weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
b6013599e4
cert-manager/internal
History
Ashley Davis c5924f54a1
add + use CABundle field for ACME servers in issuers 
Previously it wasn't possible to set a custom CA bundle for an ACME
server, leading users to either patch the cert-manager system CA bundle
manually or else use SkipTLSVerify which is a security issue.

This adds CABundle for ACME, similar to what we have for Vault and
Venafi TPP issuers.

Longer term we'd like to have a more fully featured approach. It would
for example make sense to support loading CA bundles from ConfigMaps or
Secrets (similar to what we do for Vault issuers today), but for now this
change is the simplest change.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
2022-12-15 16:21:07 +00:00
..
apis add + use CABundle field for ACME servers in issuers 2022-12-15 16:21:07 +00:00
cainjector/feature apply go fmt for go1.19 2022-08-04 09:51:57 +00:00
controller Addressing review comments 2022-12-06 18:54:46 +05:30
plugin Remove bazel 🎉 2022-07-26 11:38:50 +01:00
test/paths Remove bazel 🎉 2022-07-26 11:38:50 +01:00
vault Test that the Sign function *does* use the Vault namespace 2022-11-23 10:40:59 +00:00
webhook apply go fmt for go1.19 2022-08-04 09:51:57 +00:00