weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,250 Commits 45 Branches 0 Tags 96 MiB
e7ed5c491b
Commit Graph

1132 Commits

Author SHA1 Message Date
jetstack-bot
da3265115b
Merge pull request #5387 from Tolsto/vault-ca-bundle-secret-ref 
Add option to load Vault CA bundle from Kubernetes Secret
 2022-10-13 09:55:09 +01:00
joshvanl
684430e26b Fix string match e2e test on vault issuer caBundle 
Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-10-12 14:34:04 +01:00
joshvanl
702a2cb857 Use lowercase "specified" in vault e2e test case 
Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-10-12 12:33:47 +01:00
Sathyanarayanan Saravanamuthu
40947b0ef4 Generate Certificate Request with predictable name 
Co-authored-by: Cody W Eilar <ecody@vmware.com>

Signed-off-by: Cody W Eilar <ecody@vmware.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-11 17:01:26 +05:30
Danny Kulchinsky
81c85ee15c add issuer_{group|name|kind} labels to prom metrics 
Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>
 2022-09-28 10:21:36 -04:00
jetstack-bot
5c82440729
Merge pull request #5410 from rgl/rgl-unique-container-names 
to help troubleshooting make the helm chart container names unique
 2022-08-30 11:50:31 +01:00
Tim Ramlot
6debee4a54 update container names in ytt overlays 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-28 21:40:35 +02:00
Tim Ramlot
5d17098322 fix broken test 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-28 21:17:08 +02:00
Renato Costa
162777aab2 Fix incorrect uses of loop variable 
This fixes two instances where loop variables were being incorrectly
used:

- using a loop variable in a closure passed to `ginkgo.It()` is
incorrect, as the capture happens by reference and only the last test
case will be executed (multiple times).
- a similar issue happens in the context of a goroutine; specifically,
we need to create a copy of the `runDurationFunc` before calling it in
a goroutine as done by the controller's `Run` function.

With regards to the second issue, I believe it never came to the
surface because, in production code, only one `runDurationFunc` is
passed; tests don't exercise the multiple funcs path either.

Issues were automatically found with the `loopvarcapture` linter.

Signed-off-by: Renato Costa <renato@cockroachlabs.com>
 2022-08-26 15:08:30 -04:00
Tim Ramlot
5802b3a963 use variables for binaries 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-26 07:43:17 +00:00
jetstack-bot
12f98dbc7e
Merge pull request #5376 from inteon/upgrade_gateway_api 
Upgrade gateway api to v0.5.0
 2022-08-25 16:08:10 +01:00
joshvanl
e16baf4706 Updates CertificateSigningRequest SelfSigned e2e tests to require 
needing the CertificateSigningRequest Feature Gate to be enabled.

Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-25 10:41:31 +01:00
jetstack-bot
d1a8f7f52d
Merge pull request #5336 from JoshVanL/controllers-certificaterequests-secrets-informer 
CertificateRequest: re-sync SelfSigned CertificateRequest when target Secret is informed.
 2022-08-23 16:46:23 +01:00
Nils
81e6c24293 fixup! Add option to load Vault CA bundle from Kubernetes Secret 
Co-authored-by: Josh van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-21 07:41:15 +03:00
jetstack-bot
10c4b7cde9
Merge pull request #5379 from JoshVanL/controllers-certificatesigningrequests-secrets-informer 
CertificateSigningRequest: re-sync SelfSigned CertificateSigningRequest when target Secret is informed
 2022-08-19 15:50:12 +01:00
Nils Mueller
2f6fa9dddf fixup! Add option to load Vault CA bundle from Kubernetes Secret 
Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-16 02:57:43 +03:00
Nils Mueller
00a20097b6 Add option to load Vault CA bundle from Kubernetes Secret 
Vault distributions like "Bank Vaults" automatically configure
and provision Vault and provide the CA bundle via a Kubernetes
Secret. Having to hard-code the bundle in the Issuer instead
of dynamically referencing it through the Secret requires
a manual second step when using a GitOps workflow.

Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-15 03:10:51 +03:00
Joakim Ahrlin
1501449e3e use GenerateName instead 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-08-09 12:41:31 +02:00
joshvanl
8b2dc2a746 Update ginkgo import path to use /v2 
Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-09 11:25:41 +01:00
joshvanl
52787eabd2 Adds e2e tests for the new SelfSigned CertificateSigningRequest Secret 
informer

Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-09 11:17:44 +01:00
joshvanl
0b2cdf5a40 Adds e2e tests for CertificateRequest self signing controller; focussing 
on requests being re-synced when the target Secret is up

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-08-09 08:40:05 +01:00
Joakim Ahrlin
de0f39e553 add random suffix to webhooks in CA Injector e2e tests 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-08-08 12:52:52 +02:00
Tim Ramlot
836793e7e3 upgrade gateway api to v0.5.0 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-08 08:52:59 +00:00
jetstack-bot
07677c57bc
Merge pull request #5366 from munnerz/privatekey-regen-test 
Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried
 2022-08-05 16:23:30 +01:00
James Munnelly
ddc19a1c57 Fix comment 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-05 15:52:52 +01:00
jetstack-bot
88bda66693
Merge pull request #5345 from inteon/ginkgo_v2 
Upgrade to Ginkgo v2
 2022-08-04 21:06:15 +01:00
James Munnelly
2de5135e18 Fix test flake 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 14:15:49 +01:00
James Munnelly
e62bfaf367 Add test to check InvalidRequest handling for certificates 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
51014e5752 Add integration test for regenerating private key for each CR upon failure 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
099a52ffe3 integration framework: add StartInformersAndControllers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
Tim Ramlot
a8743628a4 only print Helm install output on error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:21:27 +00:00
Tim Ramlot
501277bb62 bugfix ginkgo: make tests deterministic, don't use maps to define testCases 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:16:29 +00:00
Tim Ramlot
9897f2355c upgrade ginkgo to v2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:16:29 +00:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Tim Ramlot
f6a381d247 replace 'github.com/onsi/ginkgo' with 'github.com/onsi/ginkgo/v2' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-03 15:28:23 +00:00
Ashley Davis
d53689c181
remove straggling BUILD.bazel file 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-01 09:40:58 +01:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
joshvanl
1f2ba6d7f7 Update the approval e2e tests so that transient client request errors 
are retried, and correctly check the error returned is expected when
appropriate.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-20 16:31:11 +01:00
jetstack-bot
519d4dd803
Merge pull request #5318 from JoshVanL/test-e2e-flake-secret-template 
E2E test flakes: SecretTemplate
 2022-07-20 13:37:13 +01:00
joshvanl
9118c112e3 Adds on conflict retries to certificate state change in the 
SecretTemplate e2e test setups

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-20 12:21:29 +01:00
joshvanl
43223a1863 Adds on conflict retries to certificate state change in the 
additionaloutputformat e2e test setups

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-20 11:42:43 +01:00
James Munnelly
09e42e10db Retry update on conflicts during SecretTemplate tests to avoid test flakes 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-07-11 14:13:21 +01:00
Joe Bowbeer
1dc252e27e update kyverno version and policy 
Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>
 2022-07-06 10:11:37 -07:00
joshvanl
328ea2b632 Change all scripts #!/bin/bash -> #!/usr/bin/env bash. Also changes same 
for Makefile SHELL

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 14:49:34 +01:00
jetstack-bot
5a4e7654d4
Merge pull request #5097 from lucacome/bump-k8s-deps 
Bump k8s.io dependencies
 2022-07-04 14:44:45 +01:00
Luca Comellini
aaa513de00
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-30 15:16:14 -07:00
Ashley Davis
ca35696244
add make-based upgrade test 
This uses cmctl instead of kubectl_cert-manager, uses make instead of
bazel and fixes an incorrect container name in
test/fixtures/upgrade/overlay/cainjector-ops.yaml

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-30 22:35:39 +01:00
oGi4i
cb2cabb06f
Add private key Ingress annotations to set private key properties for Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-28 17:45:08 +03:00
jetstack-bot
bbf2b58a5e
Merge pull request #5187 from irbekrm/cleanup_kind_config 
Clean up kind config
 2022-06-21 16:22:48 +01:00
oGi4i
3148b17fa5
Add revision history limit Ingress annotation to set field on the Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-21 15:12:09 +03:00