weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
592abc4a36
cert-manager/pkg/controller/certificaterequests
History
Maël Valais 76eef68730 serviceAccountRef: the vault issuer can now use bound SA tokens 
Previously, the Vault issuer was only able to use a Secret in order to
use the "Kubernetes authentication" method. The downside to this service
account Secret token is that it has the default JWT iss
"kubernetes/serviceaccount" (along with the fact that the token is not
bound to a particular pod and has no expiry).

With the new serviceAccountRef, cert-manager now requests the token on
behalf of the pod in order to authenticate with Vault.

Signed-off-by: Maël Valais <mael@vls.dev>
2023-02-06 18:28:49 +01:00
..
acme improve gen.CSR and use it everywhere 2022-11-10 09:21:31 +01:00
approver Remove bazel 🎉 2022-07-26 11:38:50 +01:00
ca improve gen.CSR and use it everywhere 2022-11-10 09:21:31 +01:00
fake Remove bazel 🎉 2022-07-26 11:38:50 +01:00
selfsigned avoid logging confusing error messages for external issuers 2023-01-04 12:10:34 +00:00
util Remove bazel 🎉 2022-07-26 11:38:50 +01:00
vault serviceAccountRef: the vault issuer can now use bound SA tokens 2023-02-06 18:28:49 +01:00
venafi improve gen.CSR and use it everywhere 2022-11-10 09:21:31 +01:00
checks.go rename all uses of github.com/jetstack/cert-manager 2022-02-02 09:08:31 +00:00
controller.go Adds extra informer for the CertificateRequest SelfSigned controller, 2022-08-09 08:39:50 +01:00
sync_test.go improve gen.CSR and use it everywhere 2022-11-10 09:21:31 +01:00
sync.go Fire event for informational purposes when the CertificateRequest has not yet been approved. 2022-10-23 18:04:58 +01:00