cert-manager

Author	SHA1	Message	Date
Tim Ramlot	2b14b3234d	fix the Helm trick that we use to differentiate between 0 and an empty value Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-07 12:54:41 +01:00
cloudwiz	624f874d69	updated spelling and generated CRDs Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>	2024-02-06 15:06:31 +00:00
cloudwiz	9cf9cb7ea5	Vault extra audiences (#3 ) --------- Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>	2024-02-06 10:06:17 +00:00
Ashley Davis	494c4320d5	bump helm-tool to latest version and regenerate docs Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2024-02-01 15:51:05 +00:00
Ashley Davis	8c1369726a	add CI check for updated helm docs also updates helm docs! Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2024-02-01 15:37:19 +00:00
Tim Ramlot	0a79f2eb0d	Update deploy/charts/cert-manager/values.yaml Co-authored-by: Richard Wall <wallrj@users.noreply.github.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-01 14:11:21 +01:00
Tim Ramlot	4659b33b00	fix backwards incompatible change: include a prometheus service by default Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-01 13:10:29 +01:00
Ashley Davis	86b1282e9b	run update-helm-docs to fix Helm README Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2024-02-01 09:57:59 +00:00
Tim Ramlot	cdba8a7025	clearify prometheus options and fix error in Helm chart Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-01 10:16:53 +01:00
Ashley Davis	a9ba9d8912	Fix mistakenly changed cainjector image value See https://github.com/cert-manager/cert-manager/pull/6639 This was discovered during the release of cert-manager v1.14.0. See the summary on Slack: https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1706723744656039?thread_ts=1706713005.073879&cid=CDEQJ0Q8M Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2024-01-31 17:56:55 +00:00
Tim Ramlot	2bef9d35b6	remove remaining references to cmctl, which was moved to https://github.com/cert-manager/cmctl Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-30 14:56:05 +01:00
Adam Talbot	2be04a82a5	docs: fix mistakes and typos in values.yaml Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-22 13:54:28 +00:00
Adam Talbot	cdd785255c	docs: update chart values.yaml and README file Signed-off-by: Adam Talbot <adam.talbot@venafi.com> Co-authored-by: Michael McLoughlin <michael.mcloughlin@venafi.com>	2024-01-22 13:00:08 +00:00
Adam Talbot	a362c742c5	docs: dont wrap reference urls in code blocks Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-16 08:38:15 +00:00
Rodrigo Fior Kuntzer	199c98689f	feat: supporting Vault server mTLS Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>	2024-01-15 09:25:30 -03:00
Adam Talbot	e8987bc6b8	fix: remove trailing spaces from values.yaml to fix yamllint Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-15 10:30:28 +00:00
Adam Talbot	af4685c595	feat: update chart README using autogenerated docs Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-15 10:25:23 +00:00
Adam Talbot	486bfa15b2	feat: update values.yaml to have doc-comments above all values Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-15 09:41:26 +00:00
Jan-Otto Kröpke	7fdea152eb	[helm] Move cert-manager.io/disable-validation to values Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>	2024-01-13 16:21:49 +01:00
Jan-Otto Kröpke	64909f5688	[helm] Support custom spec.namespaceSelector for webhooks Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>	2024-01-13 10:41:13 +01:00
Tim Ramlot	67f8a03cae	update AzureDNS auth API comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-12 12:07:02 +01:00
jetstack-bot	44daf2ea8b	Merge pull request #6248 from tberreis/master feat: allow changing the default Deployment revisionHistoryLimit	2024-01-10 15:48:17 +00:00
jetstack-bot	a1c134e78c	Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint feat: add tls to metrics endpoint	2024-01-10 14:48:17 +00:00
Tim Ramlot	9bb4c3e075	move revisionHistoryLimit to globals & supprot revisionHistoryLimit=0 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-04 09:45:29 +01:00
