weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,077 Commits 45 Branches 0 Tags 96 MiB
f4170cbbf0
Commit Graph

272 Commits

Author SHA1 Message Date
James Munnelly
f4170cbbf0 Update http01 challenge solver 2018-08-07 16:13:46 +01:00
James Munnelly
370a7a1460 Update DNS01 solver 2018-08-07 16:13:46 +01:00
James Munnelly
2fcbee05b7 Update ACME issuer 2018-08-07 16:13:46 +01:00
James Munnelly
e9285c6bdb Update selfsigned issuer 2018-08-07 16:13:46 +01:00
James Munnelly
3f325d1659 Update CA issuer 2018-08-07 16:13:46 +01:00
James Munnelly
7ee345f88c Update Vault issuer 2018-08-07 16:13:46 +01:00
James Munnelly
9dc20d3c35 Remove dedicated issuer context and move issuer registration into controller pkg 2018-08-07 16:13:46 +01:00
James Munnelly
36f9f356cd Refactor ACME client construction into dedicated ACME package 2018-08-07 15:22:53 +01:00
James Munnelly
7346240830 Update codebase for refactored API type names 2018-08-07 14:16:53 +01:00
James Munnelly
fcf812c654 Add OWNERS files to auto-label PRs. Mark apis directory as requiring a review by @munnerz. 2018-07-26 13:01:58 +01:00
jetstack-bot
317e6e829c
Merge pull request #761 from kragniz/runtime-validation 
Add base of issuer-specific validation to certificates at runtime
 2018-07-26 11:20:29 +01:00
James Munnelly
686e9159e5 Wait for ACME Orders to be in 'ready' state before attempting finalization 2018-07-25 18:05:45 +01:00
Louis Taylor
d23bad8c2f
nameForIssuer -> NameForIssuer 2018-07-25 15:45:13 +01:00
Louis Taylor
bcf135c7ae
clouddns: use fqdn for challenge cleanup 
This is the same as the problem fixed in #750, but for cleanup.
 2018-07-22 20:17:11 +01:00
jetstack-bot
398e1560a3
Merge pull request #670 from gurvindersingh/master 
add support CNAME for dns-01 challenge
 2018-07-20 19:36:06 +01:00
jetstack-bot
b15a18be98
Merge pull request #746 from euank/route53-invalid-change-batch 
issuer/route53: fix delete for 'NotExist' errors
 2018-07-20 18:36:59 +01:00
Euan Kemp
ea84532a5c issuer/route53: log ignored InvalidChangeBatch err 2018-07-20 10:10:02 -07:00
Louis Taylor
082f815773
clouddns: find hosted zone for challenge record 
Previously this would fail if you use a CNAME for the _acme-challenge
record.
 2018-07-20 16:53:12 +01:00
Euan Kemp
15d497b4ca issuer/route53: fix delete for 'NotExist' errors 
Fixes #736.

Prior to this change, it was quite possible to end up with a queue of
cleanup tasks that would never succeed.
 2018-07-19 10:20:27 -07:00
jetstack-bot
6348c6ffca
Merge pull request #722 from autonomic-ai/support-ec-keys 
Add keyAlgorithm and keySize fields to Certificates, and support ECDSA keys
 2018-07-18 10:00:36 +01:00
Afolabi Badmos
445e522432 Add support for EC keys 
- This PR adds two fields to CertificateSpec:
  - `keyAlgorithm`, denotes which algorithm to use when generating
    a private key. Can be either `rsa` or `ecdsa`. When not set, the
    default algorithm used `rsa`.
  - `keySize`, denotes the key size of the private key being generated.
    For `rsa`, minimum key size is 2048 and maximum is 8192.
    For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
    See https://golang.org/pkg/crypto/elliptic

- `keySize` can be set without being explicit about `keyAlgorithm`.
  - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
    be used as the key algorithm.

- `keyAlgorithm` can be set without being explicit about `keySize`.
  - If `keyAlgorithm` is specified and `keySize` is not provided, key size
    key size of `256` will be used for `ecdsa` key algorithm and
    key size of `2048` will be used for `rsa` key algorithm.

