cert-manager

Author	SHA1	Message	Date
jetstack-bot	50501d2f64	Merge pull request #5824 from irbekrm/controller_partial_metadata Controller partial metadata	2023-04-06 15:38:02 +01:00
irbekrm	7e6f2be820	Fixes goimports Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:29:41 +01:00
irbekrm	8217ff8714	Adds some extra unit tests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	dba18119aa	Ensures that key for an ACME challenge is only retrieved from the ACME server once Thus reducing the number of HTTP01ChallengeResponse/DNS01ChallengeResponse calls Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	202d75ffe6	Updates code comment Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	0964d6d03d	Removes extra GET calls for ACME order resource In cases where a synced Order does not require any processing from this controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-04-05 16:28:14 +01:00
irbekrm	de34694516	Makes some updates to CertificateRequests design The design is out of date in general though Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-27 09:57:44 +01:00
irbekrm	6e294ae359	Certificate-requests controller does not process invalid certificaterequests Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-24 15:38:34 +00:00
irbekrm	f5ea958317	Issuing controller fails issuances for denied/invalid CRs This is not necessarily a breaking change as this appears to have been the current behaviour in most cases due to the race condition that this commit fixes Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-24 15:37:57 +00:00
irbekrm	26563feae1	remove invalid check GVK cannot be reliably checked here, see TODO, this is not expected to cause issues Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	c3bd14ead7	Uses the filtered informer factory if the SecretsFilteredCaching feature is enabled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	7d592a8270	Swap upstream core informers factory with out wrapper This does not actually change how the informers work. This also adds a partial metadata client to root context Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	a7e2abe5fa	Allows secrets event handler predicate to accept partial metadata This will only be needed by the SecretsFilteredCaching feature, but I cannot think of any harm by adding it to general path Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	5d7614ddd4	Passes controller context into all NewController funcs Instead of individual arguments. For readability and consistency. Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Avi Sharma	a62f92e33d	Add testcases for foreground deletion sync Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:53 +05:30
Avi Sharma	e5d9745078	Skip syncing resources deleted via foreground cascading Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>	2023-03-21 15:33:28 +05:30
Maël Valais	76eef68730	serviceAccountRef: the vault issuer can now use bound SA tokens Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-06 18:28:49 +01:00
irbekrm	74b258c3be	Code review feedback Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-02-01 08:53:27 +00:00
irbekrm	7e4dea1c2e	Clarify the error message when secret annotation is missing namespace prefix Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 11:12:31 +00:00
irbekrm	24040c4989	Ensure that updates to injectables are caught Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-31 10:49:56 +00:00
irbekrm	a174f0faa4	Filter injectables that trigger reconciles Only trigger reconciles for events on injectable types that are annotated, not random unrelated resources Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-30 11:27:15 +00:00
irbekrm	7a5c71a1ed	Cleanup, better comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-30 11:26:07 +00:00
jetstack-bot	9f7a4053ab	Merge pull request #5746 from irbekrm/cainjector_remove_duplicate_cache Remove the double cache mechanism for cainjector	2023-01-25 15:05:57 +00:00
irbekrm	3aba8ed32d	Makes cainjector Certificate watch optional Configurable via a flag, true by default Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-24 13:52:45 +00:00
irbekrm	4776597cb4	Remove the double cache mechanism for cainjector Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-23 17:38:46 +00:00
Tim Ramlot	191e7ca305	add (deprecated) stub functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:26:37 +01:00
Tim Ramlot	23de5240e9	move utility functions to reduce fragmentation and rename functions for consistency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:19:39 +01:00
