weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,015 Commits 45 Branches 0 Tags 96 MiB
ea84532a5c
Commit Graph

395 Commits

Author SHA1 Message Date
Euan Kemp
ea84532a5c issuer/route53: log ignored InvalidChangeBatch err 2018-07-20 10:10:02 -07:00
Euan Kemp
15d497b4ca issuer/route53: fix delete for 'NotExist' errors 
Fixes #736.

Prior to this change, it was quite possible to end up with a queue of
cleanup tasks that would never succeed.
 2018-07-19 10:20:27 -07:00
jetstack-bot
6348c6ffca
Merge pull request #722 from autonomic-ai/support-ec-keys 
Add keyAlgorithm and keySize fields to Certificates, and support ECDSA keys
 2018-07-18 10:00:36 +01:00
Afolabi Badmos
445e522432 Add support for EC keys 
- This PR adds two fields to CertificateSpec:
  - `keyAlgorithm`, denotes which algorithm to use when generating
    a private key. Can be either `rsa` or `ecdsa`. When not set, the
    default algorithm used `rsa`.
  - `keySize`, denotes the key size of the private key being generated.
    For `rsa`, minimum key size is 2048 and maximum is 8192.
    For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
    See https://golang.org/pkg/crypto/elliptic

- `keySize` can be set without being explicit about `keyAlgorithm`.
  - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
    be used as the key algorithm.

- `keyAlgorithm` can be set without being explicit about `keySize`.
  - If `keyAlgorithm` is specified and `keySize` is not provided, key size
    key size of `256` will be used for `ecdsa` key algorithm and
    key size of `2048` will be used for `rsa` key algorithm.

- helper functions in `pki` package now return crypto.PrivateKey
 2018-07-17 12:42:07 -04:00
Louis Taylor
969c4530a0
Add Contains util function 2018-07-12 10:27:05 +01:00
jetstack-bot
a162a5bb8e
Merge pull request #612 from vdesjardins/custom-approle-path 
Vault: configurable appRole authentication path
 2018-07-11 17:53:33 +01:00
jetstack-bot
c08cd80730
Merge pull request #622 from munnerz/istio-annotation 
Add auth.istio.io annotation to ACME HTTP01 service
 2018-07-11 17:18:33 +01:00
Vincent Desjardins
7fae0fccf1 code review fixes 2018-07-11 16:00:39 +00:00
Vincent Desjardins
ca3b909cb7 code review modifications 2018-07-11 16:00:39 +00:00
Vincent Desjardins
2995cc90a3 Vault: configurable appRole authentication path 2018-07-11 16:00:39 +00:00
jetstack-bot
bd7f15d5f4
Merge pull request #710 from kragniz/dns-flag 
Add flag for setting nameservers for DNS01 check
 2018-07-11 14:26:33 +01:00
jetstack-bot
1c167c302d
Merge pull request #720 from zegl/route53-managed-by-certmanager 
route53: update managed by DNS record comment
 2018-07-11 13:37:49 +01:00
Gustav Westling
641b497242 route53: update managed by DNS record comment 2018-07-08 12:09:00 +02:00
Louis Taylor
d60f4b447e
Apply cert name label to created secrets 2018-07-06 18:02:13 +01:00
jetstack-bot
c48a38ae17
Merge pull request #644 from munnerz/ref-docs 
Add script for generating reference docs
 2018-07-05 15:12:41 +01:00
James Munnelly
2014183a57 Add script for generating reference docs 2018-07-05 14:47:32 +01:00
Louis Taylor
cbc61ef7f9
Fix tests 2018-07-05 12:41:33 +01:00
Louis Taylor
3eaca6a318
Add flag for custom dns01 nameservers 2018-07-05 12:40:53 +01:00
James Munnelly
d61838d901 Prevent panics in v1alpha1 helpers.go 2018-07-05 11:43:19 +01:00
André Cruz
936e2b98ee Support the new "ready" order status 2018-07-03 15:31:14 +01:00
jetstack-bot
e7a2a0c618
Merge pull request #686 from kragniz/acme-config-update 
Update spec.acme.config field when ingress changes
 2018-06-29 10:11:06 +01:00
James Munnelly
86685369aa Add test for a non-acme certificate being appropriately updated 2018-06-29 09:46:04 +01:00
Louis Taylor
25311a57c5
Add better check for nil spec.acme 2018-06-27 14:37:53 +01:00
Louis Taylor
bc9181a925
Update spec.acme.config field when ingress changes 
Fixes #619.
 2018-06-27 10:52:00 +01:00
James Munnelly
c55e7661b2 Add unit tests for resource validation 2018-06-26 14:59:48 +01:00
James Munnelly
951b72bba0 Add basic resource validation at start of sync loops 2018-06-26 14:59:48 +01:00
James Munnelly
bbb65baa38 Run go fmt 2018-06-26 01:24:52 +01:00
Guilherme Blanco
8d69e1e811 Added annotation to pod to prevent istio-sidecar-injector to add an envoy-proxy 2018-06-26 01:24:52 +01:00
James Munnelly
65b6ae2643 Add auth.istio.io annotation to ACME HTTP01 service 2018-06-26 01:24:52 +01:00
jetstack-bot
7ef053cf3e
Merge pull request #667 from euank/scheduler-mock 
pkg/scheduler: fix minor race; use mocks in scheduler tests
 2018-06-25 20:37:29 +01:00
Euan Kemp
b7d4470f81 pkg/scheduler: fix minor race 
While unlikely, it was possible before for the scheduler to race in such
a way that concurrent 'Add' calls would result in "leaking" a timer,
thus making an unstoppable invocation of that event.

