weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,636 Commits 45 Branches 0 Tags 96 MiB
f4e5203f1c
Commit Graph

190 Commits

Author SHA1 Message Date
Rohith
712a7a85ee Configurable ACME Annotation 
- adds a option command line (default to the current behavour) which allows the user to control the acme annotation used by the shim controller
- a current mitgration requires use to run multiple providers at the same

Signed-off-by: Rohith Jayawardene <gambol99@gmail.com>
 2018-11-06 12:09:18 +00:00
James Munnelly
ad0971288e Run update-gofmt 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-11-06 11:10:21 +00:00
James Munnelly
de7d79b7e6 Schedule certificate renewal at the end of Certificate Sync function 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-29 14:27:16 +00:00
Cosmin Cojocar
5d36fba075 Add a flag which controls whether the certificate is configured as an owner of the secret where the effective TLS certificate is stored 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2018-10-28 19:55:26 +01:00
Cosmin Cojocar
32cf3242cc Set the certificate as an owner of the secret 
In this way, the secret will be garbage collected when a certificate is deleted.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2018-10-28 18:44:33 +01:00
jetstack-bot
2f83424d4d
Merge pull request #1009 from munnerz/simpl-crt-controller 
Simplify certificate controller cert validity checks
 2018-10-26 12:43:34 +01:00
Sergej Nikolaev
f2add649e7 add certmanager.k8s.io/acme-http01-ingress-class annotation 
Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
 2018-10-25 22:14:08 +03:00
James Munnelly
ee6e0d3325 Resolve golint errors in certificates controller 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-25 18:57:54 +01:00
James Munnelly
8dd548d59b Simplify Certificate controller cert validity checks 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-25 18:57:40 +01:00
James Munnelly
0478694963 Update workqueue rate limiters on issuers and ingress-shim controllers 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-23 00:09:42 +01:00
James Munnelly
01bc1fd51a Update acmechallenges unit tests 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 23:37:00 +01:00
James Munnelly
6e32738f22 Handle WaitAuthorization failing properly 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-15 14:15:21 +01:00
James Munnelly
454d420dc0 Run //hack:update-bazel 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-13 23:36:34 +01:00
James Munnelly
d7f21fd59e Refactor acmechallenges unit test fixture construction 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-13 23:36:33 +01:00
James Munnelly
039a086f58 run //hack:update-bazel 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:40 +01:00
James Munnelly
eadbbc85c5 Add missing boilerplate headers 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:39 +01:00
James Munnelly
d323a1df0d Add unit tests for acmeorders and acmechallenges 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:39 +01:00
James Munnelly
9214615d6e Fix race issues in ACME issue function. Add extended unit tests. 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:39 +01:00
James Munnelly
847d0c6152 Refactor controllers to return Response structures 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:38 +01:00
James Munnelly
5482ece3f5 Update unit test framework to support actions and required reactors 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:38 +01:00
James Munnelly
967a48e1dc Add ACME Order & Challenge controllers 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:38 +01:00
James Munnelly
f8b1e653f3 Refactor ACME Issuer to create and manage Order resources 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-10-12 12:40:37 +01:00
jetstack-bot
5ea95b6cc1
Merge pull request #923 from arnoldbechtoldt/issue892 
make http01 solver pod resource request/limits configurable, refs #892
 2018-10-10 13:06:11 +01:00
Arnold Bechtoldt
845eb7f57c make http01 solver pod resource request/limits configurable, refs #892 
Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>
 2018-09-26 14:39:06 +02:00
Max Ehrlich
ab450c7463
Set the CA field if a non-nil ca cert is passed 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-13 17:07:15 -04:00
Max Ehrlich
e347572541
Change key name constant to better match its function 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-13 17:07:14 -04:00
Max Ehrlich
2524335f3a
Set the "ca.crt" field for certificates issued with isCA so that nginx can properly identify them for client authentication 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-09-13 17:07:13 -04:00
James Munnelly
48ecee9cfb run //hack:update-gofmt 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-09-13 11:25:04 +01:00
James Munnelly
db65d6a170 run //hack:update-bazel 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-09-13 11:24:48 +01:00