Thomas Berreis	e1fe377dcb	feat: allow changing the default revisionHistoryLimit Signed-off-by: Thomas Berreis <thomas@berreis.de>	2024-01-04 09:45:29 +01:00
Tim Ramlot	9e2c6ae08a	run 'make update-crds' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 16:18:35 +01:00
Tim Ramlot	41404a7fd7	rename UseCertificateRequestNameConstraints to NameConstraints Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 15:49:18 +01:00
jetstack-bot	cc8925ae9f	Merge pull request #6404 from SpectralHiss/hef/otherNameSANs Other name sans support in Certificates	2024-01-03 14:16:23 +00:00
jetstack-bot	4af78fe98a	Merge pull request #6548 from snorwin/modern-pkcs12 New option to specify encryption and MAC algorithms for PKCS#12 keystores.	2024-01-03 12:54:22 +00:00
Tim Ramlot	8223df9e91	rename Algorithms to Profile Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 13:45:02 +01:00
jetstack-bot	9b90f50be8	Merge pull request #6549 from SgtCoDFish/standalone-apicheck Add separate startupapicheck binary	2024-01-03 11:12:22 +00:00
Tim Ramlot	646a0698b6	undo docs change Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 10:56:18 +01:00
Tim Ramlot	2882d4a0c7	make fix more general (eg. support levels > 5) Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 10:52:59 +01:00
ChrisDevo	449fb81595	Fix comment about allowed logLevel values (see: pkg/logs/logs.go#L44-49) Signed-off-by: ChrisDevo <chris.devine@berkeley.edu>	2024-01-03 10:39:02 +01:00
ChrisDevo	519197b511	Improve parsing of helm global.logLevel (only accept integers 0-5, inclusive) Signed-off-by: ChrisDevo <chris.devine@berkeley.edu>	2024-01-03 10:39:02 +01:00
Ashley Davis	b3b14fda41	add separate startupapicheck binary Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2024-01-02 17:17:50 +00:00
Adam Talbot	2897f787cb	feat: add example for setting up TLS on metrics endpoint via the helm chart Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-02 13:38:09 +00:00
dylanhitt	751ca52626	docs: declare updated kube version in artifact hub doc Signed-off-by: Dylan Hitt <dylan.hitt1@gmail.com>	2023-12-28 22:44:46 -05:00
Tim Ramlot	24794feac0	update API comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 11:26:52 +01:00
SpectralHiss	e7f29f8bb3	UTF8Value -> utf8Value in CRD JSON schema * Still following Go standard with UTF8Value for struct field name Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-20 08:30:54 +00:00
SpectralHiss	c87a2f6691	Add early feedback validation for otherName syntax and tests * Fixed warning Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-19 20:02:02 +00:00
Adam Talbot	247a034116	feat: update gateway api to v1 Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2023-12-18 21:00:42 +00:00
Norwin Schnyder	ebf58b9967	apply PR feedback Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-15 10:52:57 +01:00
SpectralHiss	4bdee5f010	Rename otherNameSANs to otherNames * Improve the CRD godoc comments Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 16:21:56 +00:00
Norwin Schnyder	b8ad8a3704	apply PR feedback Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-13 12:00:39 +00:00
Tim Ramlot	721f71ed60	Refactor the solution Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:37:21 +00:00
Tim Ramlot	bfd9a65160	Add OtherNameSANs field to Certificates * Added an otherName SAN extension mechanism * Can take any otherName OID with String (UTF-8) like value * cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for more info * otherName is only a subset of GeneralName, our specific need for for UserPrincipalName used in Microsoft AD/ LDAP * We treat UPN special but we might remove this in a later commit Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 09:12:23 +00:00
Norwin Schnyder	b79e73f484	fix controller-gen errors Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-12 18:25:15 +01:00
Norwin Schnyder	c583278ce8	generate manifests Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-12 14:27:41 +00:00
tanujd11	28ca4312b3	fix: additional review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	84d7dd4aed	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	d1b3e5ca83	Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:29 +05:30
