weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,399 Commits 45 Branches 0 Tags 96 MiB
ecc552a7de
Commit Graph

114 Commits

Author SHA1 Message Date
Maël Valais
39c9c662f7 controller-gen can now update CRDs like before 
The controller-gen tool is quite rude and won't tell you when one of the
CRD manifests cannot be parsed when the option schemapatch is used. As
an example, the following:

  sed -i 's/RFC8555/RFC8556/g' pkg/apis/certmanager/v1/types_issuer.go
  controller-gen schemapatch:manifests=./deploy/crds output:dir=./deploy/crds paths=./pkg/apis/...

should trigger a change in the crd-clusterissuers.yaml:

  @@ -3184,7 +3184,7 @@ spec:
                 type: object
                 properties:
                   acme:
  -                  description: ACME [...] communicate with a RFC8555
  +                  description: ACME [...] communicate with a RFC8556
                     type: object

Unfortunately, controller-gen v0.2.9-0.20200414181213-645d44dca7c0
silently skips faulty CRD manifests. In our case, the CRD had become a
non-YAML file (we need to use some if statements):

  {{- if .Values.webhook.url.host }}
  url: https://{{ .Values.webhook.url.host }}/convert
  {{- else }}
  service:
    name: {{ template "webhook.fullname" . }}
    namespace: {{ .Release.Namespace | quote }}
    path: /convert
  {{- end }}

Two issues can be found (we can use a YAML parser like yq for that):

1. The pipe "|" used in ".Release.Namespace | quote" makes it an invalid
   YAML file. We could rewrite that to

     {{ quote .Release.Namespace }}

  but I decided to go with actual quotes like with the rest of the
  file.

2. The {{ if }}, {{ else }} and {{ end }} are also invalid YAML syntax,
   and one easy workaround is to comment them.

So many workarounds... but it now works!

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-05-11 17:29:06 +02:00
Jake Sanders
79d8d9cb7b
Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" 
This reverts commit 80f27739b5, reversing
changes made to 96604d02a3.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:25 +01:00
Jake Sanders
8ca19b26f9
Revert "Merge pull request #3946 from inteon/fix_kubectl_apply" 
This reverts commit c7514d9262, reversing
changes made to 49cbedf262.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:18 +01:00
Inteon
b44e347ce1 remove podTemplate field from ACMEChallengeSolverHTTP01Istio 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-30 13:15:01 +02:00
Anton Johansson
96a0859ac7
Add support to allow CRD conversion webhooks from outside of the cluster 
Related to #3876

Signed-off-by: Anton Johansson <hello@anton-johansson.com>
 2021-04-28 12:49:10 +02:00
Inteon
2299e8d8a6 Apply suggestions from code review 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
jetstack-bot
b5be5a8730
Merge pull request #3877 from irbekrm/move_crypto_fork 
Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org
 2021-04-13 13:28:15 +01:00
irbekrm
fc9d966a1c Certificate's revision history limit validated by webhook 
To avoid helm upgrade issues, see https://github.com/jetstack/cert-manager/issues/3880

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 14:59:28 +01:00
irbekrm
d213b4bfdb Standardize deprecation warnings 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 09:38:49 +01:00
irbekrm
09af959071 Issuer's ACME EAB algorithm can no longer be set 
It is hardcoded to HS256 in golang.org/x/crypto

Also, we now use a fork of golang.org/x/crypto
in cert-manager org.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-09 10:28:19 +01:00
jetstack-bot
a8c75fab1a
Merge pull request #3773 from JoshVanL/certificate-revision-history-limit 
Certificate revision history limit
 2021-03-26 11:13:58 +00:00
jetstack-bot
dffbf391db
Merge pull request #3733 from jakexks/renewBefore 
Clarify the default values for the renewBefore and duration fields
 2021-03-24 10:53:46 +00:00
joshvanl
59ca6ca850 Move CertificateRequest revisionHistoryLimit validation to OpenAPI 
validation

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 15:58:14 +00:00
joshvanl
72904ca2c1 Updates CertificateRequest printColumn with a new Denied column 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
fb54272d17 Adds Approved condition status as additionalPrinterColumn for pretty 
printing