jetstack-bot	1038ca4494	Merge pull request #4502 from ctrought/master support subject and email annotations for ingress/gateway	2023-01-20 14:35:37 +00:00
ctrought	575e3155c2	fix: goimports Signed-off-by: ctrought <k8s@trought.ca>	2023-01-19 14:57:10 -05:00
jetstack-bot	aa7fe1130c	Merge pull request #5660 from irbekrm/certificate_labels Ensures that certificate.spec.secretName and temporary private key Secrets are labelled	2023-01-09 10:57:30 +00:00
irbekrm	5e8fd7dc41	Policy check ensures that cert.sepc.secretName secret gets labelled Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:31:31 +00:00
irbekrm	213949a590	Keymanager controller ensures that temporary private key Secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:30:34 +00:00
irbekrm	c7465fd921	Issuing controller ensures that cert.spec.secretName secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:29:51 +00:00
irbekrm	ff80030737	Log error if CA source is in a namespace that is not in scope cainjector will still watch cluster-scoped resources such as CRDs, so it can get references to Secrets or Certificates in namespaces that are out of scope Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 10:09:36 +00:00
irbekrm	87bef52337	Fix cainjector's namespace flag Ensures that when cainjector has the namespace flag passed, namespaced resource caching is scoped to that namespace Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-05 18:15:19 +00:00
Ashley Davis	0225cc9234	avoid logging confusing error messages for external issuers See https://github.com/cert-manager/cert-manager/issues/5601 When referring to external issuers whose kind is not "Issuer" or "ClusterIssuer" we log an error message thanks to a new check added in a previous PR[1] which should only trigger for SelfSigned issuers. The error previously looked like: ```text "error"="invalid value \"x\" for issuerRef.kind. Must be empty, \"Issuer\" or \"ClusterIssuer\"" ``` After this PR, any CR with an issuer whose group or kind doesn't match what's expected for a built-in issuer will be skipped https://github.com/cert-manager/cert-manager/pull/5336 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io> WIP: test other issuer kinds Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-01-04 12:10:34 +00:00
Sathyanarayanan Saravanamuthu	f719247d2b	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	94fa9eeee6	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	42ae76ae30	Refreshing secrets when the keystore fields change Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
jetstack-bot	6ec8da3366	Merge pull request #5583 from lvyanru8200/uodateGwVerison feature: update gateway api to v1beta1	2022-12-05 14:52:48 +00:00
lv	a13c76d312	feature: update gateway api to v1beta1 Signed-off-by: lvyanru <yanru.lv@daocloud.io> feature: update gateway api to v1beta1 Signed-off-by: lvyanru <1113706590@qq.com>	2022-12-05 14:03:21 +00:00
Martín Montes	f884dac555	Return error when Gateway has a cross-namespace secret ref Signed-off-by: Martín Montes <martin11lrx@gmail.com>	2022-12-01 12:46:33 +01:00
Corey McGalliard	7e6e0940a2	updating to match feedback and adjust the RunAsNonRoot options for http01 solver to be more descriptive Signed-off-by: Corey McGalliard <cmcgalliard@redventures.com>	2022-11-16 11:20:36 -05:00
Tim Ramlot	b999749854	improve gen.CSR and use it everywhere Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-11-10 09:21:31 +01:00
joshvanl	e804431dba	Fire event for informational purposes when the CertificateRequest has not yet been approved. Signed-off-by: joshvanl <me@joshvanl.dev>	2022-10-23 18:04:58 +01:00
jetstack-bot	277bcfc305	Merge pull request #5504 from sathyanarays/nit_fix [NIT] Changing variable name to denote right type	2022-10-14 17:17:30 +01:00
jetstack-bot	da3265115b	Merge pull request #5387 from Tolsto/vault-ca-bundle-secret-ref Add option to load Vault CA bundle from Kubernetes Secret	2022-10-13 09:55:09 +01:00
Sathyanarayanan Saravanamuthu	1bc773cbcf	[NIT] Changing variable name to denote right type Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-12 13:41:23 +05:30
Sathyanarayanan Saravanamuthu	204fa78dd8	[NIT] Changing variable name to denote right type Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-12 13:37:35 +05:30
Sathyanarayanan Saravanamuthu	2969202fe2	Addressing review comments Co-authored-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-11 17:22:38 +05:30

1 2 3 4 5 ...

1348 Commits