weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,054 Commits 45 Branches 0 Tags 96 MiB
e5f50002e1
Commit Graph

51 Commits

Author SHA1 Message Date
irbekrm
3d1134a975 Update cainjector inejctable setup 
To work with latest controller runtime

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-05 16:32:25 +01:00
Tim Ramlot
927cef3c22
switch to SSA for cainjector 
Co-authored-by: joshvanl <vleeuwenjoshua@gmail.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-26 17:04:11 +02:00
irbekrm
56cf4dfd3c Allows to modify configured injectable kinds for cainjector via flags 
Also changes name of --watch-certs flag to --enable-certificate-data-source

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-02-01 11:43:00 +00:00
irbekrm
0c64cebfc5 Rename injector.go -> injectables.go 
To reduce the variations of naming

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-02-01 11:43:00 +00:00
irbekrm
767aa39ddb Simplify injectable logic 
Reduce the amount of interfaces enclosing the injectable instance from 3 to 1. Also some minor renaming and comments cleanup

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-02-01 11:43:00 +00:00
irbekrm
3e58a442b7 Cleanup reconciler logic 
Make the file structure and struct naming more intuitive, add some comments

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-02-01 11:43:00 +00:00
irbekrm
74b258c3be Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-02-01 08:53:27 +00:00
irbekrm
a174f0faa4 Filter injectables that trigger reconciles 
Only trigger reconciles for events on injectable types that are annotated, not random unrelated resources

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-30 11:27:15 +00:00
irbekrm
7a5c71a1ed Cleanup, better comments 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-30 11:26:07 +00:00
irbekrm
3aba8ed32d Makes cainjector Certificate watch optional 
Configurable via a flag, true by default

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-24 13:52:45 +00:00
irbekrm
4776597cb4 Remove the double cache mechanism for cainjector 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-23 17:38:46 +00:00
irbekrm
ff80030737 Log error if CA source is in a namespace that is not in scope 
cainjector will still watch cluster-scoped resources such as CRDs, so it can get references to Secrets or Certificates in namespaces that are out of scope

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-06 10:09:36 +00:00
irbekrm
87bef52337 Fix cainjector's namespace flag 
Ensures that when cainjector has the namespace flag passed, namespaced resource caching is scoped to that namespace

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-05 18:15:19 +00:00
Tim Ramlot
836793e7e3 upgrade gateway api to v0.5.0 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-08 08:52:59 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
Eng Zer Jun
54e70d2cc4
refactor: move from io/ioutil to io and os package 
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-08-23 19:50:42 +08:00
Tamal Saha
7b63788f52 Cleanup codegen script 
Signed-off-by: Tamal Saha <tamal@appscode.com>
 2021-05-17 08:11:19 -07:00
Tamal Saha
b1cb6422e4 Use controller-runtime v0.9.0-beta.0 
Signed-off-by: Tamal Saha <tamal@appscode.com>
 2021-05-17 08:11:19 -07:00
jetstack-bot
6ad91e0700
Merge pull request #3833 from JoshVanL/controller-issuer-context 
Pass context through to client calls in controllers and acme issuer
 2021-04-06 18:53:57 +01:00
Richard Wall
20510e45f0 Update cainjector to use stable API versions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-01 17:23:28 +01:00
joshvanl
18ae2295f9 Pass context through to client calls in controllers and acme issuer 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-31 20:34:12 +01:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
Richard Wall
0a2a4b0d7a Revert the introduction of errors.WithStack 
* The logging isn't configured to show the stack traces anyway.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 12:08:10 +01:00
Richard Wall
ea73ab534c Document newIndependentCacheAndDelegatingClient 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 12:02:52 +01:00
Richard Wall
35f10ef439 Explain why we're not using the controller.Builder 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:58:30 +01:00
Richard Wall
975e98e285 Log an error if WaitForCacheSync fails 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:51:45 +01:00
Richard Wall
a5e6f6c262 Stop creating new controllers if one of the errgroup has already erred 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:41:11 +01:00
Richard Wall
602043013e Revert the increased number of reconcile threads 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:39:52 +01:00
Richard Wall
2bffaf9270 A clearer name for the function which creates each controller 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 11:38:00 +01:00
Richard Wall
e2765f720a Remove debug log 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 10:04:28 +01:00
Richard Wall
e27e503624 Ensure that each controller's delegating client refers to the correct cache 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-18 08:29:07 +01:00
Richard Wall
98fff7dcf8 Clearer logging 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-17 16:43:15 +01:00
Richard Wall
1bb99dee1a Increase the number of reconciler goroutines 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-17 16:42:51 +01:00
Richard Wall
3d63a76da9 Make the injector sources read from the same cache as the controller 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-17 14:41:28 +01:00
Richard Wall
b772f3295b Use cancellable contexts and errgroups 
...to control the starting and stopping of controllers and caches

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-17 09:37:05 +01:00
Richard Wall
81874895b0 Use NewUnmanaged and separate caches for each controller 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-11 10:09:27 +01:00
Maartje Eyskens
fecd0b3518 Set all log levels for info 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:41 +02:00
James Munnelly
8a1d7c6831 Remove AuditSink support from cainjector 
The AuditSink resource type (previously in alpha) has been removed
as per https://groups.google.com/g/kubernetes-sig-auth/c/aV_nXpa5uWU.

Remove all support for it from our cainjector so we are able to
continue to upgrade dependencies, and to avoid more users coming
to rely on this functionality ahead of it being removed from
Kubernetes.

Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-07-01 19:35:20 +01:00
pepov
9b764960b9 restore Register method 
Signed-off-by: pepov <peterwilcsinszky@gmail.com>
 2020-03-30 18:41:26 +02:00
pepov
c75b9ba56a simplify error handling for registerAllInjectors 
Signed-off-by: pepov <peterwilcsinszky@gmail.com>
 2020-03-30 14:33:50 +02:00
pepov
5ba789934d add comment, rename/unexport Register method 
Signed-off-by: pepov <peterwilcsinszky@gmail.com>
 2020-03-30 14:33:50 +02:00
pepov
f4813fdda9 log with the Info level instead of error when the injector is alpha and the type cannot be found 
Signed-off-by: pepov <peterwilcsinszky@gmail.com>
 2020-03-30 14:33:50 +02:00
pepov
24507f70c6 add auditsinks in api/auditregistration/v1alpha1 to the supported targets and handle injector "no matching kind" errors as something that shouldn't break the operator 
Signed-off-by: pepov <peterwilcsinszky@gmail.com>
 2020-03-30 14:33:50 +02:00
Josh Soref
093d6eb504 spelling: indices 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-02-24 16:42:58 -05:00
James Munnelly
dd66c11115 Extend cainjector to support injecting from secrets 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-08-14 12:57:01 +01:00
Solly Ross
95ac5a498c Add support for CRDs to the CA injector 
This adds support for the CRD conversion webhook configuration to the CA
injector controller.

Signed-off-by: Solly Ross <sollyross@google.com>
 2019-06-13 13:31:42 -07:00
James Munnelly
25af59a0d5 Use v1beta1 API version in cainjector controller 
This resolves issues when running the cainjector on Kubernetes 1.9,
as the 1.9 apiserver is not aware of the 'v1' API version.

Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-04-24 11:19:24 +01:00
James Munnelly
1618ebde43 Fix loading apiserver caBundle 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 19:34:40 +00:00
James Munnelly
b34adf88ff cainjector: support injecting apiserver ca 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-02-28 16:45:26 +00:00