weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,944 Commits 45 Branches 0 Tags 96 MiB
df0d6f22a3
Commit Graph

3160 Commits

Author SHA1 Message Date
Ashley Davis
a53bec25e7
Update nameserver lookup test to use upstream targets 
In the long term I don't think this test should be run as a unit test
because it can randomly break due to changes in DNS config we don't
control, which is a pretty poor user experience for someone trying to
change unrelated code.

If we're going to run this kind of check, we should probably run it as a
periodic rather than a presubmit, perhaps with the test being run on
presubmit when the DNS util code is changed.

But that's all more work than I can really do now. Instead, I'll copy
what the upstream go-lego is doing, which should unblock us for now:

07c4daeff3/challenge/dns01/nameserver_test.go

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-08-09 09:27:30 +01:00
Tim Ramlot
ae287461d0
prepare cmctl improvements 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-01 10:32:35 +02:00
Cody W. Eilar
282a6d58a9 Preserve internal types 
- Needed to add custom conversion functions to handle conversions from
  public facing types to internal ones.

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
Cody W. Eilar
6212b63e51 Address the non-optional values in internal config 
- This  commit changes the internal config to have fewer number of
  optional parameters.  It changes the types to match the ones that are
  already present in https://github.com/kubernetes/apimachinery/blob/master/pkg/apis/meta/v1/conversion.go
  so that custom converters do not have to be written for types "int"
  and "float32".

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
jetstack-bot
9de9809ac5
Merge pull request #6108 from inteon/ctl_logging 
Use logging library with json support in cmctl (part 1)
 2023-07-27 17:54:51 +02:00
jetstack-bot
0b9366c0fb
Merge pull request #6232 from inteon/fix_log_reassignment 
[BUGFIX] Incorrect re-assignment of cross-invocation variable
 2023-07-26 13:35:07 +02:00
Ashley Davis
7e1ce241ac
use supplied context where possible 
this was discovered as part of the investigation into #6104