This includes a test which fails without the small bugfix in
scheduler.go
 2018-06-25 12:01:51 -07:00
James Munnelly
fe5e748170 Don't return invalid/expired orders in shouldAttemptValidation 2018-06-25 10:46:10 +01:00
Euan Kemp
bb1fe81834 pkg/scheduler: use mock timer for tests 
This speeds up the unit tests from taking about 12s to taking around
.01s
 2018-06-19 17:48:16 -07:00
James Munnelly
592bfc7edc issuers: Skip triggering API update if status has not changed 2018-06-18 01:55:45 +01:00
jetstack-bot
61729fb96a
Merge pull request #637 from munnerz/selfsigned 
Add self signed Issuer type
 2018-06-15 14:31:33 +01:00
jetstack-bot
cb107f3b89
Merge pull request #652 from euank/r53-owner 
issuer/dns/route53: add myself as owner
 2018-06-14 12:32:36 +01:00
jetstack-bot
12d603f511
Merge pull request #629 from groner/check-acme-issuer-challenge-type 
Check the acme issuer has the challenge type configured.
 2018-06-14 11:54:37 +01:00
Euan Kemp
27b5e49732 issuer/dns/route53: add myself as owner 2018-06-12 18:32:49 -07:00
jetstack-bot
df4b493b38
Merge pull request #582 from ThatWasBrilliant/master 
FindZoneByFqdn fixes from lego
 2018-06-12 16:25:41 +01:00
James Munnelly
00e558a9e7 Fix package naming 2018-06-08 17:49:26 +01:00
James Munnelly
0c05e15024 Run hack/update-codegen.sh 2018-06-08 15:48:30 +01:00
James Munnelly
6cfdc62f6b Add self signed Issuer type 2018-06-08 15:48:30 +01:00
James Munnelly
1fd8cdf13e Create common GenerateCSR and GenerateTemplate methods for creating Certificate/CertificateRequest 2018-06-08 15:15:27 +01:00
Kai Groner
b7a8c4c623 Check the acme issuer has the challenge type configured. 2018-06-06 10:19:22 -04:00
jetstack-bot
3cafdd9401
Merge pull request #598 from euank/log-namespaces 
issuer/acme/*: log namespaces for resources
 2018-06-06 09:52:53 +01:00
jetstack-bot
c61f392163
Merge pull request #555 from paultiplady/debug/gcloud-errors 
Improve logs for CloudDNS service account errors
 2018-06-06 01:40:39 +01:00
Euan Kemp
a09e9037de issuer/acme/http: log namespaces for resources 
It's useful to know what namespace is being operated on, so log
namespaces all over the place!
 2018-05-30 20:10:17 -07:00
Euan Kemp
09a5846412 issuer/acme/http: remove unused test code 
¯\_(ツ)_/¯
 2018-05-30 20:03:00 -07:00
Euan Kemp
36b57ba475 issuer/acme/dns: log namespace for secret errors 
If we can't find the secret, the user should probably also know what
namespace we looked in.

xref #540 for a case where this might help with debugging
 2018-05-30 20:00:21 -07:00
Euan Kemp
910a9e8859 issuer/acme/dns: remove redundant 'Error' calls 2018-05-30 19:57:44 -07:00