weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,821 Commits 45 Branches 0 Tags 96 MiB
e930bd3ca7
Commit Graph

738 Commits

Author SHA1 Message Date
jetstack-bot
e930bd3ca7
Merge pull request #1244 from DanielMorsing/self-check-errs 
Surface self-check errors in challenge resource
 2019-01-23 14:50:16 +00:00
Daniel Morsing
99c16b77dc fix other test 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-21 13:33:34 +00:00
Daniel Morsing
336e9e353a fix missed test 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-21 13:13:05 +00:00
Daniel Morsing
b0a9b8276c surface self-check errors in challenge resource 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-21 11:49:46 +00:00
jetstack-bot
438d0a6775
Merge pull request #1240 from munnerz/expired-orders-no-cert 
Update order status if state changes while retrieving an existing certificate
 2019-01-18 14:28:23 +00:00
James Munnelly
3d1183a169 Fix nil map panic when writing to an empty existing Secret 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-18 11:16:44 +00:00
James Munnelly
c91833f43a Update order status if state changes will retrieving an existing certificate 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 18:29:55 +00:00
jetstack-bot
1a75d41429
Merge pull request #1226 from munnerz/acme-client-metrics 
Add prometheus metrics for ACME client HTTP requests
 2019-01-17 17:28:02 +00:00
Daniel Morsing
88d811b34c change Check function signature 
This makes the check function into a simple precondition

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 16:45:03 +00:00
jetstack-bot
63562421b8
Merge pull request #1227 from munnerz/use-cached-account-uri 
Use cached ACME account URL when constructing ACME client
 2019-01-17 15:50:01 +00:00
jetstack-bot
e2e2b5998f
Merge pull request #1230 from munnerz/clear-url-on-reverify 
Clear issuer account URL if the directory and account URL's hosts differ
 2019-01-17 15:28:12 +00:00
Daniel Morsing
921f5c6d10 absorb every error from http self-check 
Body read errors are just regular errors, so we can reclassify them
all into absorb errors

Since we only have absorb errors, flip the switch so that all errors
are absorbed. This will make it easier to surface errors into the
controller.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 15:26:13 +00:00
jetstack-bot
d9a3cd0b3f
Merge pull request #1228 from munnerz/retrieve-valid-order 
If an Order is already valid, attempt to retrieve existing certificate
 2019-01-17 15:12:11 +00:00
James Munnelly
425f9c757a Clear issuer account URL if the directory and account URL's hosts differ 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 14:36:33 +00:00
Daniel Morsing
ac5745d8f0 Remove need for provider config in DNS self-check 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 14:25:19 +00:00
Daniel Morsing
dc8a4cb95e Avoid connection leaking 
An empty transport will by default keep connections alive indefinitely.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 14:09:15 +00:00
James Munnelly
e88e4f4406 If an Order is already valid, attempt to retrieve existing certificate 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 13:19:04 +00:00
Daniel Morsing
d374619ba6 thread controller context into self-check 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 13:05:34 +00:00
James Munnelly
4b6351a4f2 🤦 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 12:57:19 +00:00
Daniel Morsing
62923a9ba8 don't roundtrip url into strings and back 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 12:46:01 +00:00
James Munnelly
26ef11d2dc Use cached account URI on Issuer resource when constructing ACME client 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-16 23:48:19 +00:00
James Munnelly
804d328b14 Add prometheus metrics for ACME client HTTP requests 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-16 23:05:53 +00:00
Daniel Morsing
f72b59bee1 Disable TLS verification when self-checking 
Fixes #949

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-16 13:39:27 +00:00
James Munnelly
7fd1c2a0e3 Fix issuing a certificate into a pre-existing secret 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-15 14:44:11 +00:00
jetstack-bot
5f96b378e6
Merge pull request #1184 from tlmiller/feature/authnss 
Control authoritative dns01 server check.
 2019-01-12 15:25:07 +00:00
Thomas Miller
dacd0b45cb Control authoritative dns01 server check. 
Adds cmd flag for controlling if authoritative dns servers are used to
check RR propagation or just normal resolvers.

This change is added so that constrained enviornments can control more
aspects of DNS queries performed.

