weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,983 Commits 45 Branches 0 Tags 96 MiB
ef32714434
Commit Graph

2584 Commits

Author SHA1 Message Date
jetstack-bot
54c66769bc
Merge pull request #4353 from SgtCoDFish/beta1dnscrds 
Fix mistakenly changed CRDs for v1beta1
 2021-08-13 15:40:11 +02:00
Ashley Davis
e0e5a50f31
fix mistakenly changed CRDs for v1beta1 (#4352) 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-13 13:44:05 +01:00
Inteon
91ec4c773a
use correct contexts everywhere & don't restart apiserver to add crds 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-12 20:05:01 +02:00
Inteon
abc39053b2
resolve .Stop() failures 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-07 10:19:07 +02:00
jetstack-bot
f3ec43f474
Merge pull request #4310 from jakexks/gateway-feature-gate 
Put Gateway-API support behind a feature-gate.
 2021-08-06 16:27:00 +01:00
jetstack-bot
8772aec7d3
Merge pull request #4311 from SgtCoDFish/http01timeout 
Adds an explicit timeout when pre-checking HTTP-01 challenges
 2021-08-06 12:29:20 +01:00
Ashley Davis
e787888c31
adds an explicit timeout when pre-checking HTTP-01 challenges 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-05 15:22:51 +01:00
Jake Sanders
36aa9e2501
The gateway-api support is now gated behind --feature-gate=ExperimentalGatewayAPISupport=true 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-05 14:37:54 +01:00
jetstack-bot
d647e543e3
Merge pull request #4276 from jakexks/gateway-http01 
Experimental Gateway API support for ACME HTTP-01 Solving
 2021-08-03 18:51:49 +01:00
jetstack-bot
be8079b504
Merge pull request #4293 from maelvls/fix-nil-pointer 
Nil pointer exception: certificateRef and TLS can now be left empty
 2021-08-03 16:04:49 +01:00
Jake Sanders
2b9fc73dcb
Fix Gateway validation tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 15:53:04 +01:00
Jake Sanders
23e1acdd5c
Update Gateway HTTPRoute Label doc string 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 15:26:40 +01:00
Maël Valais
30af205777 nil pointer: the Gateway API is full of pointers 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-08-03 15:43:16 +02:00
Jake Sanders
c2d7a98192
Remove PodTemplate from Gateway Solver, rename to GatewayHTTPRoute 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-03 14:26:45 +01:00
jetstack-bot
d0f4c82baf
Merge pull request #4226 from inteon/simple_kubectl_check_version 
add 'kubectl cert-manager version'
 2021-08-03 12:36:19 +01:00
Jonathan Prates
50bb91a032 feat: update object description explaning the current behaviour 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 09:26:23 +01:00
Jonathan Prates
aed1d7137e feat: add validation to block annotations containing cert-manager.io/ prefix 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
12363f91e2 fix: move secretTemplate validations to validation package 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
6e8f74b4f8 tests: add Labels map to the expected secret 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
e1034c219e feat: add validation for annotations and labels 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
c5e81b13f6 fix: labels cannot be shown if no labels were changed 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
d8be463426 fix: update autogenerated converison code 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
811069cac7 fix: do not create secret labels if template is empty 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
9f36f8984b feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
1f87c098a1 fix: update autogenerated code 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Simon Prates
91cecb65e1 fix: add optional annotation to secretTemplate field 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
 2021-08-03 01:19:11 +01:00
Jonathan Simon Prates
82f1828857 fix: typo in function's comment 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
d29e89c948 chore: update function documentation and fix typo 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
936ad33539 fix: ensure secret annotations and labels will be copied if updated in the cert 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
47bc03e7c4 feat: add support to secretTemplates 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jake Sanders
b38869b551
Gateway HTTP01: Make docs better, only enable gateway solver if gateway API is found 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:23 +01:00
Jake Sanders
34a844b150
Fix validation test, add RBAC for gateway API 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:21 +01:00
Jake Sanders
deb9ccc5a9
HTTP01 solver support for the Gateway API 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:16 +01:00
Jake Sanders
6f6213c5fd
APIs and validation 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-08-02 14:06:09 +01:00
Inteon
85710579dd
Apply suggestions from code review 
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-30 17:00:27 +02:00
jetstack-bot
b04e42c437
Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 
Conversion: Apiextensions v1beta1 -> v1
 2021-07-30 15:49:49 +01:00
jetstack-bot
5543772de0
Merge pull request #4254 from JoshVanL/admission-v1beta1-v1 
Remove v1beta1 from admission review
 2021-07-30 10:57:54 +01:00
jetstack-bot
6d13f910ef
Merge pull request #4271 from maelvls/forget-scheduler-item-deletedfunc 
Revert the `Forget` call that was happening on every Certificates and Orders sync
 2021-07-29 17:02:41 +01:00
Inteon
644db10b92
don't early-stop, instead return all versions 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-29 15:06:31 +02:00
joshvanl
8470ba96f0 Change webhook admission/mutation to no longer understand and reject anything which is not 
v1 (remove v1beta1)

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-29 11:10:24 +01:00
Maël Valais
e4f981da66 Revert "memory leak: clean up scheduler goroutine on cert deletion" 
This reverts commit 641960b6. The reason we decided to revert this is
that we are unsure about the implications of adding the
scheduledWorkQueue.Forget call. The new Forget call is left untested,
and it makes us nervous not to know exactly if it works as intended.

The "Forget" memory leak that we are reverting now is the cause of a
tiny fraction of the overall memory leakage that was fixed in the PR
in the scheduler itself.  Reverting this means that some goroutines will
be leaked, but only when a Certificate gets removed and never recreated
with the same name.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-28 19:19:39 +02:00
jetstack-bot
8ae179b8f5
Merge pull request #4261 from SgtCoDFish/tsuru-ca-chain-without-root 
CA chain fix without root
 2021-07-28 17:18:41 +01:00
jetstack-bot
d062176777
Merge pull request #4243 from inteon/improved_go_routines 
Cleanup goroutine management
 2021-07-28 15:36:41 +01:00
Ashley Davis
2ee4abeb24
handle individual certs in ParseSingleCertificateChain 
roots are handled differently because they're their own CAs

also adds test cases for each of:

- a lone leaf
- a lone intermediate
- a lone root

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-07-28 14:06:57 +01:00
Wilson Júnior
18235e3624
Improve ParseSingleCertificateChain when no root is present 
Fixes when the certificate chain does not have a root CA,
in which case the chain should contain all available intermediates
and ca.crt should contain the rootmost certificate.

Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: Wilson Júnior <wilsonpjunior@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-07-28 14:05:19 +01:00
Inteon
d867fcc44d
remove unnecessary wait.Until 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-27 21:43:54 +02:00
jetstack-bot
3b50d78ae4
Merge pull request #4225 from jakexks/ingressv1 
Feature: Support both v1 and v1beta1 ingresses.
 2021-07-27 20:11:37 +01:00
Inteon
fa36a5bc87
add version check for current version 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-27 18:11:24 +02:00
Inteon
6545064fcf
align flags and behaviour to 'kubectl version' 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-27 18:02:21 +02:00
Jake Sanders
d69a48c1dc
Add comment to exported ConvertedGVKAnnotation constant. 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-27 17:01:50 +01:00