DER Format to create key.der binary format of the private key.
CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.
Added Unit and e2e tests for secret with Additional output format.
Feature flag AdditionalCertificateOutputFormats to enable feature.
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
Ensure the time returned by RenewalTime function is the same time as that which will be read from Certificate's status
Signed-off-by: irbekrm <irbekrm@gmail.com>
This reverts commit 641960b6. The reason we decided to revert this is
that we are unsure about the implications of adding the
scheduledWorkQueue.Forget call. The new Forget call is left untested,
and it makes us nervous not to know exactly if it works as intended.
The "Forget" memory leak that we are reverting now is the cause of a
tiny fraction of the overall memory leakage that was fixed in the PR
in the scheduler itself. Reverting this means that some goroutines will
be leaked, but only when a Certificate gets removed and never recreated
with the same name.
Signed-off-by: Maël Valais <mael@vls.dev>
Using the value from copied-annotation-prefixes flag, where by default kubectl, fluxcd, argocd annotations are excluded
Signed-off-by: irbekrm <irbekrm@gmail.com>
This bug can be reproduced using "go run -race" and by creating many
Certificates and renewing them continuously. With 5000 Certificate
objects, a data race is found in less than a minute.
Signed-off-by: Maël Valais <mael@vls.dev>
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.
Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.
Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
pkg/ctl/scheme.go:17:1: package comment should be of the form "Package ctl ..."
pkg/issuer/acme/dns/acmedns/acmedns.go:43:2: var accountJson should be accountJSON
pkg/issuer/acme/dns/acmedns/acmedns.go:50:43: func parameter accountJson should be accountJSON
pkg/controller/certificates/trigger/policies/policies.go:57:1: comment on exported type Chain should be of the form "Chain ..." (with optional leading article)
pkg/controller/ingress-shim/sync.go:36:2: package "github.com/jetstack/cert-manager/pkg/logs" is being imported more than once (ST1019)
pkg/controller/ingress-shim/sync.go:37:2: other import of "github.com/jetstack/cert-manager/pkg/logs"
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
fixes the following issues:
pkg/controller/acmeorders/util.go:84:6 deadcode `hashChallenge` is unused
pkg/controller/certificaterequests/approver/approver.go:72:14 staticcheck SA4021: x = append(y) is equivalent to x = y
pkg/controller/certificaterequests/vault/vault_test.go:535:21 errcheck Error return value of `controller.Register` is not checked
pkg/controller/certificates/trigger/policies/policies.go:121:26 gosimple S1039: unnecessary use of fmt.Sprintf
pkg/controller/clusterissuers/sync_test.go:55:12 errcheck Error return value of `c.Register` is not checked
pkg/controller/ingress-shim/sync.go:301:2 gosimple S1005: unnecessary assignment to the blank identifier
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