James Munnelly
a48b60581b Run gofmt with go 1.11 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2018-09-08 03:19:00 +01:00
James Munnelly
51195e4c5f Update license header and add header to every file 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 15:53:37 +01:00
James Munnelly
fa0bc9998e Add RenewBeforeDuration option to controller context 2018-08-08 13:34:30 +01:00
James Munnelly
3a69dd1cbf Update unit test fixture to produce mock Contexts 2018-08-07 16:13:46 +01:00
James Munnelly
a46774fe44 Update Issuers controller 2018-08-07 16:13:46 +01:00
James Munnelly
59880abd43 Update ClusterIssuer controller 2018-08-07 16:13:46 +01:00
James Munnelly
9cc07eefe5 Update Certificate controller 2018-08-07 16:13:46 +01:00
James Munnelly
9dc20d3c35 Remove dedicated issuer context and move issuer registration into controller pkg 2018-08-07 16:13:46 +01:00
James Munnelly
7346240830 Update codebase for refactored API type names 2018-08-07 14:16:53 +01:00
Louis Taylor
c5cf376c5e
Run ValidateCertificateForIssuer during sync 2018-07-25 15:45:37 +01:00
Louis Taylor
d60f4b447e
Apply cert name label to created secrets 2018-07-06 18:02:13 +01:00
jetstack-bot
e7a2a0c618
Merge pull request #686 from kragniz/acme-config-update 
Update spec.acme.config field when ingress changes
 2018-06-29 10:11:06 +01:00
James Munnelly
86685369aa Add test for a non-acme certificate being appropriately updated 2018-06-29 09:46:04 +01:00
Louis Taylor
25311a57c5
Add better check for nil spec.acme 2018-06-27 14:37:53 +01:00
Louis Taylor
bc9181a925
Update spec.acme.config field when ingress changes 
Fixes #619.
 2018-06-27 10:52:00 +01:00
James Munnelly
951b72bba0 Add basic resource validation at start of sync loops 2018-06-26 14:59:48 +01:00
James Munnelly
592bfc7edc issuers: Skip triggering API update if status has not changed 2018-06-18 01:55:45 +01:00
Vincent Desjardins
b35343786e Vault issuer support 
vault remove duration
 2018-05-02 00:45:55 +00:00
James Munnelly
e2a2e32e28 Fix ingress-shim tests 2018-04-26 12:44:41 +01:00
James Munnelly
fdb8f2bf40 Link ingress-shim into main controller binary 2018-04-26 12:44:40 +01:00
James Munnelly
acd927dd41 Use rate limiter when queueing (Cluster)Issuers 2018-04-12 16:51:02 +01:00
James Munnelly
1975c524b9 Call AddRateLimited in QueuingEventHandler 2018-04-12 15:23:27 +01:00
Maxim Ivanov
8cbb75f9ba Fix error formatting 2018-04-10 15:46:43 +01:00
James Munnelly
43373cd766 Adjust exponential backoff base value 2018-04-10 01:50:44 +01:00
James Munnelly
b9813b13db Requeue Certificate if target secret is deleted 2018-04-10 01:31:09 +01:00
James Munnelly
add2c76923 Don't trigger resync if ingresses or secrets change 2018-04-10 01:27:18 +01:00
James Munnelly
c05d255675 Use AddRateLimited for the scheduled work queue 2018-04-10 01:05:37 +01:00
James Munnelly
1d52cbeec7 Remove unused strings and standardise event reasons 2018-04-09 21:26:38 +01:00
James Munnelly
d197817fa7 Improve error reporting and use of status conditions 2018-04-09 21:17:51 +01:00
James Munnelly
47465d645b Use item based exponential backoff rate limiter 2018-04-09 18:33:36 +01:00
James Munnelly
32cab11676 Fix rebase issues 2018-04-09 17:18:34 +01:00
James Munnelly
b934852775 Merge branch 'master' into acmev2 2018-04-09 16:52:34 +01:00
jetstack-bot
8d80bb7492
Merge pull request #433 from kragniz/remove-namespace-flag 
Remove --namespace flag
 2018-04-09 11:14:25 +01:00
Louis Taylor
0961e24174
Remove namespace from more places 2018-04-06 11:20:24 +01:00
James Munnelly
f2ddd1d111 Change DNSNames/CommonNameForCertificate function to not return an error 2018-04-04 23:37:37 +01:00
James Munnelly
da0d45e3f4 Use DialContext in ACMEClient round tripper 2018-04-04 12:30:33 +01:00
James Munnelly
02f1b37caf Add correct HasSynced func 2018-03-23 18:50:46 +00:00
James Munnelly
649fdecdd2 Add comment explaining new HasSynced usages 2018-03-23 18:50:46 +00:00
James Munnelly
0a7cefecf4 Call Pod & Service lister HasSynced method in Cert controller construction 2018-03-23 18:50:46 +00:00
Louis Taylor
545bd9104a
Add comment 2018-03-23 12:21:37 +00:00
Louis Taylor
1669611908
Use defaulting functions 
And also move annotation keys to v1alpha1
 2018-03-12 21:06:23 +00:00
Louis Taylor
f6210c12c6
Annotate created secrets with cert information 2018-03-12 15:06:50 +00:00
jetstack-ci-bot
ce9e5ede2b
Merge pull request #351 from jonboulle/master 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix various typos in spelling of Certificate
 2018-03-12 10:14:09 +00:00
Jonathan Boulle
526d31bbc0 Fix various typos in spelling of Certificate 2018-02-26 20:07:06 +01:00
jetstack-ci-bot
7533e0e329
Merge pull request #332 from munnerz/err-prefixed-events 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Rename Event types to be prefixed 'Err' instead of 'Error' for brevity

