weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
1,888 Commits 45 Branches 0 Tags 96 MiB
f7cd0d4ece
Commit Graph

753 Commits

Author SHA1 Message Date
jetstack-bot
22b0863801
Merge pull request #1128 from lrolaz/certificate-ip-sans 
Add IP Address in CSR
 2019-01-31 23:05:25 +00:00
jetstack-bot
e848bcec57
Merge pull request #1191 from chr-fritz/parse-pkcs8 
Adds key parser for PKCS#8 encoded private keys.
 2019-01-31 22:49:26 +00:00
Laurent ROLAZ
ed82465df5 Refactoring 
Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
 2019-01-30 13:04:28 +01:00
jetstack-bot
f27036cc38
Merge pull request #1266 from munnerz/fix-dns01-zone-lookup 
Respect recursive nameservers flag when finding zone for fqdn
 2019-01-28 11:18:50 +00:00
Laurent Rolaz
597cda40af Fix some GO Style 
Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
 2019-01-25 18:50:16 +01:00
Laurent Rolaz
18daea16ae Remove duplicate IPAddressesToString 
Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
 2019-01-25 18:50:16 +01:00
Laurent Rolaz
c5fa202239 Fix some GO Style 
Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com> (+2 squashed commits)
Squashed commits:
[ce6cc2eb] Fix some GO Style

Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
[563b7275] Fix some GO Style

Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
 2019-01-25 18:50:16 +01:00
Laurent Rolaz
531c26061c GO Format 
Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>

Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
 2019-01-25 18:38:12 +01:00
Laurent Rolaz
6dcc408741 Add IP Address in CSR 
Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
 2019-01-25 18:38:12 +01:00
jetstack-bot
14431c7f55
Merge pull request #1265 from DanielMorsing/clientreuse 
Reuse acme clients to limit use of nonce/directory/accounts endpoints
 2019-01-25 00:18:22 +00:00
James Munnelly
948a2cf77c Add more OWNERS files with auto-labels 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-24 19:38:31 +00:00
James Munnelly
e6169f6b13 Respect recursive nameservers flag when finding zone for fqdn 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-24 18:11:53 +00:00
Daniel Morsing
e2123ccbb3 clear acme client cache whenever an acme issuer is changed 
This is a very in-elegant solution to the problem, but it avoids
having to look at other extant issuers and having background processes.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-24 15:41:11 +00:00
Daniel Morsing
19f66c4053 add client repository for acme clients 
In its current state, this will leak acme clients if issuers are
being changed a lot

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-24 14:00:50 +00:00
jetstack-bot
e930bd3ca7
Merge pull request #1244 from DanielMorsing/self-check-errs 
Surface self-check errors in challenge resource
 2019-01-23 14:50:16 +00:00
Daniel Morsing
99c16b77dc fix other test 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-21 13:33:34 +00:00
Daniel Morsing
336e9e353a fix missed test 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-21 13:13:05 +00:00
Daniel Morsing
b0a9b8276c surface self-check errors in challenge resource 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-21 11:49:46 +00:00
jetstack-bot
438d0a6775
Merge pull request #1240 from munnerz/expired-orders-no-cert 
Update order status if state changes while retrieving an existing certificate
 2019-01-18 14:28:23 +00:00
James Munnelly
3d1183a169 Fix nil map panic when writing to an empty existing Secret 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-18 11:16:44 +00:00
James Munnelly
c91833f43a Update order status if state changes will retrieving an existing certificate 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 18:29:55 +00:00
jetstack-bot
1a75d41429
Merge pull request #1226 from munnerz/acme-client-metrics 
Add prometheus metrics for ACME client HTTP requests
 2019-01-17 17:28:02 +00:00
Daniel Morsing
88d811b34c change Check function signature 
This makes the check function into a simple precondition

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 16:45:03 +00:00
jetstack-bot
63562421b8
Merge pull request #1227 from munnerz/use-cached-account-uri 
Use cached ACME account URL when constructing ACME client
 2019-01-17 15:50:01 +00:00
jetstack-bot
e2e2b5998f
Merge pull request #1230 from munnerz/clear-url-on-reverify 
Clear issuer account URL if the directory and account URL's hosts differ
 2019-01-17 15:28:12 +00:00
Daniel Morsing
921f5c6d10 absorb every error from http self-check 
Body read errors are just regular errors, so we can reclassify them
all into absorb errors