- helper functions in `pki` package now return crypto.PrivateKey
 2018-07-17 12:42:07 -04:00
jetstack-bot
a162a5bb8e
Merge pull request #612 from vdesjardins/custom-approle-path 
Vault: configurable appRole authentication path
 2018-07-11 17:53:33 +01:00
jetstack-bot
c08cd80730
Merge pull request #622 from munnerz/istio-annotation 
Add auth.istio.io annotation to ACME HTTP01 service
 2018-07-11 17:18:33 +01:00
Vincent Desjardins
7fae0fccf1 code review fixes 2018-07-11 16:00:39 +00:00
Vincent Desjardins
ca3b909cb7 code review modifications 2018-07-11 16:00:39 +00:00
Vincent Desjardins
2995cc90a3 Vault: configurable appRole authentication path 2018-07-11 16:00:39 +00:00
jetstack-bot
bd7f15d5f4
Merge pull request #710 from kragniz/dns-flag 
Add flag for setting nameservers for DNS01 check
 2018-07-11 14:26:33 +01:00
Gustav Westling
641b497242 route53: update managed by DNS record comment 2018-07-08 12:09:00 +02:00
Louis Taylor
cbc61ef7f9
Fix tests 2018-07-05 12:41:33 +01:00
Louis Taylor
3eaca6a318
Add flag for custom dns01 nameservers 2018-07-05 12:40:53 +01:00
André Cruz
936e2b98ee Support the new "ready" order status 2018-07-03 15:31:14 +01:00
James Munnelly
bbb65baa38 Run go fmt 2018-06-26 01:24:52 +01:00
Guilherme Blanco
8d69e1e811 Added annotation to pod to prevent istio-sidecar-injector to add an envoy-proxy 2018-06-26 01:24:52 +01:00
James Munnelly
65b6ae2643 Add auth.istio.io annotation to ACME HTTP01 service 2018-06-26 01:24:52 +01:00
James Munnelly
fe5e748170 Don't return invalid/expired orders in shouldAttemptValidation 2018-06-25 10:46:10 +01:00
Gurvinder Singh
bfde429b8e add support CNAME for dns-01 challenge 
Domain for which certificate is asked for can have a CNAME, so we should check it.
If domain has a CNAME, create the challange TXT record in the alias domain.

This is useful in the scenario where a company like us is using some DNS provider
which is not supported dynamically. We can then create a CNAME for records like

_acme-challenge.example.com -> example.aws.hosted.com

So this will allow us getting cert for *.example.com with creating txt record in route53 for above exxample.
 2018-06-21 21:48:16 +02:00
jetstack-bot
61729fb96a
Merge pull request #637 from munnerz/selfsigned 
Add self signed Issuer type
 2018-06-15 14:31:33 +01:00
jetstack-bot
cb107f3b89
Merge pull request #652 from euank/r53-owner 
issuer/dns/route53: add myself as owner
 2018-06-14 12:32:36 +01:00
jetstack-bot
12d603f511
Merge pull request #629 from groner/check-acme-issuer-challenge-type 
Check the acme issuer has the challenge type configured.
 2018-06-14 11:54:37 +01:00
Euan Kemp
27b5e49732 issuer/dns/route53: add myself as owner 2018-06-12 18:32:49 -07:00
jetstack-bot
df4b493b38
Merge pull request #582 from ThatWasBrilliant/master 
FindZoneByFqdn fixes from lego
 2018-06-12 16:25:41 +01:00
James Munnelly
00e558a9e7 Fix package naming 2018-06-08 17:49:26 +01:00
James Munnelly
6cfdc62f6b Add self signed Issuer type 2018-06-08 15:48:30 +01:00
James Munnelly
1fd8cdf13e Create common GenerateCSR and GenerateTemplate methods for creating Certificate/CertificateRequest 2018-06-08 15:15:27 +01:00
Kai Groner
b7a8c4c623 Check the acme issuer has the challenge type configured. 2018-06-06 10:19:22 -04:00
jetstack-bot
3cafdd9401
Merge pull request #598 from euank/log-namespaces 
issuer/acme/*: log namespaces for resources
 2018-06-06 09:52:53 +01:00
jetstack-bot
c61f392163
Merge pull request #555 from paultiplady/debug/gcloud-errors 
Improve logs for CloudDNS service account errors
 2018-06-06 01:40:39 +01:00
Euan Kemp
a09e9037de issuer/acme/http: log namespaces for resources 
It's useful to know what namespace is being operated on, so log
namespaces all over the place!
 2018-05-30 20:10:17 -07:00
Euan Kemp
09a5846412 issuer/acme/http: remove unused test code 
¯\_(ツ)_/¯
 2018-05-30 20:03:00 -07:00
Euan Kemp
36b57ba475 issuer/acme/dns: log namespace for secret errors 
If we can't find the secret, the user should probably also know what
namespace we looked in.

xref #540 for a case where this might help with debugging
 2018-05-30 20:00:21 -07:00