022 from wallrj/fix-flaky-leader-election-healthz-tests Fix flaky leader election healthz tests	2023-05-05 16:26:07 +01:00
Richard Wall	83ce550c4c	Simulate a remote leader that always updates its lease Fixes test flakes caused by the local node taking over leadership, because it did not observe any change in the leader election record held by the remote node. Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2023-05-05 15:56:18 +01:00
jetstack-bot	a64088792d	Merge pull request #5991 from inteon/pr/JoshVanL/4810 Server Side Apply: Adds support for CA Injector controller	2023-05-05 14:21:07 +01:00
Tim Ramlot	a3dbd22752	only apply patch if patch is != nil Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-05 15:01:57 +02:00
jetstack-bot	5035dda25e	Merge pull request #6006 from vidarno/cache-private-key-hash-on-issuer-status Cache private key hash on issuer status	2023-05-05 08:05:07 +01:00
jetstack-bot	09e71c37d4	Merge pull request #5972 from vinzent/bugfix/issue-5755 Check JKS/PKCS12 truststore in Secrets only if issuer provides the CA	2023-05-04 11:04:37 +01:00
vidarno	616a41ac8f	Test TestRegistry_AddClient_UpdatesClientPKChecksum must compare private key with a checksum Signed-off-by: vidarno <>	2023-05-03 22:17:03 +02:00
Tim Ramlot	bce882b477	use cainjector feature flags Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-03 19:52:13 +02:00
Tim Ramlot	4d81f1877a	resolve feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-03 11:18:10 +02:00
jetstack-bot	694d3d1bd2	Merge pull request #5747 from inteon/request_matches_spec BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks	2023-05-02 11:23:27 +01:00
vidarno	a1f156c2b6	Merge branch 'cert-manager:master' into cache-private-key-hash-on-issuer-status Signed-off-by: vidarno <>	2023-05-02 11:58:18 +02:00
vidarno	f7390903be	Update tests after adding new LastPrivateKeyHash field in status of issuer CRDs Signed-off-by: vidarno <>	2023-04-29 09:14:07 +02:00
vidarno	92da674e9a	Update logic in function IsKeyCheckSumCached to compare private key with hash in status field of CRD instead of from Secret Signed-off-by: vidarno <>	2023-04-29 09:13:54 +02:00
vidarno	4934183927	Extend CRDs and structs to include LastPrivateKeyHash field Signed-off-by: vidarno <>	2023-04-29 09:12:56 +02:00
Thomas Müller	12483d3d54	Check JKS/PKCS12 truststores only if issuer provides the CA The current policy check for keystores in Secrets creates a loop because the truststore.jks or truststore.p12 will never exist when the issuer didn't provide the CA certificate. This behaviour was introduced by #5597 The JKS and PKCS12 truststores are only added to the Secret if the CA is provided by the issuer. The CertificateRequest API reference states: > The PEM encoded x509 certificate of the signer, also known > as the CA (Certificate Authority). This is set on a best-effort basis by > different issuers. If not set, the CA is assumed to be unknown/not available. This change will only check the PKCS12/JKS truststores if the CA cert from the issuer exists in the secret. Fixes #5755 Signed-off-by: Thomas Müller <thomas@chaschperli.ch>	2023-04-27 17:09:41 +02:00
jetstack-bot	19104fcb4a	Merge pull request #5962 from wallrj/5670-controller-manager-liveness-probe Report controller-manager as unhealthy if leader election has failed to renew the lease but process is wedged	2023-04-27 15:09:54 +01:00
Tim Ramlot	927cef3c22	switch to SSA for cainjector Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-26 17:04:11 +02:00
Richard Wall	dd34e58b5a	Make it clear that the tests are concerned only with LeaderElection healthz Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2023-04-26 10:50:03 +01:00
Richard Wall	4d182e9c7b	Add /livez endpoint which reports the leaderElection status Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2023-04-26 07:53:26 +01:00
irbekrm	300fe72ff0	Code review Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 13:45:06 +01:00
irbekrm	0d1d66d900	Fixes tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 06:20:58 +01:00
irbekrm	3d82e94789	Ensures metadata only is cached for pods and services Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-25 06:20:58 +01:00
Tobo Atchou	ee638a91ff	cert-manager-webhook to provide logs when handling request Signed-off-by: Tobo Atchou <tobo.atchou@gmail.com>	2023-04-22 10:41:44 +02:00
jetstack-bot	ece30e655f	Merge pull request #5949 from TrilokGeer/key-replace-sha256checksum Fixes status change on privateKey update on acme issuer	2023-04-18 15:04:07 +01:00
jetstack-bot	bfa7eaaf0d	Merge pull request #5766 from irbekrm/cainjector_limit_controllers Cainjector limit controllers	2023-04-18 11:14:21 +01:00
TrilokGeer	bdc0cb7c40	Fixes status change on privateKey update on acme issuer Signed-off-by: TrilokGeer <tgeer@redhat.com>	2023-04-14 21:33:44 +05:30
Tim Ramlot	415da885a1	remove ioutil Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-07 11:19:52 +02:00
jetstack-bot	50501d2f64	Merge pull request #5824 from irbekrm/controller_partial_metadata Controller partial metadata	2023-04-06 15:38:02 +01:00
irbekrm	7e6f2be820	Fixes goimports Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:29:41 +01:00
irbekrm	8217ff8714	Adds some extra unit tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	e14d17b1b0	Adds a couple comments to ACME call methods Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	dba18119aa	Ensures that key for an ACME challenge is only retrieved from the ACME server once Thus reducing the number of HTTP01ChallengeResponse/DNS01ChallengeResponse calls Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	202d75ffe6	Updates code comment Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	0964d6d03d	Removes extra GET calls for ACME order resource In cases where a synced Order does not require any processing from this controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	b2b3eade26	Updates cert.status.lastFailureTime description To match the current behaviour Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 12:54:14 +01:00

1 2 3 4 5 ...

3304 Commits