weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
706ad574b9
cert-manager/pkg/controller
History
Maël Valais 76eef68730 serviceAccountRef: the vault issuer can now use bound SA tokens 
Previously, the Vault issuer was only able to use a Secret in order to
use the "Kubernetes authentication" method. The downside to this service
account Secret token is that it has the default JWT iss
"kubernetes/serviceaccount" (along with the fact that the token is not
bound to a particular pod and has no expiry).

With the new serviceAccountRef, cert-manager now requests the token on
behalf of the pod in order to authenticate with Vault.

Signed-off-by: Maël Valais <mael@vls.dev>
2023-02-06 18:28:49 +01:00
..
acmechallenges feature: update gateway api to v1beta1 2022-12-05 14:03:21 +00:00
acmeorders Remove bazel 🎉 2022-07-26 11:38:50 +01:00
cainjector Code review feedback 2023-02-01 08:53:27 +00:00
certificate-shim Merge pull request #4502 from ctrought/master 2023-01-20 14:35:37 +00:00
certificaterequests serviceAccountRef: the vault issuer can now use bound SA tokens 2023-02-06 18:28:49 +01:00
certificates add (deprecated) stub functions 2023-01-23 13:26:37 +01:00
certificatesigningrequests serviceAccountRef: the vault issuer can now use bound SA tokens 2023-02-06 18:28:49 +01:00
clusterissuers fixup! Add option to load Vault CA bundle from Kubernetes Secret 2022-08-21 07:41:15 +03:00
globals Remove bazel 🎉 2022-07-26 11:38:50 +01:00
issuers fixup! Add option to load Vault CA bundle from Kubernetes Secret 2022-08-21 07:41:15 +03:00
test upgrade gateway api to v0.5.0 2022-08-08 08:52:59 +00:00
builder.go
context_test.go Change controller context rate limiter test to ensure they are the same 2022-02-22 09:15:10 +00:00
context.go feature: update gateway api to v1beta1 2022-12-05 14:03:21 +00:00
controller.go Fix incorrect uses of loop variable 2022-08-26 15:08:30 -04:00
helper.go
register.go
util_test.go
util.go