Skip to content

[pull] master from cert-manager:master #1066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pull wants to merge 3,097 commits into
base: master
Choose a base branch
from
Open

[pull] master from cert-manager:master #1066

pull wants to merge 3,097 commits into from

Conversation

@pull
Copy link

@pull pull bot commented Oct 28, 2022
edited
Loading

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull bot added the ⤵️ pull label Oct 28, 2022
iossifbenbassat123 and others added 29 commits October 30, 2025 09:53
@iossifbenbassat123
Improve consistency of contextual information in cert-components part 1
c38da5e 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
fix: failing test in issuer_go
4afca06 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
run generate
d16c5d5 
Signed-off-by: Iossif Benbassat <[email protected]>
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
91b38e5 
Signed-off-by: cert-manager-bot <[email protected]>
@cert-manager-prow
Merge pull request #8216 from cert-manager/self-upgrade-master
11c9f1c 
[CI] Merge self-upgrade-master into master
@iossifbenbassat123
modify texts
5e33700 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
final rename
76596cd 
Signed-off-by: Iossif Benbassat <[email protected]>
@octo-sts
chore(deps): update github/codeql-action action to v4.31.2
b6bb253 
Signed-off-by: Renovate Bot <[email protected]>
@iossifbenbassat123
address test errors
5f3790c 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
address test errors part 2
fdcb1be 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
address test errors part 3
1b7aad6 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
address test errors part 4
92bc67e 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
address test errors part 5
b618a34 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
finish venafi removal and omit cyberark from certificate manager
2006d0b 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
finish venafi removal part 2
71ee816 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
fix failing test
366a671 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123 @wallrj-cyberark
Update README.md
1925034 
Co-authored-by: Richard Wall <[email protected]>
Signed-off-by: iossifbenbassat123 <[email protected]>
@iossifbenbassat123
revert some of crd changes that relate to field names
3db822f 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
Merge remote-tracking branch 'fork/venafi-cyberark-context-consistenc…
8186d80 
…y' into venafi-cyberark-context-consistency
@iossifbenbassat123
revert some of crd changes that relate to field names part 2
750ccb2 
Signed-off-by: Iossif Benbassat <[email protected]>
@iossifbenbassat123
use CyberArk Certificate Manager
5c34a01 
Signed-off-by: Iossif Benbassat <[email protected]>
@cert-manager-prow
Merge pull request #8219 from cert-manager/renovate/master-misc-githu…
0d81877 
…b-actions

chore(deps): update github/codeql-action action to v4.31.2 (master)
@Peac36
add logs for cases when acme server return us fatal error
b22c2f5 
Signed-off-by: Nikola <[email protected]>
@octo-sts
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.27.2
69b45d5 
Signed-off-by: Renovate Bot <[email protected]>
@cert-manager-prow
Merge pull request #8223 from cert-manager/renovate/master-github.com…
5116b46 
…onsi-deps

fix(deps): update module github.com/onsi/ginkgo/v2 to v2.27.2 (master)
@erikgb
Deprecate GenericIssuer.GetObjectMeta
a9d521f 
Signed-off-by: Erik Godding Boye <[email protected]>
@cert-manager-prow
Merge pull request #8199 from Peac36/fix/7267
efc3e4d 
adds logs for cases when acme server return us fatal error
@cert-manager-bot @inteon
BOT: run 'make upgrade-klone' and 'make generate'
767bc70 
Signed-off-by: cert-manager-bot <[email protected]>
@inteon
fix linter issues
0dbf5e7 
Signed-off-by: Tim Ramlot <[email protected]>
cert-manager-prow bot and others added 30 commits December 17, 2025 17:48
@cert-manager-prow
Merge pull request #8347 from cert-manager/renovate/master-misc-githu…
93b7863 
…b-actions

chore(deps): update github/codeql-action action to v4.31.9 (master)
@cert-manager-prow
Merge pull request #8348 from cert-manager/renovate/master-cloud-go-deps
f7f75c3 
fix(deps): update cloud go deps (master)
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
80e0a3b 
Signed-off-by: cert-manager-bot <[email protected]>
@cert-manager-prow
Merge pull request #8349 from cert-manager/self-upgrade-master
d84ef8d 
[CI] Merge self-upgrade-master into master
@renovate
chore(deps): update dependency kubernetes-sigs/kind to v0.31.0
bee9a6d 
Signed-off-by: Renovate Bot <[email protected]>
@jaxels10
fix: update helm install NOTES to include GWAPI instructions
1a6633e 
Signed-off-by: Jesper Axelsen <[email protected]>
@renovate
fix(deps): update cloud go deps
15481ea 
Signed-off-by: Renovate Bot <[email protected]>
@cert-manager-prow
Merge pull request #8351 from cert-manager/renovate/master-kubernetes…
49a0425 
…-sigs-kind-0.x

chore(deps): update dependency kubernetes-sigs/kind to v0.31.0 (master)
@cert-manager-prow
Merge pull request #8356 from cert-manager/renovate/master-cloud-go-deps
2e365c8 
fix(deps): update cloud go deps (master)
@eleanor-merry
Add checks for Duration and RenewBefore changes when determining if a…
9def8f7 
… ingress/gateway-api change should trigger a certificate update

