cert-manager

Author	SHA1	Message	Date
jetstack-bot	d2f6bbe579	Merge pull request #6028 from inteon/fix_scheme_errors Stop using global runtime.Scheme variables	2023-11-06 22:57:09 +01:00
Tim Ramlot	4c94f3ef10	create ad-hoc schemes instead of sharing global ones Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-06 21:58:24 +01:00
jetstack-bot	7373e1f386	Merge pull request #6467 from inteon/cainjector_cleanup cainjector: Use controller-runtime manager to manage goroutine instead of errorgroup.	2023-11-05 21:05:59 +01:00
Tim Ramlot	80e3960f91	Use controller-runtime manager instead of errorgroup. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-02 13:29:05 +01:00
jetstack-bot	5141dddf2c	Merge pull request #6462 from wallrj/policy-compliant-acme-solver-pod Ensure ACME solver Pod complies with Pod Security Standards	2023-10-31 17:01:21 +01:00
Richard Wall	80896bce36	Update documentation of the Kyverno policies Kustomization file Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 15:44:10 +00:00
Richard Wall	9b5dd86084	Configure HTTP01 solver Pod with readOnlyRootFilesystem Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 14:47:24 +00:00
Richard Wall	c8640908e7	Apply Kyverno policies to E2E test namespaces too By using ClusterPolicy with exlusion rules for the namespaces of non-compliant E2E test tools. Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 14:11:41 +00:00
jetstack-bot	2f6e9f484b	Merge pull request #6461 from wallrj/run-as-non-root Remove redundant / misleading runAsNonRoot examples from values.yaml	2023-10-31 13:46:20 +01:00
Richard Wall	8eb547d9cb	Remove redundant / misleading runAsNonRoot examples from values.yaml `runAsNonRoot` is already set to true in the PodSecurityContext, so there isn't really any reason to set it at the Container SecurityContext too. Having it in the example values.yaml file gives the misleading impression that runAsNonRoot is not the default. * https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 11:08:54 +00:00
jetstack-bot	32418051c3	Merge pull request #6460 from erikgb/helm-ca-injector-feature-gates feat(helm): allow configuration of cainjector feature gates	2023-10-31 11:39:20 +01:00
jetstack-bot	dd3fe1fe02	Merge pull request #6453 from wallrj/read-only-root-filesystem Enable readOnlyRootFilesystem by default	2023-10-31 11:27:20 +01:00
Richard Wall	6d206795c7	Enable readOnlyRootFilesystem by default Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 09:55:23 +00:00
Erik Godding Boye	af3e88c6da	feat(helm): allow configuration of cainjector feature gates Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2023-10-31 10:54:17 +01:00
jetstack-bot	a8813c5f43	Merge pull request #6452 from wallrj/upgrade-bestpractice-values-url Use latest version of the best-practice Helm values	2023-10-30 14:50:41 +01:00
Richard Wall	9dfb7c3ecf	Enable readOnlyRootFilesystem policy in Kyverno Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-27 16:03:17 +01:00
Richard Wall	c3a8144da8	Update the Kyverno policy file Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-27 15:58:11 +01:00
Richard Wall	2264de13f3	Use latest version of the bestpractice Helm values Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-27 14:33:47 +01:00
Ashley Davis	16e70c57cd	Merge pull request #6449 from inteon/bump_grpc Bump gRPC library version to fix CVE alert	2023-10-27 14:02:48 +01:00
Tim Ramlot	d756311b2e	bump grpc library version to fix CVE alert Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-27 13:14:02 +02:00
jetstack-bot	6554815469	Merge pull request #6447 from wallrj/fix-kindest-image-digests Fix kindest image digests	2023-10-26 17:46:03 +02:00
Richard Wall	1329c71f27	Add a dedicated rule for kindest node And explain why Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-26 16:00:18 +01:00
Richard Wall	c08e34cab1	./hack/latest-kind-images.sh Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-26 14:43:11 +01:00
Richard Wall	c8801e997a	Use the official multi-arch digest for K8S 1.28 on Kind 0.20.0 https://github.com/kubernetes-sigs/kind/releases/tag/v0.20.0 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-26 14:34:04 +01:00