tanujd11	50d84c1bbc	nits: added new line at EOF and comment fix Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:42 +05:30
tanujd11	589030dec1	feature: added name constraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:31 +05:30
Avi Sharma	c72fc28773	Fix controller feautregates config in helm Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-11-17 21:38:44 +05:30
Richard Wall	a2ca3c714f	Enable verbose logging in startupapicheck by default So that if it fails, users can know exactly what caused the failure. Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-11-17 09:09:41 +00:00
Jeremy Campbell	dc876fef16	Add x509 v3 CA Issuers Extension Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>	2023-11-16 12:45:16 -06:00
jetstack-bot	b0ed333413	Merge pull request #6459 from shlomitubul/master feat(helm) Add support for PodMonitor	2023-11-16 14:45:00 +01:00
Richard Wall	a0e5afc0f4	Increase the webhook timeout to its maximum value Users sometimes report that the connection between the K8S API server and the cert-manager webhook server times out. But the error message is often only "context deadline exceeded", which doesn't help the user know what phase of the HTTPS connection timed out. It could be during DNS resolution, TCP connection, TLS negotiation, HTTP channel negotiation, or slow HTTP response from the webhook server. So this change increases the context timeout to its maximum value so that the underlying timeout error message has more chance of being returned to the end user. Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-11-15 17:54:43 +00:00
Richard Wall	8eb547d9cb	Remove redundant / misleading runAsNonRoot examples from values.yaml `runAsNonRoot` is already set to true in the PodSecurityContext, so there isn't really any reason to set it at the Container SecurityContext too. Having it in the example values.yaml file gives the misleading impression that runAsNonRoot is not the default. * https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 11:08:54 +00:00
jetstack-bot	32418051c3	Merge pull request #6460 from erikgb/helm-ca-injector-feature-gates feat(helm): allow configuration of cainjector feature gates	2023-10-31 11:39:20 +01:00
Richard Wall	6d206795c7	Enable readOnlyRootFilesystem by default Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 09:55:23 +00:00
Erik Godding Boye	af3e88c6da	feat(helm): allow configuration of cainjector feature gates Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2023-10-31 10:54:17 +01:00
ShlomiTubul	0a16c4ecd2	feat(helm) Add support for PodMonitor Signed-off-by: ShlomiTubul <shlomi.tubul@placer.ai>	2023-10-30 22:38:09 +02:00
ABWassim	5ab8a6b71c	fix(helm): templating of required value in controller and webhook configmaps Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>	2023-10-23 09:23:51 +02:00
Zois Pagoulatos	c4986a93c8	Fix typo in values.yml Affinty -> Affinity Signed-off-by: Zois Pagoulatos <zpagoulatos@hotmail.com>	2023-10-14 16:10:07 +02:00
Ashley Davis	c56a2fb8a1	Merge pull request #6345 from inteon/config_cainjector Introduce config file for cainjector options	2023-10-05 13:44:47 +01:00
Arin	5235391917	closes #6346 Signed-off-by: Arin <136636751+asapekia@users.noreply.github.com>	2023-10-01 00:04:37 +05:30
Tim Ramlot	919f809325	add config option in Helm chart Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-28 12:56:11 +02:00
jetstack-bot	8aafddb974	Merge pull request #6328 from inteon/add_clock_health Add health probe that detects skew between system clock and monotonic go process clock	2023-09-27 11:37:11 +02:00
jetstack-bot	8c0462bc35	Merge pull request #6360 from ABWassim/helm-improvement-webhook-configmap improvement(helm): fixed empty webhook configmap + refactored	2023-09-25 20:18:47 +02:00
ABWassim	16191e6bcc	improvement(helm): fixed empty webhook configmap + refactored Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>	2023-09-25 16:54:13 +02:00
ABWassim	77fcb7d2a6	improvement(helm): fixed empty controller configmap + refactored Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>	2023-09-25 12:09:18 +02:00
Tim Ramlot	5d876c5b91	improvements based on PR feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-20 18:23:13 +02:00