Signed-off-by: Eleanor Merry <[email protected]>
@eleanor-merry
Fix pointer refs for Duration/RenewBefore/RevisionHistoryLimit
a66597e 
Signed-off-by: Eleanor Merry <[email protected]>
@eleanor-merry
Move to ptr.Equal
f4346c0 
Signed-off-by: Eleanor Merry <[email protected]>
@renovate
fix(deps): update module software.sslmate.com/src/go-pkcs12 to v0.7.0
f0d2d82 
Signed-off-by: Renovate Bot <[email protected]>
@cert-manager-prow
Merge pull request #8301 from AbsaOSS/venafi_issuer_custom_field
ff466ee 
venafi: Process custom fields annotations on Issuer
@hjoshi123 @wallrj-cyberark
feat(trigger): adding certificate request backoff duration to trigger…
cac4f59 
… controller (#8312)

* Add configurable initial certificate request backoff

- Add controller config field for initial certificate request backoff
- Add CLI flag to configure the initial backoff duration
- Use configured initial delay in trigger controller backoff
- Default initial delay is 1h and backoff doubles per failure up to 32h
- Update defaults, conversions, controller context, and tests

Signed-off-by: Hemant Joshi <[email protected]>
Co-authored-by: Richard Wall <[email protected]>
Signed-off-by: Richard Wall <[email protected]>

* attempt to fix test with default backoff

Signed-off-by: hjoshi123 <[email protected]>

---------

Signed-off-by: Hemant Joshi <[email protected]>
Signed-off-by: Richard Wall <[email protected]>
Signed-off-by: hjoshi123 <[email protected]>
Co-authored-by: Richard Wall <[email protected]>
@erikgb @cert-manager-bot
@renovate @inteon
Upgrade K8s dependencies to 1.35 (#8358)
a48898b 
* BOT: run 'make upgrade-klone' and 'make generate'

Signed-off-by: cert-manager-bot <[email protected]>

* fix(deps): update kubernetes go deps to v0.35.0

Signed-off-by: Renovate Bot <[email protected]>

* Fix some failing tests

Signed-off-by: Erik Godding Boye <[email protected]>

* Disable WatchListClient feature gate in tests for now

Signed-off-by: Erik Godding Boye <[email protected]>

* Partially reverted "Fix some failing tests"

This partially reverts commit b340bd0.

Signed-off-by: Tim Ramlot <[email protected]>

---------

Signed-off-by: cert-manager-bot <[email protected]>
Signed-off-by: Renovate Bot <[email protected]>
Signed-off-by: Erik Godding Boye <[email protected]>
Signed-off-by: Tim Ramlot <[email protected]>
Co-authored-by: cert-manager-bot <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Tim Ramlot <[email protected]>
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
399a243 
Signed-off-by: cert-manager-bot <[email protected]>
@cert-manager-prow
Merge pull request #8365 from cert-manager/self-upgrade-master
25fa183 
[CI] Merge self-upgrade-master into master
@cert-manager-prow
Merge pull request #8232 from eleanor-merry/notice-duration-changes-o…
c825445 
…n-ingresses

Add checks for Duration/RenewBefore changes when determining if an ingress/gateway-api change should trigger a certificate update
@cert-manager-prow
Merge pull request #8362 from cert-manager/renovate/master-misc-go-deps
d1a0ad3 
fix(deps): update module software.sslmate.com/src/go-pkcs12 to v0.7.0 (master)
@jcpunk
Add unhealthyPodEvictionPolicy to supported PDB options
3d29a83 
Signed-off-by: Pat Riehecky <[email protected]>
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
536e74e 
Signed-off-by: cert-manager-bot <[email protected]>
@cert-manager-prow
Merge pull request #8366 from cert-manager/self-upgrade-master
8fa9f88 
[CI] Merge self-upgrade-master into master
@cert-manager-prow
Merge pull request #8353 from jaxels10/master
886e4b4 
fix: update helm install NOTES to include GWAPI instructions
@hjoshi123
adding 1.35 kind version
09600a6 
Signed-off-by: Hemant Joshi <[email protected]>
@cert-manager-prow
Merge pull request #8371 from hjoshi123/fix/kind-1-35
bde5356 
fix(ci): adding 1.35 kind version
@hjoshi123 @erikgb
feat(controller): adding labels to lease (#8043)
e41d1b7 
* adding labels to lease

Signed-off-by: hjoshi123 <[email protected]>
Signed-off-by: Hemant Joshi <[email protected]>

* Update cmd/cainjector/app/controller.go

Co-authored-by: Erik Godding Boye <[email protected]>
Signed-off-by: Hemant Joshi <[email protected]>

---------

Signed-off-by: hjoshi123 <[email protected]>
Signed-off-by: Hemant Joshi <[email protected]>
Signed-off-by: Hemant Joshi <[email protected]>
Co-authored-by: Erik Godding Boye <[email protected]>
@terinjokes
feat(vault): add server as default audience
f129792 
Vault's JWT/OIDC authentication requires "bound_audiences" to be set and
match at least one of the audiences on the JWT. This is in contrast to
Vault's Kubernetes authentication method in which "bound_audiences" is
optional. In addition, the "bound_audiences" configuration is static.

As "bound_audiences" is required with the JWT/OIDC method, the
per-issuer audience generated by cert-manager was difficult to use in
common use cases. Either the Vault operator must define new Vault role
bindings for every combination of namespace and issuer names, or every
issuer must be created with a static issuer defined. Switching from the
Kubernetes method to the JWT/OIDC method would also require every issuer
to be updated with the audience.

This changeset adds the value of the issuer's ".spec.vault.server" to
the default audience list. This gives the Vault operator a static value
to define for "bound_audiences".

Bug: #8218
Signed-off-by: Terin Stock <[email protected]>
@cert-manager-prow
Merge pull request #8228 from terinjokes/vault-default-audiences
c084079 
feat(vault): add server as default audience
@cert-manager-prow
Merge pull request #7728 from jcpunk/pdb-smarter
140000a 
Add unhealthyPodEvictionPolicy to supported PDB options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.