weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,050 Commits 45 Branches 0 Tags 96 MiB
fcf812c654
Commit Graph

1050 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Munnelly
fcf812c654 Add OWNERS files to auto-label PRs. Mark apis directory as requiring a review by @munnerz. 2018-07-26 13:01:58 +01:00
jetstack-bot
317e6e829c
Merge pull request #761 from kragniz/runtime-validation 
Add base of issuer-specific validation to certificates at runtime
 2018-07-26 11:20:29 +01:00
Louis Taylor
791488e2ed
Better test coverage 2018-07-26 10:50:28 +01:00
jetstack-bot
4216a4fba4
Merge pull request #764 from munnerz/fix-valid-orders 
Wait for ACME Orders to be in 'ready' state before attempting finalization
 2018-07-25 21:10:49 +01:00
James Munnelly
441c22c119 Fix skipping chart validation for pebble and vault 2018-07-25 18:45:24 +01:00
James Munnelly
dbe01c2068 Update pebble to latest in e2e tests 2018-07-25 18:23:02 +01:00
James Munnelly
686e9159e5 Wait for ACME Orders to be in 'ready' state before attempting finalization 2018-07-25 18:05:45 +01:00
Louis Taylor
474c8ed27f
Add extra testcase 2018-07-25 17:41:05 +01:00
jetstack-bot
ad32ab3b0b
Merge pull request #759 from kragniz/wildcard-dns01 
Add note about http01 and wildcard certificates to docs
 2018-07-25 17:40:40 +01:00
Louis Taylor
db5383051e
Remove duplicated check 2018-07-25 15:55:19 +01:00
Louis Taylor
c5cf376c5e
Run ValidateCertificateForIssuer during sync 2018-07-25 15:45:37 +01:00
Louis Taylor
d23bad8c2f
nameForIssuer -> NameForIssuer 2018-07-25 15:45:13 +01:00
Louis Taylor
aa60a41591
Add tests 2018-07-25 15:44:25 +01:00
Louis Taylor
cdae8cbce8
Add base issuer validation 2018-07-25 15:44:06 +01:00
Louis Taylor
99c1d4271f
Add note about http01 and wildcard certificates 
Fixes #757.
 2018-07-25 11:30:53 +01:00
jetstack-bot
f3bea02c62
Merge pull request #754 from kragniz/clouddns-fqdn-2 
clouddns: use fqdn for challenge cleanup
 2018-07-24 12:03:48 +01:00
jetstack-bot
d4c52d7229
Merge pull request #748 from stealthybox/patch-1 
Document project field for Google CloudDNS provider
 2018-07-24 11:17:10 +01:00
leigh schrandt
39e071aa7a Document project field for Google CloudDNS provider 
👋
 2018-07-24 00:05:35 -07:00
Louis Taylor
bcf135c7ae
clouddns: use fqdn for challenge cleanup 
This is the same as the problem fixed in #750, but for cleanup.
 2018-07-22 20:17:11 +01:00
jetstack-bot
398e1560a3
Merge pull request #670 from gurvindersingh/master 
add support CNAME for dns-01 challenge
 2018-07-20 19:36:06 +01:00
jetstack-bot
b15a18be98
Merge pull request #746 from euank/route53-invalid-change-batch 
issuer/route53: fix delete for 'NotExist' errors
 2018-07-20 18:36:59 +01:00
Euan Kemp
ea84532a5c issuer/route53: log ignored InvalidChangeBatch err 2018-07-20 10:10:02 -07:00
jetstack-bot
cbb09ebb52
Merge pull request #750 from kragniz/clouddns-fqdn 
clouddns: find hosted zone for challenge record
 2018-07-20 17:31:37 +01:00
Louis Taylor
082f815773
clouddns: find hosted zone for challenge record 
Previously this would fail if you use a CNAME for the _acme-challenge
record.
 2018-07-20 16:53:12 +01:00
jetstack-bot
2607c242dc
Merge pull request #744 from kragniz/add-e2e-certificate-validation-rebase 
Add e2e test to ensure changing dnsNames on an ACME certificate triggers a re-issue
 2018-07-20 12:48:58 +01:00
Louis Taylor
24f581376d
Don't return err if secret is absent 2018-07-20 11:11:33 +01:00
Louis Taylor
65b891da29
Remove yoda condition 2018-07-20 11:08:19 +01:00
jetstack-bot
4157139e27
Merge pull request #747 from euank/dep-version 
hack/verify: also include 'dep version' output
 2018-07-19 20:12:53 +01:00
Euan Kemp
efb339bac5 Gopkg: fix inputs digest 2018-07-19 11:24:12 -07:00
Euan Kemp
69829277ac hack/verify: also include 'dep version' output 
If "dep status" fails on CI, it's useful to know what version of dep is
being used to locally reproduce and examine the issue.
 2018-07-19 11:12:42 -07:00
Euan Kemp
15d497b4ca issuer/route53: fix delete for 'NotExist' errors 
Fixes #736.

