cert-manager

Author	SHA1	Message	Date
joshvanl	c4914f7103	Adds venafi CertificateSigningRequest controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
joshvanl	dcc3ad44b4	Adds CertificateSigningRequest venafi annotations to experimental API Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-07-19 15:50:23 +01:00
jetstack-bot	88e85d0725	Merge pull request #4205 from inteon/kubectl_check_api Add kubectl 'cert-manager check api' command	2021-07-16 14:43:15 +01:00
Inteon	21bc98979e	improved ux Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-16 13:11:40 +02:00
Maël Valais	368c7659ee	gateway-shim: test: two different secrets create two Certificates Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:47 +02:00
Maël Valais	f77954e5e3	gateway-shim: document issuerForIngressLike and translateAnnotations Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-15 20:35:41 +02:00
Maël Valais	30f9c123d3	gateway-shim: add the gateway-shim controller Note that the gateway-shim is only half the work for supporting the Gateway API in cert-manager. The other half is the HTTP01 solver support, which is still worked on. The Gateway API in cert-manager is releases as an experimental feature and needs to be enabled manually with the following flag: --controllers=*,gateway-shim All the annotations supported by ingress-shim are also supported by gateway-shim, with some exceptions: "acme.cert-manager.io/http01-ingress-class" This annotation is not supported on the Gateway resource. Although the Gateway resource also has a "gatewayClass" field, we will need to add another field instead of "ingress-class" to avoid confusion with the ingress-shim. "acme.cert-manager.io/http01-edit-in-place" This annotation is not supported because it is specific to some ingress controllers like ingress-gce. "kubernetes.io/tls-acme" This annotation is not supported because it is a behavior inherited from kube-lego and we chose not to keep this behavior with the Gateway API. Unlike the ingress-shim, you can reuse the same Secret name in multiple TLS configurations on the same Gateway resource. The ingress-shim now shows the exact location of the duplicate secretName when the user gives the same secretName in two separate TLS blocks. Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Jake Sanders <i@am.so-aweso.me>	2021-07-15 20:34:55 +02:00
Inteon	ac7775bdb4	made errors human readable, added unit tests, added check api to e2e, fixed os.Exit(1) Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-15 16:50:31 +02:00
Inteon	5458173739	Add kubectl 'cert-manager check api' command Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-15 16:50:31 +02:00
jetstack-bot	6885bcafaf	Merge pull request #4149 from maelvls/refactor-ingress-shim ingress-shim: untangle logic for "looking for cert owners"	2021-07-14 09:49:28 +01:00
Maël Valais	b13b751d63	PR review with Irbe: re-queue Ingress on "Update" and "Add" of certs Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Irbe Krumina <irbekrm@gmail.com>	2021-07-13 19:06:10 +02:00
Maël Valais	e12173b4c2	ingress-shim: unit-test certificateDeleted, only call on deletion The func certificateDeleted was being called on every possible event (deleted, created, updated). Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:30:01 +02:00
Maël Valais	59051432e3	ingress-shim: remove unused issuer and clusterissuer listers Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:58 +02:00
Maël Valais	c119b64fdf	ingress-shim: I was syncing on Issuers instead of Ingresses Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:50 +02:00
Inteon	cb6030f1d9	add -prune=true & go mod tidy to update-deps.sh Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-10 20:35:41 +02:00
Maël Valais	30ad33784d	ingress-shim: remove unecessary/verbose comment Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 18:27:08 +02:00
Maël Valais	1cb39d1efe	ingress-shim: remove duplicate line Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:43:01 +02:00
Maël Valais	0b12a5cf5f	ingress-shim: explain why the owner ref does not have a namespace Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:42:48 +02:00
Maël Valais	75b9bd6598	ingress-shim: untangle logic for "looking for cert owners" Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-07 13:27:30 +02:00
Maël Valais	e218e12d77	rfc2136 dns01: "the algothrim" -> "algorithm is not supported" Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Ashley Davis <ashley.davis@jetstack.io>	2021-07-06 12:51:01 +02:00
Maël Valais	d31768f61e	cloudflare dns01: consistent err prefix "while querying the Clouflare API..." Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>	2021-07-06 12:51:01 +02:00
