cert-manager

Author	SHA1	Message	Date
Ashley Davis	e0e5a50f31	fix mistakenly changed CRDs for v1beta1 (#4352 ) Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-08-13 13:44:05 +01:00
jetstack-bot	17a5066400	Merge pull request #4308 from Dean-Coakley/fix-chart-readme Fix chart readme install command	2021-08-09 09:33:49 +01:00
Dean Coakley	19eae6e81b	Fix chart prerequisites Kubernetes version Ref: https://cert-manager.io/docs/installation/supported-releases/ Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>	2021-08-05 13:20:19 +01:00
Dean Coakley	b42a566d4f	Fix helm install commands for helm 3.x clients Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>	2021-08-05 13:14:35 +01:00
Dean Coakley	c76ae73b00	Fix chart install command to include version Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>	2021-08-05 13:12:03 +01:00
jetstack-bot	34cb511980	Merge pull request #4050 from longkai/fix-ssa explicitly specify port protocol field to allow server side apply	2021-08-04 11:40:23 +01:00
jetstack-bot	d647e543e3	Merge pull request #4276 from jakexks/gateway-http01 Experimental Gateway API support for ACME HTTP-01 Solving	2021-08-03 18:51:49 +01:00
jetstack-bot	b5f80c428e	Merge pull request #4234 from inteon/add_startupapicheck Add startup api check Job	2021-08-03 17:41:49 +01:00
Jake Sanders	23e1acdd5c	Update Gateway HTTPRoute Label doc string Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-03 15:26:40 +01:00
Jake Sanders	c2d7a98192	Remove PodTemplate from Gateway Solver, rename to GatewayHTTPRoute Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-03 14:26:45 +01:00
jetstack-bot	c333ace179	Merge pull request #4072 from Marfeel/master Add a name to Prometheus scraping service port for Istio compatibillity	2021-08-03 11:43:19 +01:00
Fran Sanjuán	21bbdaced6	Set fixed port name Signed-off-by: Fran Sanjuán <francesc.sanjuan@marfeel.com>	2021-08-03 11:55:38 +02:00
Jonathan Prates	50bb91a032	feat: update object description explaning the current behaviour Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 09:26:23 +01:00
Jonathan Prates	9f36f8984b	feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jonathan Prates	0569997ede	feat: update crds Signed-off-by: jonathansp <jonathansimonprates@gmail.com>	2021-08-03 01:19:11 +01:00
Jake Sanders	b38869b551	Gateway HTTP01: Make docs better, only enable gateway solver if gateway API is found Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:23 +01:00
Jake Sanders	34a844b150	Fix validation test, add RBAC for gateway API Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:21 +01:00
Jake Sanders	deb9ccc5a9	HTTP01 solver support for the Gateway API Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:16 +01:00
Jake Sanders	6f6213c5fd	APIs and validation Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-08-02 14:06:09 +01:00
Inteon	06e2ac2d41	change weight of hook resources and only delete after all hooks have finished Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-30 17:31:25 +02:00
jetstack-bot	b04e42c437	Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 Conversion: Apiextensions v1beta1 -> v1	2021-07-30 15:49:49 +01:00
Inteon	0eabaec743	change startupapicheck to helm post-install hook Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-30 16:04:55 +02:00
joshvanl	29514ff09d	Adds `v1beta1` as a supported `admissionReviewVersion` with a note as to why it is listed even though we don't support it Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-29 11:10:25 +01:00
joshvanl	fbfe48cad8	Change webhook manifests for mutation and validation to only accept `v1` in admissionReviewVersions Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-29 11:10:25 +01:00
joshvanl	6c5a4897b6	Adds note as to why `v1beta1` is still an accepted `conversionReviewVersion` Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-28 15:49:50 +01:00
Inteon	e73f3bed12	update README.template.md, add startupapicheck flags Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-28 16:47:31 +02:00
joshvanl	b3ece6708a	Adds v1beta1 as a `conversionReviewVersion` but don't actually support it Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-28 15:36:58 +01:00
mortega	d525001f80	Adding webhook.serviceLabels to README template Signed-off-by: Marco Ortega <mortega@brightcove.com>	2021-07-27 10:24:29 -05:00
Inteon	9092bf8bb6	use correct component name in comments & add --wait-for-jobs flag Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-27 15:54:00 +02:00
mortega	feee2fd76c	Enabling serviceLabels for webhook service. Signed-off-by: Marco Ortega <mortega@brightcove.com>	2021-07-27 07:03:16 -05:00
joshvanl	5680bfd4b3	Change all CRDs to no longer accept v1beta1 conversionReviewVersions Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-26 17:05:58 +01:00
