cert-manager

Author	SHA1	Message	Date
Tamal Saha	1f0e9d4f17	Add seperate rules for leases and configmaps Signed-off-by: Tamal Saha <tamal@appscode.com>	2021-05-17 08:11:20 -07:00
Tamal Saha	6eb8ca3d07	Add RBAC for leases used by updated controller-runtime Signed-off-by: Tamal Saha <tamal@appscode.com>	2021-05-17 08:11:19 -07:00
Tamal Saha	b1cb6422e4	Use controller-runtime v0.9.0-beta.0 Signed-off-by: Tamal Saha <tamal@appscode.com>	2021-05-17 08:11:19 -07:00
Maël Valais	39c9c662f7	controller-gen can now update CRDs like before The controller-gen tool is quite rude and won't tell you when one of the CRD manifests cannot be parsed when the option schemapatch is used. As an example, the following: sed -i 's/RFC8555/RFC8556/g' pkg/apis/certmanager/v1/types_issuer.go controller-gen schemapatch:manifests=./deploy/crds output:dir=./deploy/crds paths=./pkg/apis/... should trigger a change in the crd-clusterissuers.yaml: @@ -3184,7 +3184,7 @@ spec: type: object properties: acme: - description: ACME [...] communicate with a RFC8555 + description: ACME [...] communicate with a RFC8556 type: object Unfortunately, controller-gen v0.2.9-0.20200414181213-645d44dca7c0 silently skips faulty CRD manifests. In our case, the CRD had become a non-YAML file (we need to use some if statements): {{- if .Values.webhook.url.host }} url: https://{{ .Values.webhook.url.host }}/convert {{- else }} service: name: {{ template "webhook.fullname" . }} namespace: {{ .Release.Namespace \| quote }} path: /convert {{- end }} Two issues can be found (we can use a YAML parser like yq for that): 1. The pipe "\|" used in ".Release.Namespace \| quote" makes it an invalid YAML file. We could rewrite that to {{ quote .Release.Namespace }} but I decided to go with actual quotes like with the rest of the file. 2. The {{ if }}, {{ else }} and {{ end }} are also invalid YAML syntax, and one easy workaround is to comment them. So many workarounds... but it now works! Signed-off-by: Maël Valais <mael@vls.dev>	2021-05-11 17:29:06 +02:00
Jake Sanders	79d8d9cb7b	Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" This reverts commit `80f27739b5`, reversing changes made to `96604d02a3`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:25 +01:00
Jake Sanders	8ca19b26f9	Revert "Merge pull request #3946 from inteon/fix_kubectl_apply" This reverts commit `c7514d9262`, reversing changes made to `49cbedf262`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:18 +01:00
Inteon	b44e347ce1	remove podTemplate field from ACMEChallengeSolverHTTP01Istio Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-30 13:15:01 +02:00
jetstack-bot	8d794c6bcf	Merge pull request #3932 from anton-johansson/also-handle-conversion-webhook-from-outside-the-cluster Add support to allow CRD conversion webhooks from outside of the cluster	2021-04-28 13:24:06 +01:00
jetstack-bot	bc5c5e1a37	Merge pull request #3921 from vshn/fix/helm-values Include HTTPS proxy variable in Helm values	2021-04-28 12:24:06 +01:00
Anton Johansson	96a0859ac7	Add support to allow CRD conversion webhooks from outside of the cluster Related to #3876 Signed-off-by: Anton Johansson <hello@anton-johansson.com>	2021-04-28 12:49:10 +02:00
jetstack-bot	27d916edfa	Merge pull request #3876 from anton-johansson/add-support-for-accessing-the-webhook-from-outside-of-the-cluster Add support for accessing the webhook from outside of the cluster	2021-04-28 11:15:07 +01:00
Inteon	2299e8d8a6	Apply suggestions from code review Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:20:49 +02:00
Inteon	624e2b9e69	add ACME HTTP01 Istio support Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:19:53 +02:00
Tobias Nehrlich	6d6d69a5e5	Include HTTPS proxy variable in Helm values The `http_proxy` key was defined twice and is therefore replaced once with the `https_proxy` key. Signed-off-by: Tobias Nehrlich <tobias.nehrlich@vshn.ch>	2021-04-26 12:04:04 +02:00
jetstack-bot	b5be5a8730	Merge pull request #3877 from irbekrm/move_crypto_fork Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org	2021-04-13 13:28:15 +01:00
irbekrm	fc9d966a1c	Certificate's revision history limit validated by webhook To avoid helm upgrade issues, see https://github.com/jetstack/cert-manager/issues/3880 Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-12 14:59:28 +01:00
irbekrm	d213b4bfdb	Standardize deprecation warnings Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-12 09:38:49 +01:00
Anton Johansson	311c0c9582	Add support for accessing the webhook from outside of the cluster This is useful if your control plane is configured in a way where it does not know anything about the internal cluster network. Signed-off-by: Anton Johansson <hello@anton-johansson.com>	2021-04-09 17:15:55 +02:00
irbekrm	09af959071	Issuer's ACME EAB algorithm can no longer be set It is hardcoded to HS256 in golang.org/x/crypto Also, we now use a fork of golang.org/x/crypto in cert-manager org. Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-09 10:28:19 +01:00