**What this PR does / why we need it**:

Shortens the event type names we use to be prefixed 'Err' instead of 'Error'

**Special notes for your reviewer**:

This brings us in-line with the issuer and cluster issuer controllers, and other controllers in Kubernetes.

**Release note**:
```release-note
Rename Event types to be prefixed 'Err' instead of 'Error' for brevity
```
 2018-02-22 10:21:22 +00:00
James Munnelly
ce0384a196 Rename Event types to be prefixed 'Err' instead of 'Error' for brevity 2018-02-22 07:53:51 +00:00
James Munnelly
70e7c5265b Make existing TLS certificate check emit a Normal event instead of Warning when the existing certificate is invalid 2018-02-22 07:48:58 +00:00
James Munnelly
514f9e9b3d Update third_party import paths 2018-01-15 22:07:51 +00:00
James Munnelly
76559f737f Update Secrets instead of replacing to preserve additional metadata 2017-12-01 23:48:05 +00:00
James Munnelly
a5b954658c Fix panic in certificates controller 2017-11-04 00:27:22 +00:00
James Munnelly
6ac437699d Improve validation of certificates. Fix bug in checking certificate validity 2017-11-03 23:48:18 +00:00
James Munnelly
fa7e052ac1 Move to github.com/jetstack/cert-manager repo 2017-11-03 16:41:39 +00:00
James Munnelly
eb4be6859e Update controllers and issuers for new SharedInformerFactory 2017-11-03 15:26:19 +00:00
James Munnelly
f35ab04670 Fix imports in tests 2017-11-03 14:56:30 +00:00
James Munnelly
7875268247 Fix imports 2017-11-03 14:48:41 +00:00
James Munnelly
b3a2fb9419 Set TLS certificate secret type to type 2017-10-27 16:20:45 +01:00
James Munnelly
14cf0d495f Consistent use of glog 2017-10-16 14:50:27 +01:00
James Munnelly
dc5929ce29 Fix Issuer sync_test.go 2017-10-16 13:38:53 +01:00
James Munnelly
59e2af767a Perform Issuer/ClusterIssuer status updates in controller 2017-10-16 12:59:46 +01:00
James Munnelly
9d933d9e11 Only update certificate status in the controller package to stop conflicts 2017-10-13 20:15:29 +01:00
James Munnelly
939534d5b0 Merge pull request #112 from jetstack-experimental/update-issuer-secret-change 
Trigger CA Issuer re-sync when signing keypair changes
 2017-10-13 14:31:35 +01:00
James Munnelly
d7009fbfa8 Correctly check if certificate is valid when only dnsNames are specified 2017-10-13 13:32:10 +01:00
James Munnelly
8c6457e7b7 Trigger CA Issuer re-sync when signing keypair changes 2017-10-13 13:20:03 +01:00
James Munnelly
f8107e6fcc Use CommonName and AltNames fields on Certificate resource 2017-10-13 12:50:07 +01:00
James Munnelly
185058815e Fix controller checks for new API schema 2017-10-13 12:09:04 +01:00
James Munnelly
7b30b80dc5 Update ClusterIssuer to use 'kind' field instead of 'namespace' 2017-10-12 20:06:29 +01:00
James Munnelly
cd4b482410 Check Secret namespace in ClusterIssuer checks. Add TODO. 2017-09-22 09:52:09 +01:00
James Munnelly
65366e986c Add ClusterIssuer e2e tests. Fix e2e tests. 2017-09-22 09:38:59 +01:00
James Munnelly
dc608f709d Support Certificates referencing ClusterIssuers 2017-09-22 01:46:05 +01:00
James Munnelly
852e250a69 Add clusterissuer controller 2017-09-22 00:10:42 +01:00
James Munnelly
7c425ee86f Switch issuer implementations to use GenericIssuer 2017-09-21 23:27:41 +01:00