- Applying PR feedback

Signed-off-by: Thomas Miller <thomas@tlm.id.au>
 2019-01-12 20:17:28 +10:00
jetstack-bot
2fc68d9b33
Merge pull request #1197 from munnerz/acme-retain-challenges 
Retain Challenge resources for debugging if an Order enters an invalid state
 2019-01-11 17:22:11 +00:00
jetstack-bot
c512319bfb
Merge pull request #1188 from kragniz/controller-namespace 
Add --namespace flag
 2019-01-11 15:14:11 +00:00
James Munnelly
b1df71dd66 Retain Challenge resources for debugging if an Order enters an invalid state 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-11 14:04:23 +00:00
James Munnelly
21c7b2e13f Increase ACME control loop max back-off. Increase create order back-off to 1h. Fire Event when Order fails. 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-10 22:07:48 +00:00
jetstack-bot
95f63313a9
Merge pull request #1192 from DanielMorsing/add-reason 
Add reason when an order/challenge gets marked invalid
 2019-01-10 15:25:23 +00:00
Daniel Morsing
cc946c0b45 Populate reason field regardless 
If we have an error, then tell people about it.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-10 14:54:43 +00:00
Daniel Morsing
1b921b1583 remove more strict validation 
Turns out the ACME server can respond with different codes than the ones listed

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-10 14:35:30 +00:00
Daniel Morsing
ba240bbe4e Add reason when an order/challenge gets marked invalid 
When an ACME server tells us that a challenge or an order is invalid, it's helpful to get some information on why that's the case. Populate the reason field with the error information so that these issues can be more easily debugged.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-10 14:05:15 +00:00
Louis Taylor
40b68a3e10 Fix more references to clusterIssuer 
Signed-off-by: Louis Taylor <louis@kragniz.eu>
 2019-01-10 13:52:52 +00:00
Louis Taylor
bbda87b3c8 Add --namespace flag 
Signed-off-by: Louis Taylor <louis@kragniz.eu>
 2019-01-10 13:52:52 +00:00
James Munnelly
8840925e3e Fix append in CA issue function 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-09 11:39:48 +00:00
James Munnelly
22342b61b3 Fix use of SecretTLSKeyPair in certificates controller 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-09 11:39:48 +00:00
Mike Bryant
4fa6d9775c feat: Include entire certificate chain if provided 
Allow a user to provide an entire certificate chain to the ca issuer. Include that chain in all generated certificates

Signed-off-by: Mike Bryant <m@ocado.com>
 2019-01-09 11:39:48 +00:00
James Munnelly
3e7509b51f Remove flakey unit test in dns utils package 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-08 20:18:49 +00:00
James Munnelly
3ac4d19874 Fix bug in challenge scheduler causing invalid results 
Previously, we shared a single backing slice when
performing filter operations on slices, causing issues
when we perform sorting operations on that same
underlying slice.

Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-08 13:53:58 +00:00
James Munnelly
0fcc0c666c Update copyright header year 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-07 15:07:55 +00:00
James Munnelly
e3ab52861a Only follow CNAMEs if the Issuer's cnameStrategy is 'Follow' 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-12-04 13:57:13 +00:00
jetstack-bot
fafa0d5b1d
Merge pull request #1120 from munnerz/improved-challenge-scheduler 
Switch ACME challenge scheduler to evaluate all challenges at once
 2018-11-30 12:29:12 +00:00
jetstack-bot
670cd8564f
Merge pull request #1111 from kellycampbell/udp-timeout-workaround 
Retry dns queries with TCP if UDP has an i/o timeout
 2018-11-30 12:12:12 +00:00
jetstack-bot
bed2934534
Merge pull request #1125 from munnerz/issueresponse-ptr 
Switch issuer.Issue to return a pointer and fix up setting secret fields
 2018-11-30 11:59:12 +00:00
James Munnelly
943e545697 Switch issuer.Issue to return a pointer and fix up setting secret fields 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-30 11:47:08 +00:00
James Munnelly
c890913fb1 Don't update Certificate status condition upon issuance 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-30 10:42:33 +00:00
James Munnelly
bca6ed6e64 Switch ACME challenge scheduler to evaluate all challenges at once 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-29 22:49:55 +00:00
Kelly Campbell
a90e833c3b Retry dns queries with TCP if UDP has an i/o timeout 
Signed-off-by: Kelly Campbell <kelly.a.campbell@gmail.com>
 2018-11-29 10:32:55 -05:00