weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,382 Commits 45 Branches 0 Tags 96 MiB
e8987bc6b8
Commit Graph

903 Commits

Author SHA1 Message Date
Adam Talbot
e8987bc6b8 fix: remove trailing spaces from values.yaml to fix yamllint 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-15 10:30:28 +00:00
Adam Talbot
af4685c595 feat: update chart README using autogenerated docs 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-15 10:25:23 +00:00
Adam Talbot
486bfa15b2 feat: update values.yaml to have doc-comments above all values 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-15 09:41:26 +00:00
Jan-Otto Kröpke
7fdea152eb
[helm] Move cert-manager.io/disable-validation to values 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2024-01-13 16:21:49 +01:00
Jan-Otto Kröpke
64909f5688
[helm] Support custom spec.namespaceSelector for webhooks 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2024-01-13 10:41:13 +01:00
Tim Ramlot
67f8a03cae
update AzureDNS auth API comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-12 12:07:02 +01:00
jetstack-bot
44daf2ea8b
Merge pull request #6248 from tberreis/master 
feat: allow changing the default Deployment revisionHistoryLimit
 2024-01-10 15:48:17 +00:00
jetstack-bot
a1c134e78c
Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint 
feat: add tls to metrics endpoint
 2024-01-10 14:48:17 +00:00
Tim Ramlot
9bb4c3e075
move revisionHistoryLimit to globals & supprot revisionHistoryLimit=0 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:45:29 +01:00
Thomas Berreis
e1fe377dcb
feat: allow changing the default revisionHistoryLimit 
Signed-off-by: Thomas Berreis <thomas@berreis.de>
 2024-01-04 09:45:29 +01:00
Tim Ramlot
9e2c6ae08a
run 'make update-crds' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
Tim Ramlot
41404a7fd7
rename UseCertificateRequestNameConstraints to NameConstraints 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 15:49:18 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
jetstack-bot
4af78fe98a
Merge pull request #6548 from snorwin/modern-pkcs12 
New option to specify encryption and MAC algorithms for PKCS#12 keystores.
 2024-01-03 12:54:22 +00:00
Tim Ramlot
8223df9e91
rename Algorithms to Profile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 13:45:02 +01:00
jetstack-bot
9b90f50be8
Merge pull request #6549 from SgtCoDFish/standalone-apicheck 
Add separate startupapicheck binary
 2024-01-03 11:12:22 +00:00
Tim Ramlot
646a0698b6
undo docs change 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 10:56:18 +01:00
Tim Ramlot
2882d4a0c7
make fix more general (eg. support levels > 5) 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 10:52:59 +01:00
ChrisDevo
449fb81595
Fix comment about allowed logLevel values (see: pkg/logs/logs.go#L44-49) 
Signed-off-by: ChrisDevo <chris.devine@berkeley.edu>
 2024-01-03 10:39:02 +01:00
ChrisDevo
519197b511
Improve parsing of helm global.logLevel (only accept integers 0-5, inclusive) 
Signed-off-by: ChrisDevo <chris.devine@berkeley.edu>
 2024-01-03 10:39:02 +01:00
Ashley Davis
b3b14fda41
add separate startupapicheck binary 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-01-02 17:17:50 +00:00
Adam Talbot
2897f787cb feat: add example for setting up TLS on metrics endpoint via the helm chart 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-02 13:38:09 +00:00
dylanhitt
751ca52626 docs: declare updated kube version in artifact hub doc 
Signed-off-by: Dylan Hitt <dylan.hitt1@gmail.com>
 2023-12-28 22:44:46 -05:00
Tim Ramlot
24794feac0
update API comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-20 11:26:52 +01:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
Norwin Schnyder
ebf58b9967 apply PR feedback 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-15 10:52:57 +01:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Norwin Schnyder
b8ad8a3704 apply PR feedback 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-13 12:00:39 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Norwin Schnyder
b79e73f484 fix controller-gen errors 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 18:25:15 +01:00
Norwin Schnyder
c583278ce8 generate manifests 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 14:27:41 +00:00
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
Avi Sharma
c72fc28773 Fix controller feautregates config in helm 
Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>
 2023-11-17 21:38:44 +05:30
Richard Wall
a2ca3c714f Enable verbose logging in startupapicheck by default 
So that if it fails, users can know exactly what caused the failure.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-11-17 09:09:41 +00:00
Jeremy Campbell
dc876fef16
Add x509 v3 CA Issuers Extension 
Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>
 2023-11-16 12:45:16 -06:00
jetstack-bot
b0ed333413
Merge pull request #6459 from shlomitubul/master 
feat(helm) Add support for PodMonitor
 2023-11-16 14:45:00 +01:00
Richard Wall
a0e5afc0f4 Increase the webhook timeout to its maximum value 
Users sometimes report that the connection between the K8S API server and the
cert-manager webhook server times out.

But the error message is often only "context deadline exceeded",
which doesn't help the user know what phase of the HTTPS connection timed out.

It could be during DNS resolution, TCP connection, TLS negotiation, HTTP channel
negotiation, or slow HTTP response from the webhook server.

So this change increases the context timeout to its maximum value
so that the underlying timeout error message has more chance of being returned to the end user.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-11-15 17:54:43 +00:00
Richard Wall
8eb547d9cb Remove redundant / misleading runAsNonRoot examples from values.yaml 
`runAsNonRoot` is already set to true in the *Pod*SecurityContext,
so there isn't really any reason to set it at the Container SecurityContext too.

Having it in the example values.yaml file gives the misleading impression that
runAsNonRoot is not the default.

 * https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-31 11:08:54 +00:00
jetstack-bot
32418051c3
Merge pull request #6460 from erikgb/helm-ca-injector-feature-gates 
feat(helm): allow configuration of cainjector feature gates
 2023-10-31 11:39:20 +01:00
Richard Wall
6d206795c7 Enable readOnlyRootFilesystem by default 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-31 09:55:23 +00:00
Erik Godding Boye
af3e88c6da
feat(helm): allow configuration of cainjector feature gates 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2023-10-31 10:54:17 +01:00
ShlomiTubul
0a16c4ecd2 feat(helm) Add support for PodMonitor 
Signed-off-by: ShlomiTubul <shlomi.tubul@placer.ai>
 2023-10-30 22:38:09 +02:00
ABWassim
5ab8a6b71c fix(helm): templating of required value in controller and webhook configmaps 
Signed-off-by: ABWassim <wassim.belkacem99@gmail.com>
 2023-10-23 09:23:51 +02:00