irbekrm	22f6cb18d2	Adds some comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-03 15:54:52 +01:00
joshvanl	f8b38daa4c	Update cert-manager-controller:approve RBAC naming to be more consistent Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	5b34d9a6cc	Change cert-manager-controller approve RBAC resource names to ':approve-cert-manager-io' Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	393848ee98	Fix webhook RBAC resource names to use ':subjectaccessreviews' Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	8048034b0e	Adds permissions to approve "issuer.cert-manager.io/", "clusterissuer.cert-manager.io/" signers to the cert-manager-controller ServiceAccount Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	6ef840972c	Change controller options to return a set of enabled controllers, and log enabled controllers on start Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 11:28:01 +00:00
joshvanl	0382c9d8b2	Adds a cert-manager-controller flag to disable controllers, for example, the certificaterequests-approver Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 11:28:01 +00:00
jetstack-bot	a8c75fab1a	Merge pull request #3773 from JoshVanL/certificate-revision-history-limit Certificate revision history limit	2021-03-26 11:13:58 +00:00
jetstack-bot	dffbf391db	Merge pull request #3733 from jakexks/renewBefore Clarify the default values for the renewBefore and duration fields	2021-03-24 10:53:46 +00:00
joshvanl	59ca6ca850	Move CertificateRequest revisionHistoryLimit validation to OpenAPI validation Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-23 15:58:14 +00:00
joshvanl	72904ca2c1	Updates CertificateRequest printColumn with a new Denied column Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	fb54272d17	Adds Approved condition status as additionalPrinterColumn for pretty printing Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
jetstack-bot	fedea03a16	Merge pull request #3774 from JoshVanL/kubectl-get-cr-username Add Requestor to kubectl output, moves Issuer name from wide to default outpt	2021-03-15 18:00:15 +00:00
joshvanl	d2b98828b3	Adds Username to kubectl get output, moves issuer name from wide to default Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-15 16:52:51 +00:00
joshvanl	e6ece1f36b	Updates Issuer CRDs with new ObservedGeneration field Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-15 15:06:22 +00:00
joshvanl	7146f9702d	Adds revisionHistoryLimit field to CRD Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-15 14:54:35 +00:00
jetstack-bot	70c66e02a0	Merge pull request #3641 from JoshVanL/certificate-request-identity CertificateRequest UserInfo fields	2021-03-15 14:26:15 +00:00
jetstack-bot	51340d0c87	Merge pull request #3454 from Kirill-Garbar/chart-bugfix-with-hostNetwork fix bug with hostNetwork false in webhook psp	2021-03-11 19:40:25 +00:00
jetstack-bot	c2634d3538	Merge pull request #3613 from JoshVanL/certificate-condition-observed-generation Certificate condition observed generation	2021-03-08 09:47:45 +00:00
jetstack-bot	75a46ff90b	Merge pull request #3731 from jsoref/spelling Spelling	2021-03-05 13:58:40 +00:00
jetstack-bot	deb55110a2	Merge pull request #3725 from joshuastern/automountServiceAccountToken Add automountServiceAccountToken field to ca service accounts	2021-03-04 18:43:40 +00:00
jetstack-bot	3ff69d0dd6	Merge pull request #3697 from yann-soubeyrand/patch-1 fix: correct permissions on edit aggregate role	2021-03-04 18:08:40 +00:00
Josh Soref	3b957488c3	spelling: will Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-04 13:04:38 -05:00
Josh Soref	7e0119a7d4	spelling: liveness Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-04 13:04:38 -05:00
Jake Sanders	e19a9f3800	Add default duration to duration field doc Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-03-04 17:18:33 +00:00
joshvanl	b3cab7e265	Updates the CRDs with the Certificate Condition observedGeneration field Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-04 17:04:11 +00:00
Jake Sanders	5aedd544d7	Clarify the default value for the renewBefore field Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-03-04 15:37:47 +00:00
Joshua Stern	144368a598	Add automountServiceAccountToken field to ca service accounts Signed-off-by: Joshua Stern <joshua.stern@appian.com>	2021-03-01 18:23:37 -05:00
Yann Soubeyrand	8af2065e74	fix: correct permissions on edit aggregate role Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>	2021-02-22 19:20:54 +01:00
7opf	5dc0eba59d	use port from helm value for service targetPort Signed-off-by: Severin Skillman <sev@skillman.ch>	2021-02-21 12:26:07 +00:00
irbekrm	959e581368	Removes implementation-specific comment from api Co-authored-by: Richard Wall <richard.wall@jetstack.io> Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-02-10 13:29:05 +00:00

1 2 3 4 5 ...

541 Commits