Inteon	411452809c	add startup api check Job Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-20 19:40:53 +02:00
Maël Valais	30f9c123d3	gateway-shim: add the gateway-shim controller Note that the gateway-shim is only half the work for supporting the Gateway API in cert-manager. The other half is the HTTP01 solver support, which is still worked on. The Gateway API in cert-manager is releases as an experimental feature and needs to be enabled manually with the following flag: --controllers=*,gateway-shim All the annotations supported by ingress-shim are also supported by gateway-shim, with some exceptions: "acme.cert-manager.io/http01-ingress-class" This annotation is not supported on the Gateway resource. Although the Gateway resource also has a "gatewayClass" field, we will need to add another field instead of "ingress-class" to avoid confusion with the ingress-shim. "acme.cert-manager.io/http01-edit-in-place" This annotation is not supported because it is specific to some ingress controllers like ingress-gce. "kubernetes.io/tls-acme" This annotation is not supported because it is a behavior inherited from kube-lego and we chose not to keep this behavior with the Gateway API. Unlike the ingress-shim, you can reuse the same Secret name in multiple TLS configurations on the same Gateway resource. The ingress-shim now shows the exact location of the duplicate secretName when the user gives the same secretName in two separate TLS blocks. Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Jake Sanders <i@am.so-aweso.me>	2021-07-15 20:34:55 +02:00
jetstack-bot	c546f5bbd9	Merge pull request #4190 from inteon/helm_labels Remove Helm-specific labels & add version label	2021-07-13 18:27:03 +01:00
Inteon	c7d92681b8	add comments Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-13 17:58:28 +02:00
Inteon	0683738458	fix bug & add comment & cleanup Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-13 13:41:37 +02:00
Inteon	043bbd283e	remove helm-specific labels & add version label Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-11 17:42:32 +02:00
irbekrm	160e638c8f	Explicitly set webhook match policy to Equivalent Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-08 08:16:48 +01:00
irbekrm	3fc6fc62a2	Mutating and validating webhooks only accept v1 resources Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-06 07:36:14 +01:00
jetstack-bot	e7a9ec0dab	Merge pull request #4178 from maelvls/vault-cabundle-base64 vault issuer: specify that the caBundle must be base64-encoded	2021-07-05 20:31:27 +01:00
ulrich giraud	b9c9231305	vault issuer: specify that the caBundle must be base64-encoded Signed-off-by: Ulrich GIRAUD <ulrich.giraud@pole-emploi.fr> Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-02 20:54:03 +02:00
Inteon	f228e6c7be	fix command flags + move to experimental + redo uninstall logic Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-02 12:58:30 +02:00
jetstack-bot	02d90248de	Merge pull request #4079 from annerajb/support-ed25519 support-ed25519	2021-06-15 16:17:53 +01:00
Anner J. Bonilla	9546a357a5	Add support for certificates with ed25519 private keys Note that using ed25519 on the public internet is not currently recommended, since it's not widely supported. You'd likely not be able to use an Ed25519 cert with an ACME issuer today. Ed25519 certs might be useful for internal PKI, though - an ed25519 CA issuer, say - or for testing ed25519 certs before they become more widely available on the public internet. They're not currently supported by Vault, Venafi or ACME (Letsencrypt) issuers. Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com> Signed-off-by: Anner J. Bonilla <annerjb@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-06-14 11:17:35 +01:00
irbekrm	118cfb6029	Remove the defaulting for renewBefore from fuzzer We now calculate this default at reneal time Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-11 15:35:46 +01:00
irbekrm	acd0a98bbb	Updates DefaultRenewBefore to state that it is deprecated Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-11 11:52:54 +01:00
jetstack-bot	528305b5ed	Merge pull request #4064 from JoshVanL/certificate-request-issuer-ca Certificate Signing Request Issuer CA	2021-05-28 10:57:11 +01:00
Richard Wall	1f3c3df090	Add ArtifactHUB pre-release annotations to the Helm chart Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-05-27 13:58:52 +01:00
Richard Wall	8792a17396	Revert "Add ArtifcactHUB pre-release annotation to the Helm chart" Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-05-27 12:16:06 +01:00
joshvanl	459b5e31b0	RBAC permissions for signing and managing cert-manager CertificateSigningRequersts Issuers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:35:58 +01:00

1 2 3 4 5 ...

601 Commits