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
jetstack-bot
fedea03a16
Merge pull request #3774 from JoshVanL/kubectl-get-cr-username 
Add Requestor to kubectl output, moves Issuer name from wide to default outpt
 2021-03-15 18:00:15 +00:00
joshvanl
d2b98828b3 Adds Username to kubectl get output, moves issuer name from wide to 
default

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 16:52:51 +00:00
joshvanl
e6ece1f36b Updates Issuer CRDs with new ObservedGeneration field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:06:22 +00:00
joshvanl
7146f9702d Adds revisionHistoryLimit field to CRD 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:54:35 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
jetstack-bot
c2634d3538
Merge pull request #3613 from JoshVanL/certificate-condition-observed-generation 
Certificate condition observed generation
 2021-03-08 09:47:45 +00:00
Josh Soref
3b957488c3 spelling: will 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Jake Sanders
e19a9f3800
Add default duration to duration field doc 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-03-04 17:18:33 +00:00
joshvanl
b3cab7e265 Updates the CRDs with the Certificate Condition observedGeneration field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:11 +00:00
Jake Sanders
5aedd544d7
Clarify the default value for the renewBefore field 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-03-04 15:37:47 +00:00
irbekrm
959e581368 Removes implementation-specific comment from api 
Co-authored-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-10 13:29:05 +00:00
irbekrm
59f52139dc Finishes sentences with a full stop 
Co-authored-by: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-10 09:43:34 +00:00
irbekrm
863c709a19 Removes minimum and maximum fields from Certificate CRD 
This was done to fix Helm data type conversion problem- see issue #3644 for more context

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-09 17:08:29 +00:00
joshvanl
46d4e61a18 Updates CRDs to include new identity fields to CertificateRequests 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:23:52 +00:00
jetstack-bot
35febb1717
Merge pull request #3505 from hugoboos/ocsp-server 
Add option to specify OCSP server #3497
 2021-02-05 11:27:37 +00:00
jetstack-bot
4fe609156b
Merge pull request #3538 from chulkilee/patch-1 
Fix comments for docs on types_certificate.go
 2021-02-03 15:09:11 +00:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
Chulki Lee
e90b494da6 Fix go comments for API docs 
- Use backticks, not single/double quotes for enum values
- Fix allowed values
- Remove unnecessary quote

Signed-off-by: Chulki Lee <chulki.lee@gmail.com>
 2021-01-22 20:21:19 +09:00
Maartje Eyskens
494fcaf480 Remove all and rename acme to cert-manager-acme 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-01-20 15:21:42 +01:00
Maartje Eyskens
cab840e876 Add CRD catagories 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-01-18 14:09:38 +01:00
jetstack-bot
fcf54969dd
Merge pull request #3489 from exceptionfactory/3373-truststore-p12 
Add creation of truststore.p12 from CA
 2020-12-11 10:21:07 +00:00
exceptionfactory
967fed5309 Reverted changes to removed v1beta1.yaml 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-09 12:12:01 -05:00
exceptionfactory
9a32867a6f Updated CRDs #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-08 11:49:31 -05:00
Maartje Eyskens
ff76fe3a28 Fix CRD targets 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-01 16:43:16 +01:00
Maartje Eyskens
eb3c0f8448 Fix syntax error 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-01 16:32:07 +01:00
Maartje Eyskens
887af1bc84 Remove the legacy release 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-01 16:17:07 +01:00
Maartje Eyskens
d705838e83 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
9559a71301 Update CRDs 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
59048fed64 Rename field 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
04d88479e4 Pass duration on until ACME order creation 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
7b6573aa35 Add duration into ACME 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:45:32 +01:00
Mateusz Gozdek
27fa2f1ec4
Fix various typos found by codespell 
Found by running this command:

codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater

Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
 2020-11-07 14:55:13 +01:00
Raphaël Pinson
e1c8d3ad71
Regenerate CRDs 
Signed-off-by: Raphaël Pinson <raphael.pinson@camptocamp.com>
 2020-10-16 15:40:34 +02:00