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-07-26 11:06:31 +01:00
Tim Ramlot
c7d0e0a13e
instead of creating a new local log variable, we were updating the cross-invocation log variable and were adding more Values to the log variable, causing high memory usage and incorrect log messages 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-25 20:31:47 +02:00
jetstack-bot
4de06a19d7
Merge pull request #6152 from inteon/improve_policy_chain_v0 
Improve Trigger, Readiness and PostIssuance Policy chains
 2023-07-24 17:06:42 +02:00
Tim Ramlot
36ddf19e2e
improve Trigger, Readiness and PostIssuance Policy chains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:42:19 +02:00
Luca Comellini
3ff638b6f3
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-07-20 10:35:20 -07:00
Tim Ramlot
90f84b9c40
remove VCert fork dependency replace statement 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-10 11:26:16 +02:00
jetstack-bot
843deed22f
Merge pull request #6199 from inteon/add_validation_to_pki 
Add validation to pki CertificateTemplate functions
 2023-07-07 09:32:14 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
jetstack-bot
914944c020
Merge pull request #6176 from inteon/reconcile_managed_annotations_and_labels 
Reconcile when managed annotations/ labels are out-of-sync
 2023-07-04 11:55:29 +02:00
jetstack-bot
e66a92ac52
Merge pull request #6182 from inteon/stricter_certificaterequest_csr_webhook_validation 
BUGFIX: Stricter CertificateRequest CSR webhook validation
 2023-06-29 18:10:43 +02:00
Richard Boldiš
2b2ada9491 fix: handle multiple cloudflare dns-01 challenges for the same FQDN 
Signed-off-by: Richard Boldiš <richard@boldis.dev>
 2023-06-27 18:13:35 +02:00
Tim Ramlot
3938c75850
improve (Extended)KeyUsage parsing to be more consistent 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-26 10:06:55 +02:00
Tim Ramlot
a9339849e5
improve label and annotation checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 17:05:42 +02:00
jetstack-bot
4d1486bbfc
Merge pull request #6168 from inteon/add_public_key_match 
Add SecretPublicKeysDiffersFromCurrentCertificateRequest check
 2023-06-23 16:55:40 +02:00
Tim Ramlot
02b008fe6d
improve documentation of ParseSingleCertificateChain 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-22 12:46:08 +02:00
Tim Ramlot
19377b43b1
fix feedback from @wallrj 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-21 15:31:20 +02:00
jetstack-bot
529893556b
Merge pull request #6154 from inteon/fix_basic_constraints_alpha_feature 
BUGFIX: I incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature
 2023-06-21 14:01:26 +02:00
Tim Ramlot
82499eb75b
fix failing TestNewReadinessPolicyChain test 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-20 19:06:02 +02:00
jetstack-bot
716bd301a1
Merge pull request #5003 from FlorianLiebhart/DNS-over-https-check 
Implement the DNS-over-HTTPS check
 2023-06-20 18:04:54 +02:00
Florian Liebhart
b47c5a1361 update documentation on the DNSQuery function 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-20 10:36:27 +02:00
Florian Liebhart
ae27bfb0d6 write some unit tests for CAA Validation 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 16:27:00 +02:00
Florian Liebhart
9ddf2bab90 remove HTTPS endpoint for default nameservers; remove DNS-over-TLS 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 16:06:39 +02:00
Tim Ramlot
3a29635c66
add support for DoH and DoT 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-19 15:59:40 +02:00
Florian Liebhart
894e1f99d6 fix error for dns endpoint propagation 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Florian Liebhart
a934bbf462 Make the DNS-Over-HTTPS Json endpoint configurable 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Florian Liebhart
857d0aef9e Add logging for the DNS over HTTPS selfcheck 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Florian Liebhart
fa2f063c28 rebase master 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Tim Ramlot
bdb685d62e
ip address is missing from error message 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 21:32:13 +02:00
Tim Ramlot
9000a06956
BUGFIX: we incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 21:31:25 +02:00
Tim Ramlot
fe4f4e4aa6
re-add TODO comment and make the message more clear 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 14:51:39 +02:00
Tim Ramlot
8ddf016b00
fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-13 16:54:32 +02:00
schrodit
53a5a95d9f Add enableServiceLink to test pod definition 
Signed-off-by: schrodit <mail@timschrodi.tech>
 2023-06-12 09:54:37 +02:00
schrodit
c9559882c4 Remove service links from http solver pod 
Signed-off-by: schrodit <mail@timschrodi.tech>
 2023-06-12 09:26:22 +02:00
cui fliter
4723347260 fix function name in comments 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2023-06-07 17:17:07 +08:00
jetstack-bot
f8940ab5c4
Merge pull request #6125 from irbekrm/explain_fao 
Document what fao stands for in the controller.cert-manager.io/fao label
 2023-06-06 14:09:45 +02:00
irbekrm
f4dc243b77 Document what fao stands for in the controller.cert-manager.io/fao label 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-06-02 13:45:10 +01:00
Tim Ramlot
c4c5899887
Update pkg/util/cmapichecker/cmapichecker.go 
Co-authored-by: Siggi Skulason <siggi@skulason.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-01 11:16:33 +01:00
Hans Arnholm
501581ad06
issuer: acme: clouddns: Only clean up own records 
If running multiple certmanagers they can race against each other

Signed-off-by: Hans Arnholm <hans@arnholm.dk>
 2023-06-01 10:15:54 +02:00
Tim Ramlot
3490a005b1
prepare cmctl libraries to support logging 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-30 18:35:45 +02:00
jetstack-bot
c5e6bf39d6
Merge pull request #6054 from inteon/correct_versions 
Use Version 3 for *x509.Certificate
 2023-05-26 13:57:32 +01:00
irbekrm
b1a59164e0 Don't import controller's feature gate setup into a shared library 
To prevent controller's feature gates from overwriting other component's feature gates

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:01:30 +01:00
irbekrm
524998abdf Don't run API Priority and Fairness controller in webhook extension apiserver 
Because it is not needed and can cause issues with older versions of kube

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-22 12:53:15 +01:00
jetstack-bot
529497f150
Merge pull request #6034 from gdvalle/patch-1 
apis/acme/v1: ACMEIssuer: set omitempty on optional field
 2023-05-18 11:14:39 +01:00