jetstack-bot	446f133690	Merge pull request #6440 from wallrj/fix-image-digest-check Fix image checksum validation and upgrade ingress NGINX to demonstrate the problem	2023-10-24 18:40:30 +02:00
Richard Wall	4d2a227794	Remove the multi-arch variant Because it was also broken and was being supplied with digests of single-architecture images rather than multi-arch manifests Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 14:52:10 +01:00
Richard Wall	c34bddace7	Update ingress-nginx image checksums Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 14:19:30 +01:00
jetstack-bot	d660f5b20c	Merge pull request #6439 from wallrj/sample-external-issuer-0.4.0 Use sample-external-issuer v0.4.0	2023-10-24 14:56:30 +02:00
Richard Wall	5db745b103	Fix the digest check for single-arch images Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 13:52:50 +01:00
Richard Wall	ecada9c30f	Upgrade ingress NGINX Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 13:16:13 +01:00
Richard Wall	a1164b9c4f	Use sample-external-issuer v0.4.0 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-24 11:16:35 +01:00
jetstack-bot	04056f7bf6	Merge pull request #6435 from ABWassim/fix/templating-config-controllers fix(helm): templating of required value in controller and webhook configmaps	2023-10-23 10:00:16 +02:00
ABWassim	5ab8a6b71c	fix(helm): templating of required value in controller and webhook configmaps Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>	2023-10-23 09:23:51 +02:00
jetstack-bot	2e51b258da	Merge pull request #6427 from SgtCoDFish/bumpnet Bump golang.org/x/net v0.15.0 => v0.17.0	2023-10-19 11:31:56 +02:00
Ashley Davis	e514b1acf8	bump golang.org/x/net v0.15.0 => v0.17.0 part of addressing CVE-2023-44487 / CVE-2023-39325 (which, again, we're not super concerned about) Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-10-19 09:47:18 +01:00
jetstack-bot	69f3e5304f	Merge pull request #6428 from inteon/fix_go_licenses_on_darwin Fix the 'make update-licenses' command on macos	2023-10-19 10:40:22 +02:00
Tim Ramlot	aab50ac20d	fix the 'make update-licenses' command on macos Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-19 09:16:27 +02:00
jetstack-bot	a51d7607ed	Merge pull request #6426 from mamachanko/topic/mamachanko/master/improve-config-file-tests Rename `webhookConfig` to `controllerConfig`	2023-10-18 18:11:05 +02:00
Max Brauer	432430b311	Rename webhookConfig to controllerConfig Signed-off-by: Max Brauer <mbrauer@vmware.com>	2023-10-18 15:28:14 +02:00
jetstack-bot	3b0a5cec41	Merge pull request #6406 from inteon/duplicate_secret_name Fix DuplicateSecretName issue	2023-10-18 10:40:36 +02:00
Tim Ramlot	c51b23497d	update the Condition Message for IncorrectCertificate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-17 17:43:26 +02:00
Tim Ramlot	b6ba4ded86	add test for SecretCertificateNameAnnotationsMismatch Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-17 17:31:38 +02:00
jetstack-bot	9fd770a011	Merge pull request #6414 from zoispag/patch-1 Fix typo in values.yml	2023-10-16 17:28:59 +02:00
Zois Pagoulatos	c4986a93c8	Fix typo in values.yml Affinty -> Affinity Signed-off-by: Zois Pagoulatos <zpagoulatos@hotmail.com>	2023-10-14 16:10:07 +02:00
Tim Ramlot	15bc387da6	make changes based on feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-13 19:42:13 +02:00
jetstack-bot	b53527eb78	Merge pull request #6410 from SgtCoDFish/bumpgo Bump go to latest to address CVE-2023-39325	2023-10-12 12:28:51 +02:00
Ashley Davis	45545ec39f	bump base images to latest Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-10-12 10:29:24 +01:00
Ashley Davis	ad3bc2c66a	bump go to latest version to address CVE-2023-39325 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-10-12 10:27:16 +01:00
Tim Ramlot	61bdecf68a	only sort the duplicates Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 14:05:50 +02:00
Tim Ramlot	e63d061269	add tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 13:48:01 +02:00

1 2 3 4 5 ...

8126 Commits