weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,734 Commits 45 Branches 0 Tags 96 MiB
ff2dfd7b64
Commit Graph

5734 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
joshvanl
ff2dfd7b64 Moves venafi addon into the framework addons package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-19 15:50:23 +01:00
joshvanl
65cec6c212 Wires up Venafi CertificateSigningRequest controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-19 15:50:23 +01:00
joshvanl
c4914f7103 Adds venafi CertificateSigningRequest controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-19 15:50:23 +01:00
joshvanl
dcc3ad44b4 Adds CertificateSigningRequest venafi annotations to experimental API 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-19 15:50:23 +01:00
jetstack-bot
88e85d0725
Merge pull request #4205 from inteon/kubectl_check_api 
Add kubectl 'cert-manager check api' command
 2021-07-16 14:43:15 +01:00
Inteon
21bc98979e
improved ux 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-16 13:11:40 +02:00
jetstack-bot
1b7e706c72
Merge pull request #4158 from maelvls/add-gateway-api-split-controller 
Implement the Gateway API shim ("gateway-shim" controller)
 2021-07-15 21:38:59 +01:00
Maël Valais
368c7659ee gateway-shim: test: two different secrets create two Certificates 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:35:47 +02:00
Maël Valais
073fce8db5 e2e: retry the certificate update due to optimistic locking 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:35:47 +02:00
Maël Valais
e5436df521 gateway-shim: don't crash cert-manager if the Gateway CRD isn't there 
The Gateway CRD has to be installed, meaning that the CRDs may be
installed after cert-manager. We don't want cert-manager to crash in
that case; instead, we let the user know that cert-manager will keep
retrying looking for the CRDs with this message on startup:

  controller.go:181] cert-manager/controller/build-context "msg"="the
  Gateway API CRDs do not seem to be present, cert-manager will keep
  retrying watching for them"

The user then sees the following message printed (using an exponential
back-off):

  reflector.go:167: Failed to watch *v1alpha1.Gateway: failed to list
  *v1alpha1.Gateway: the server could not find the requested resource
  (get gateways.networking.x-k8s.io)

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:35:47 +02:00
Maël Valais
f77954e5e3 gateway-shim: document issuerForIngressLike and translateAnnotations 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:35:41 +02:00
Maël Valais
b5142f84c0 gateway-shim: only discover the gateway api when gateway-shim is enabled 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:35:34 +02:00
Maël Valais
30f9c123d3 gateway-shim: add the gateway-shim controller 
Note that the gateway-shim is only half the work for supporting the
Gateway API in cert-manager. The other half is the HTTP01 solver
support, which is still worked on.

The Gateway API in cert-manager is releases as an experimental feature
and needs to be enabled manually with the following flag:

  --controllers=*,gateway-shim

All the annotations supported by ingress-shim are also supported by
gateway-shim, with some exceptions:

  "acme.cert-manager.io/http01-ingress-class"

This annotation is not supported on the Gateway resource. Although the
Gateway resource also has a "gatewayClass" field, we will need to add
another field instead of "ingress-class" to avoid confusion with the
ingress-shim.

  "acme.cert-manager.io/http01-edit-in-place"

This annotation is not supported because it is specific to some ingress
controllers like ingress-gce.

  "kubernetes.io/tls-acme"

This annotation is not supported because it is a behavior inherited from
kube-lego and we chose not to keep this behavior with the Gateway API.

Unlike the ingress-shim, you can reuse the same Secret name in multiple
TLS configurations on the same Gateway resource.