jetstack-bot	666e073040	Merge pull request #6330 from inteon/helm_image_options HELM: add options for configuring image	2023-09-19 19:06:48 +02:00
Tim Ramlot	8d75a003e9	add health probe that detects skew between 'real' system clock and 'monotonic' internal clock Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-14 13:55:44 +02:00
Tim Ramlot	9749f1253d	upgrade dependencies Co-authored-by: Paul Merrison <paul@tetrate.io> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-12 11:38:10 +02:00
Tim Ramlot	4edfe0e177	HELM: add options for configuring image Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-11 16:53:38 +02:00
jetstack-bot	d03c56f670	Merge pull request #6311 from hawksight/pf/scoped-mutation cleanup: Scope mutating webhook to only certificaterequest resources	2023-09-05 19:50:21 +02:00
Peter Fiddes	45c4545174	cleanup: remove unecessary UPDATE for mutating webhook Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>	2023-09-05 14:43:48 +01:00
Tim Ramlot	468b970f81	run make update-crds Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-01 12:21:42 +02:00
Peter Fiddes	c77438c907	cleanup: remove acme api as it has no certificaterequest resources Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>	2023-08-31 08:30:47 +01:00
Peter Fiddes	b3443073fc	fix: Scope mutating webhook to only certificaterequest resources Signed-off-by: Peter Fiddes <peter.fiddes@gmail.com>	2023-08-30 15:49:37 +01:00
Gerald Pape	949792396c	Make enableServiceLinks configurable for DeploymentLikes Signed-off-by: Gerald Pape <gerald@giantswarm.io>	2023-08-23 14:44:31 +02:00
Erik Godding Boye	68568a8a55	feat: add view permission to all cert-manager resources to the cluster-reader aggregated cluster role Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2023-08-21 09:42:26 +02:00
Tim Ramlot	f50167ce31	restructure the controller configfile Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-10 11:30:33 +02:00
Cody W. Eilar	1243fe285b	Add to ability to start controller with config file Signed-off-by: Cody W. Eilar <ecody@vmware.com>	2023-07-27 16:44:38 -07:00
jetstack-bot	cabc05824a	Merge pull request #6156 from kahirokunn/host-network-dns-policy chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet.	2023-07-27 10:20:07 +02:00
jetstack-bot	615422b5bf	Merge pull request #6087 from rouke-broersma/patch-1 fix: maxUnavailable pdb configuration cannot be used due to default set minAvailable	2023-07-25 13:48:35 +02:00
arukiidou	740a4760b1	Update Chart.template.yaml add apache 2.0 license Signed-off-by: arukiidou <arukiidou@yahoo.co.jp>	2023-07-19 21:54:04 +09:00
jetstack-bot	e9e054b863	Merge pull request #6220 from giantswarm/webhook-netpol-indentation Fix indentation of Webhook NetworkPolicy matchLabels	2023-07-18 09:55:23 +02:00
Gerald Pape	418df14dc0	Fix indentation of Webhook NetworkPolicy matchLabels Signed-off-by: Gerald Pape <gerald@giantswarm.io>	2023-07-17 16:24:59 +02:00
Tim Ramlot	a819025a4b	the chart will now disallow you to specify both the minAvailable and maxUnavailable values without issues Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-14 16:43:32 +02:00
Rouke Broersma	314163d461	Document that maxUnavailable takes precedence over minAvailable Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>	2023-07-14 16:16:32 +02:00
Rouke Broersma	29c270cf79	Fix conditions if maxUnavailable 0 Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>	2023-07-14 16:16:32 +02:00
Rouke Broersma	5c5b1c6551	Fix pdb conditions Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>	2023-07-14 16:16:32 +02:00
Rouke Broersma	773afd3da4	Allow maxUnavailable in certmanager pdb Signed-off-by: Rouke Broersma <mobrockers@gmail.com>	2023-07-14 16:16:32 +02:00
Rouke Broersma	eb2b4d8fbc	Allow maxUnavailable in webhook pdb Signed-off-by: Rouke Broersma <mobrockers@gmail.com>	2023-07-14 16:16:32 +02:00
Rouke Broersma	659c95e202	Allow maxUnavailable in cainjector pdb Signed-off-by: Rouke Broersma <mobrockers@gmail.com>	2023-07-14 16:16:32 +02:00
Ben Gelens	4adead4dfd	fix the whitespace issue Signed-off-by: Ben Gelens <ben@bgelens.nl>	2023-07-10 14:42:52 +02:00

1 2 3 4 5 ...

968 Commits