cert-manager

Author	SHA1	Message	Date
Tim Ramlot	a9339849e5	improve label and annotation checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-23 17:05:42 +02:00
jetstack-bot	4d1486bbfc	Merge pull request #6168 from inteon/add_public_key_match Add SecretPublicKeysDiffersFromCurrentCertificateRequest check	2023-06-23 16:55:40 +02:00
Tim Ramlot	19377b43b1	fix feedback from @wallrj Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-21 15:31:20 +02:00
Tim Ramlot	82499eb75b	fix failing TestNewReadinessPolicyChain test Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-20 19:06:02 +02:00
Tim Ramlot	9000a06956	BUGFIX: we incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 21:31:25 +02:00
Tim Ramlot	fe4f4e4aa6	re-add TODO comment and make the message more clear Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 14:51:39 +02:00
Tim Ramlot	8ddf016b00	fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-13 16:54:32 +02:00
irbekrm	b1a59164e0	Don't import controller's feature gate setup into a shared library To prevent controller's feature gates from overwriting other component's feature gates Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-23 12:01:30 +01:00
Tim Ramlot	0cf0f80b40	switch to non-deprecated functions in source code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
Tim Ramlot	e08a13496d	replace deprecated wait.PollUntil() and wait.Poll() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-09 17:47:53 +02:00
jetstack-bot	50501d2f64	Merge pull request #5824 from irbekrm/controller_partial_metadata Controller partial metadata	2023-04-06 15:38:02 +01:00
irbekrm	de34694516	Makes some updates to CertificateRequests design The design is out of date in general though Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-27 09:57:44 +01:00
irbekrm	f5ea958317	Issuing controller fails issuances for denied/invalid CRs This is not necessarily a breaking change as this appears to have been the current behaviour in most cases due to the race condition that this commit fixes Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-24 15:37:57 +00:00
irbekrm	7d592a8270	Swap upstream core informers factory with out wrapper This does not actually change how the informers work. This also adds a partial metadata client to root context Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	5d7614ddd4	Passes controller context into all NewController funcs Instead of individual arguments. For readability and consistency. Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Tim Ramlot	191e7ca305	add (deprecated) stub functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:26:37 +01:00
Tim Ramlot	23de5240e9	move utility functions to reduce fragmentation and rename functions for consistency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:19:39 +01:00
jetstack-bot	1038ca4494	Merge pull request #4502 from ctrought/master support subject and email annotations for ingress/gateway	2023-01-20 14:35:37 +00:00
irbekrm	5e8fd7dc41	Policy check ensures that cert.sepc.secretName secret gets labelled Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:31:31 +00:00
irbekrm	213949a590	Keymanager controller ensures that temporary private key Secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:30:34 +00:00
irbekrm	c7465fd921	Issuing controller ensures that cert.spec.secretName secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:29:51 +00:00
Sathyanarayanan Saravanamuthu	f719247d2b	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	94fa9eeee6	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	42ae76ae30	Refreshing secrets when the keystore fields change Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	2969202fe2	Addressing review comments Co-authored-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-11 17:22:38 +05:30
Sathyanarayanan Saravanamuthu	40947b0ef4	Generate Certificate Request with predictable name Co-authored-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-11 17:01:26 +05:30
Tim Ramlot	e917e4a103	log more information on why the get CertificateRequest request failed Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-10-05 18:53:53 +02:00
Tim Ramlot	39fa9f51b4	upgrade dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-09-26 11:43:12 +02:00
ctrought	d9a8047f9c	ingress subject annotations & helper tests Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 11:01:18 -04:00
jetstack-bot	07677c57bc	Merge pull request #5366 from munnerz/privatekey-regen-test Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried	2022-08-05 16:23:30 +01:00
James Munnelly	7b4d04cdef	bugfix: fix issue where CertificateRequests marked InvalidRequest were not properly marked as Failed Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-08-04 12:21:41 +01:00
James Munnelly	11ada1d3d3	rename policyEvaluator->BuildReadyConditionFromChain Signed-off-by: James Munnelly <jmunnelly@apple.com>	2022-08-04 12:21:41 +01:00
Tim Ramlot	93caba980e	apply go fmt for go1.19 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-08-04 09:51:57 +00:00
Ashley Davis	fb231ab641	Remove bazel 🎉 This removes all .bazel and .bzl files, and a bunch of scripts relating to bazel, now that it's been entirely replaced. There are still a few places where traces could be removed, but this removes the brunt of the bazel stuff that remains. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-07-26 11:38:50 +01:00
joshvanl	91e0a5ceca	TestManyPasswordLengths: pre-create password test cases outside of concurrent tests Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-07-21 09:30:28 +01:00
jetstack-bot	d15d2d51ec	Merge pull request #5199 from irbekrm/fix_keyrotation_warning Fix keyrotation warning	2022-06-30 14:14:03 +01:00
Ashley Davis	a40fdd64b5	Incease issuer and clusterissuer controller timeouts This follows ideas presented in https://github.com/cert-manager/cert-manager/pull/5214 It might be nice to add these big timeouts globally to all controllers but we're intentionally keeping these changes small and targeted for now in order to minimise the risk when backporting these changes. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-06-22 11:35:00 +01:00
irbekrm	bb124a0f61	Corrects the cert.spec.privateKey path in logs Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-06-09 15:30:08 +01:00
irbekrm	ede76c3c25	Clarifies the warning if private key cannot be regenerated, but spec has changed Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-06-09 14:41:35 +01:00
Alessandro Vermeulen	1da01211ee	Feature gated support for using literal subjects in `Certificate`s Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>	2022-06-08 20:50:00 +02:00
joshvanl	6ee59fb9e8	Wires up new post issuance checks for issuing controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-29 13:54:27 +01:00
irbekrm	dbad3d98f3	Rename issuanceAttempts -> failedIssuanceAttempts In an attempt to convey the meaning of the field better Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	4c901aefab	Code review comments Adds test conditions to certs via patch API call instead of update to avoid conflicts Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	739c3298e8	Trigger controller backs off from issuance with an exponential backoff Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
irbekrm	9824ab0949	certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed This field tracks the number of continuous failures and is used to implement exponential backoff Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-03-21 07:33:51 +00:00
jetstack-bot	10c5d72279	Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate	2022-02-16 10:57:37 +00:00
joshvanl	da67eb2b65	Adds explicit field manager to requestsmanager controller Create call Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:22:33 +00:00
joshvanl	38ce8b3bcf	Always user `Create` operation when creating new CertificateRequest object Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:22:33 +00:00
joshvanl	b2cc1b38cb	Use optional apply for requestmanager Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:22:04 +00:00
joshvanl	4dc6c957d4	Adds review comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-11 16:15:57 +00:00

1 2 3 4 5 ...

505 Commits