Since we only have absorb errors, flip the switch so that all errors
are absorbed. This will make it easier to surface errors into the
controller.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 15:26:13 +00:00
jetstack-bot
d9a3cd0b3f
Merge pull request #1228 from munnerz/retrieve-valid-order 
If an Order is already valid, attempt to retrieve existing certificate
 2019-01-17 15:12:11 +00:00
James Munnelly
425f9c757a Clear issuer account URL if the directory and account URL's hosts differ 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 14:36:33 +00:00
Daniel Morsing
ac5745d8f0 Remove need for provider config in DNS self-check 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 14:25:19 +00:00
Daniel Morsing
dc8a4cb95e Avoid connection leaking 
An empty transport will by default keep connections alive indefinitely.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 14:09:15 +00:00
James Munnelly
e88e4f4406 If an Order is already valid, attempt to retrieve existing certificate 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 13:19:04 +00:00
Daniel Morsing
d374619ba6 thread controller context into self-check 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 13:05:34 +00:00
James Munnelly
4b6351a4f2 🤦 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-17 12:57:19 +00:00
Daniel Morsing
62923a9ba8 don't roundtrip url into strings and back 
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-17 12:46:01 +00:00
James Munnelly
26ef11d2dc Use cached account URI on Issuer resource when constructing ACME client 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-16 23:48:19 +00:00
James Munnelly
804d328b14 Add prometheus metrics for ACME client HTTP requests 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-16 23:05:53 +00:00
Daniel Morsing
f72b59bee1 Disable TLS verification when self-checking 
Fixes #949

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-16 13:39:27 +00:00
James Munnelly
7fd1c2a0e3 Fix issuing a certificate into a pre-existing secret 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-15 14:44:11 +00:00
Christian Fritz
96ae76b89d
Adds key parser for PKCS#8 encoded private keys. 
Signed-off-by: Christian Fritz <christian.fritz@qaware.de>
 2019-01-14 08:46:52 +01:00
jetstack-bot
5f96b378e6
Merge pull request #1184 from tlmiller/feature/authnss 
Control authoritative dns01 server check.
 2019-01-12 15:25:07 +00:00
Thomas Miller
dacd0b45cb Control authoritative dns01 server check. 
Adds cmd flag for controlling if authoritative dns servers are used to
check RR propagation or just normal resolvers.

This change is added so that constrained enviornments can control more
aspects of DNS queries performed.

- Applying PR feedback

Signed-off-by: Thomas Miller <thomas@tlm.id.au>
 2019-01-12 20:17:28 +10:00
jetstack-bot
2fc68d9b33
Merge pull request #1197 from munnerz/acme-retain-challenges 
Retain Challenge resources for debugging if an Order enters an invalid state
 2019-01-11 17:22:11 +00:00
jetstack-bot
c512319bfb
Merge pull request #1188 from kragniz/controller-namespace 
Add --namespace flag
 2019-01-11 15:14:11 +00:00
James Munnelly
b1df71dd66 Retain Challenge resources for debugging if an Order enters an invalid state 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-11 14:04:23 +00:00
James Munnelly
21c7b2e13f Increase ACME control loop max back-off. Increase create order back-off to 1h. Fire Event when Order fails. 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-01-10 22:07:48 +00:00
jetstack-bot
95f63313a9
Merge pull request #1192 from DanielMorsing/add-reason 
Add reason when an order/challenge gets marked invalid
 2019-01-10 15:25:23 +00:00
Daniel Morsing
cc946c0b45 Populate reason field regardless 
If we have an error, then tell people about it.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-10 14:54:43 +00:00
Daniel Morsing
1b921b1583 remove more strict validation 
Turns out the ACME server can respond with different codes than the ones listed

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-10 14:35:30 +00:00
Daniel Morsing
ba240bbe4e Add reason when an order/challenge gets marked invalid 
When an ACME server tells us that a challenge or an order is invalid, it's helpful to get some information on why that's the case. Populate the reason field with the error information so that these issues can be more easily debugged.

Signed-off-by: Daniel Morsing <dmo@jetstack.io>
 2019-01-10 14:05:15 +00:00
Louis Taylor
40b68a3e10 Fix more references to clusterIssuer 
Signed-off-by: Louis Taylor <louis@kragniz.eu>
 2019-01-10 13:52:52 +00:00