The ingress-shim now shows the exact location of the duplicate
secretName when the user gives the same secretName in two separate TLS
blocks.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-15 20:34:55 +02:00
Maël Valais
1cd44fa730 gateway-shim: conformance: a cert should get created for a Gateway 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:34:50 +02:00
Maël Valais
a496dd3216 addons: add gateway-api to the addons 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:21:49 +02:00
Inteon
ac7775bdb4
made errors human readable, added unit tests, added check api to e2e, fixed os.Exit(1) 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-15 16:50:31 +02:00
Inteon
5458173739
Add kubectl 'cert-manager check api' command 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-15 16:50:31 +02:00
jetstack-bot
6885bcafaf
Merge pull request #4149 from maelvls/refactor-ingress-shim 
ingress-shim: untangle logic for "looking for cert owners"
 2021-07-14 09:49:28 +01:00
jetstack-bot
c546f5bbd9
Merge pull request #4190 from inteon/helm_labels 
Remove Helm-specific labels & add version label
 2021-07-13 18:27:03 +01:00
Maël Valais
b13b751d63 PR review with Irbe: re-queue Ingress on "Update" and "Add" of certs 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-07-13 19:06:10 +02:00
jetstack-bot
3d54c7e6d2
Merge pull request #4206 from alrs/alrs-fix-acme-err 
test/integration/acme: fix dropped error
 2021-07-13 17:25:03 +01:00
Inteon
c7d92681b8
add comments 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-13 17:58:28 +02:00
jetstack-bot
e3ef37bb6a
Merge pull request #4208 from irbekrm/bump_go 
Bump the version of Go SDK being downloaded
 2021-07-13 16:24:03 +01:00
irbekrm
84419ba85f Bump the version of Go SDK being downloaded 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-13 14:58:51 +01:00
Inteon
0683738458
fix bug & add comment & cleanup 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-13 13:41:37 +02:00
Lars Lehtonen
dccda3b321
test/integration/acme: fix dropped error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2021-07-13 04:39:04 -07:00
jetstack-bot
771c46502a
Merge pull request #4204 from irbekrm/add_kind_target 
Adds a make target to create a test cluster
 2021-07-12 18:02:42 +01:00
irbekrm
57e3418a04 Make the error when a tool not found more obvious 
Also ensure kind is installed before logs are exported

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-12 16:31:40 +01:00
Maël Valais
e12173b4c2 ingress-shim: unit-test certificateDeleted, only call on deletion 
The func certificateDeleted was being called on every possible event
(deleted, created, updated).

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-12 17:30:01 +02:00
Maël Valais
59051432e3 ingress-shim: remove unused issuer and clusterissuer listers 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-12 17:26:58 +02:00
Maël Valais
c119b64fdf ingress-shim: I was syncing on Issuers instead of Ingresses 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-12 17:26:50 +02:00
irbekrm
073f0dd2b8 Extract export_logs func to lib 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-12 15:43:57 +01:00
irbekrm
f7c2f11882 Adds a make target to create a test cluster 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-12 09:50:51 +01:00
irbekrm
017c5a1ff3 Refactors cluster creation in CI 
So that the functionality can be re-used for other tests

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-12 09:38:49 +01:00
Inteon
043bbd283e
remove helm-specific labels & add version label 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-11 17:42:32 +02:00
jetstack-bot
4dfb5add86
Merge pull request #4182 from irbekrm/upgrade_test 
Upgrade test
 2021-07-11 13:45:01 +01:00
jetstack-bot
5bc790efa5
Merge pull request #4202 from inteon/go_mod_2 
Update ginkgo and gomega versions
 2021-07-10 22:54:44 +01:00
jetstack-bot
4c94111096
Merge pull request #4201 from inteon/go_mod 
add -prune=true & go mod tidy to update-deps.sh
 2021-07-10 22:13:44 +01:00
Inteon
b852735a95
upgrade ginkgo & gomega 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-10 20:52:09 +02:00
Inteon
cb6030f1d9
add -prune=true & go mod tidy to update-deps.sh 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-10 20:35:41 +02:00
jetstack-bot
d1b02cd452
Merge pull request #4200 from inteon/vscode_git_crash 
Fix vscode crash
 2021-07-10 19:24:44 +01:00
Inteon
492671507f
fix vscode crash 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-10 00:08:44 +02:00
Maël Valais
30ad33784d ingress-shim: remove unecessary/verbose comment 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-09 18:27:08 +02:00
Maël Valais
1cb39d1efe ingress-shim: remove duplicate line 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-09 17:43:01 +02:00
Maël Valais
0b12a5cf5f ingress-shim: explain why the owner ref does not have a namespace 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-09 17:42:48 +02:00
irbekrm
f03b8daf1d Adds feedback from code review 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-08 10:17:37 +01:00
jetstack-bot
d1c7730e90
Merge pull request #4172 from irbekrm/restrict_api_versions 
Restrict api versions
 2021-07-08 09:39:59 +01:00
irbekrm
160e638c8f Explicitly set webhook match policy to Equivalent 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-08 08:16:48 +01:00
Maël Valais
75b9bd6598 ingress-shim: untangle logic for "looking for cert owners" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-07 13:27:30 +02:00
irbekrm
5a45444b4a Adds a make target 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-07-06 17:22:19 +01:00