Prior to this change, it was quite possible to end up with a queue of
cleanup tasks that would never succeed.
 2018-07-19 10:20:27 -07:00
Louis Taylor
502e9d2bfb
Increase timeout 2018-07-19 17:42:01 +01:00
Louis Taylor
e5e5362e2a
Fix nil panic 2018-07-19 16:37:21 +01:00
Louis Taylor
4601c95557
Use new WaitCertificateIssuedValid everywhere 2018-07-19 16:26:15 +01:00
Louis Taylor
8e9171adbf
Check for labels on created secret 2018-07-19 16:11:12 +01:00
Louis Taylor
5f0c5f21fb
Increase http01 self-check timeout 2018-07-19 15:48:21 +01:00
James Munnelly
5a102fb5f6
Add e2e test to ensure changing dnsNames on an ACME certificate triggers a re-issue 2018-07-19 13:36:15 +01:00
jetstack-bot
840f9de7d9
Merge pull request #734 from timuthy/master 
Improve ACME DNS validation tutorial
 2018-07-19 10:25:41 +01:00
jetstack-bot
6348c6ffca
Merge pull request #722 from autonomic-ai/support-ec-keys 
Add keyAlgorithm and keySize fields to Certificates, and support ECDSA keys
 2018-07-18 10:00:36 +01:00
Afolabi Badmos
445e522432 Add support for EC keys 
- This PR adds two fields to CertificateSpec:
  - `keyAlgorithm`, denotes which algorithm to use when generating
    a private key. Can be either `rsa` or `ecdsa`. When not set, the
    default algorithm used `rsa`.
  - `keySize`, denotes the key size of the private key being generated.
    For `rsa`, minimum key size is 2048 and maximum is 8192.
    For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
    See https://golang.org/pkg/crypto/elliptic

- `keySize` can be set without being explicit about `keyAlgorithm`.
  - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
    be used as the key algorithm.

- `keyAlgorithm` can be set without being explicit about `keySize`.
  - If `keyAlgorithm` is specified and `keySize` is not provided, key size
    key size of `256` will be used for `ecdsa` key algorithm and
    key size of `2048` will be used for `rsa` key algorithm.

- helper functions in `pki` package now return crypto.PrivateKey
 2018-07-17 12:42:07 -04:00
Tim Usner
fa6f1bde12
Fix broken link for SAN 2018-07-17 13:04:23 +02:00
Tim Usner
92cb56746d
Add *.example.com to SAN 
*.example.com is set as Common Name and thus part of SANs.
 2018-07-17 13:02:27 +02:00
jetstack-bot
c1b34376fd
Merge pull request #726 from munnerz/selfsigned-link 
Add link to selfsigned issuer docs
 2018-07-12 18:21:30 +01:00
James Munnelly
c8ad744392 Add link to selfsigned issuer docs 2018-07-12 18:17:40 +01:00
jetstack-bot
caae0cc48a
Merge pull request #717 from kragniz/disable-ingress-shim 
Add --controllers flag to set which controllers are run
 2018-07-12 15:49:13 +01:00
Louis Taylor
58d71216c3
Change flag to list of controllers to enable 2018-07-12 10:27:49 +01:00
Louis Taylor
969c4530a0
Add Contains util function 2018-07-12 10:27:05 +01:00
Louis Taylor
fd48a2e360
Add option for disabling ingress-shim 
This adds a new flag, which can be used to disable running the
ingress-shim controller:

     --enable-ingress-shim=false
 2018-07-12 10:27:05 +01:00
jetstack-bot
a162a5bb8e
Merge pull request #612 from vdesjardins/custom-approle-path 
Vault: configurable appRole authentication path
 2018-07-11 17:53:33 +01:00
jetstack-bot
c08cd80730
Merge pull request #622 from munnerz/istio-annotation 
Add auth.istio.io annotation to ACME HTTP01 service
 2018-07-11 17:18:33 +01:00