Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve validation of certificates. Fix bug in checking certificate validity
**What this PR does / why we need it**:
Improves the validation of dnsNames and commonNames on certificate resources.
Fixes a bug in checking certificate validity.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#176, fixes#175
**Release note**:
```release-note
Fix a bug in checking certificate validity and improve validation of dnsNames and commonName
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Don't test pkg/client/ and third_party/ packages
Don't run tests for generated files
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add basic validation to ACME issuer
**What this PR does / why we need it**:
Improves validation of existing certificate resources
**Release note**:
```release-note
Fix bugs when checking validity of certificate resources
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add solverFor and wait.go unit tests for acme dns solver
**What this PR does / why we need it**:
Adds some unit tests for ACME dns solver
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move to github.com/jetstack/cert-manager repo
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Closes#134
**Release note**:
```release-note
Move to 'jetstack' organisation.
Action required: this will require updating your existing deployments to point to the new image repository, as new tags will not be pushed to the old 'jetstackexperimental/cert-manager-controller` repository.
```
/area admin
/assign
/release-note-action-required
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tidy up informers
**What this PR does / why we need it**:
Refactors the controllers and issuers to use the new vendored and filtered informers
**Special notes for your reviewer**:
Do not merge until #178 has merged
**Release note**:
```release-note
No longer support ClusterIssuer resources when cert-manager is running with `--namespace` flag set
```
/assign
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Pin dependencies to release-1.8
**What this PR does / why we need it**:
Pins us to use versioned Kubernetes dependencies
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set TLS certificate secret type to TLS type
**What this PR does / why we need it**:
Set the Kubernetes secret type to TLS
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#133
**Release note**:
```release-note
Set the Kubernetes secret type to TLS.
Action required: this will cause renewals of existing certificates to fail. You **must** delete certificates that have been previously produced by cert-manager else cert-manager may enter a renewal loop when saving the new certificates. Alternatively, you may specify a new secret to store your certificate in and manually update your ingress resource/applications reference the secret.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Only ever create http01 solver service instead of also updating
**What this PR does / why we need it**:
Previously the ensureService function was written to update a service if it already exists. There should never be a case where the http01 solver needs to update an existing *service*, so this PR simplifies this functionality into a simple `createService` function.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow rediscovering lost/not set ACME account URIs
**What this PR does / why we need it**:
Overcome 'registration already exists for provider key' errors in ACME provider by auto-detecting lost ACME registration URIs
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixed#151, fixes#162
**Special notes for your reviewer**:
This change causes us to *always* attempt to register an account, and upon failure will read the account ID from the `Location` header of the registration response and then verify *that* account.
**Release note**:
```release-note
Overcome 'registration already exists for provider key' errors in ACME provider by auto-detecting lost ACME registration URIs
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix checking for invalid data in issuer secrets
Fixes#169
**Release note**:
```release-note
Fix checking for invalid data in issuer secrets
```
/assign
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Error if existing presented key and expected key do not match
**What this PR does / why we need it**:
A type in the HTTP01 solver caused it to not return an error if the key presented by the ingress and the expected key do not match.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#163
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix bug in ACME HTTP01 solver causing self-check to return true before paths have propagated
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix panic in ACME issuer setup
**What this PR does / why we need it**:
Fix a panic in the ACME issuer registration flow
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Closes#164
**Release note**:
```release-note
Fix panic if the secret named in an ACME issuer exists but contains invalid data (or no data)
```