Maël Valais	26b074241a	issuing controller test: check w.Register error Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>	2021-07-06 12:51:01 +02:00
Maël Valais	b62e51dc2c	validation: leftmost align and guard statements instead of 'switch' The switch statement was making it a bit harder to read. I also renamed variables to make more sense in the context of this function. Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	d6d9aee9c7	linter party: ineffective 'break', commented "do nothing" instead Signed-off-by: Maël Valais <mael@vls.dev> Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	ee2f22acde	linter party: receiver name should be omitted instead of _ (ST1006) Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	42e65c3694	linter party: duplicate import of k8s.io/api/core/v1 (ST1019) Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	f813cc1ecd	linter party: var 'accountJson' should be 'accountJSON' Signed-off-by: Maël Valais <mael@vls.dev> Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	4e0864ff42	linter party: deadcode, remove 'messageErrorInvalidKeyPair' Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	338a6eb490	linter party: uncapitalize error messages (ST1005) Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	435e7f00ba	linter party: ST1005: replace "Cloudflare" with "the Cloudflare" Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	37bee71d68	static analysis party: fix errcheck warnings Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
jetstack-bot	e7a9ec0dab	Merge pull request #4178 from maelvls/vault-cabundle-base64 vault issuer: specify that the caBundle must be base64-encoded	2021-07-05 20:31:27 +01:00
Maël Valais	98bf0b6478	DataForCertificate: explain what the "current" and "next" CRs are used for Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-05 13:32:32 +02:00
ulrich giraud	b9c9231305	vault issuer: specify that the caBundle must be base64-encoded Signed-off-by: Ulrich GIRAUD <ulrich.giraud@pole-emploi.fr> Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-02 20:54:03 +02:00
jetstack-bot	75d91bcb29	Merge pull request #4103 from JoshVanL/certificate-signing-request=vault CertificateSigningRequest Vault controller	2021-07-02 13:33:37 +01:00
jetstack-bot	08b6fb1a6f	Merge pull request #4147 from thiscantbeserious/issue/4134 Cloudflare: refactor DNS01 challenge to use API for finding the nearest Zone	2021-07-02 10:38:37 +01:00
Simon Sanladerer	f53109642e	Cloudflare: refactor DNS01 challenge to use API for finding the nearest Zone Signed-off-by: Simon Sanladerer <simon@sanladerer.com>	2021-07-01 02:36:46 +02:00
joshvanl	943f9abdb1	Minor comment and error message changes Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-30 18:09:32 +01:00
Inteon	fd20a0584a	Add explicit WithObservedGeneration versions of the Wait and Condition functions Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-06-29 15:48:13 +02:00
joshvanl	67ba2b15da	Updates comment for internal vault client `New` func, that errors should be considered for retrying Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 14:34:49 +01:00
joshvanl	b237b5c222	Changes comment for duration annotation parsing Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 14:34:30 +01:00
Inteon	879108d9e4	deduplicate logic in CertificateHasCondition, WaitForCertificateReady & add WaitForCertificateReadyUpdate for testing Certificate update operations Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-06-29 14:16:30 +02:00
joshvanl	2c217f0377	Remove CA field from Vault CertificateSigningRequest controllers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:50:33 +01:00
joshvanl	d0e7ccd805	Update some CSR comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	f5b609e446	Adds Vault CertificateSigningRequest Issuer controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 09:11:43 +01:00
joshvanl	7e8bf731b2	Remove the `experimental.cert-manager.io/ca` annotation from the CertificateSigningRequest Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-25 16:02:37 +01:00
irbekrm	fd61e1ccc7	Delete 'next' CertificateRequests that failed in last issuance cycle So that the issuance is retried Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 07:28:06 +01:00
irbekrm	feb62b1fe5	Make the back off period const public Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:37:07 +01:00
irbekrm	428c280f76	Pass clock to request manager controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:36:26 +01:00
jetstack-bot	67c8176801	Merge pull request #4106 from JoshVanL/ctl-experimental-create-csr ctl experimental create certificatesigningrequest	2021-06-18 15:44:24 +01:00

1 2 3 4 5 ...

2484 Commits