Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v1.16.1] sync with upstream #36

Closed
wants to merge 311 commits into from
Closed

[v1.16.1] sync with upstream #36

wants to merge 311 commits into from

Conversation

mjsmithnh
Copy link

@mjsmithnh mjsmithnh commented Oct 16, 2024
edited
Loading

No description provided.

inteon and others added 30 commits June 21, 2024 15:33
@inteon
self-review changes
c3a76a9 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7110 from inteon/simplify_csr_conform…
f7100f3 
…ance_tests

Simplify CertificateSigningRequest conformance tests and add missing tests
@cert-manager-prow
Merge pull request cert-manager#6966 from mindw/mindw/add_proc_go_bui…
9c28f4d 
…ld_metrics

Add process and go runtime metrics for controller
@inteon
add missing featureset.OnlySAN required feature
b65903f 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7119 from inteon/conformance_venafi
edfc1a3 
Fix Venafi conformance test
@inteon
move duplicate certificate conformance test logic to function
e9ab52c 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
transform certificate conformance tests into tabular tests
e4669aa 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
reorder certificate conformance tests
3703b07 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
fix CertificateOrganization matcher
ecf7b15 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
skip conformance test if featureGate is not enabled
7eba9c8 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7036 from fidelity-contributions/feat…
837c6a1 
…ure/5514-venafi-issuer-ca-ref-support

Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
@cert-manager-prow
Merge pull request cert-manager#7106 from inteon/conformance_cleanup
f037fd2 
Refactor Certificate conformance to tabular tests
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
e0b345b 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
@inteon
remove duplicate Make targets
db4ab7f 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7123 from cert-manager/self-upgrade-m…
b10c02a 
…aster

[CI] Merge self-upgrade-master into master
@maelvls
make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works
dfff8c2 
Previously,

  E2E_EXISTING_CHART=true E2E_CERT_MANAGER_VERSION=1.14.2 make e2e-setup-certmanager

would fail with the error:

  Error: unknown flag: --version1.14.2

Signed-off-by: Maël Valais <mael@vls.dev>
@cert-manager-prow
Merge pull request cert-manager#7124 from maelvls/make-fix-e2e_cert_m…
46100d4 
…anager_version

make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works
@SgtCoDFish
bump go-retryablehttp to address CVE-2024-6104
817a2bf 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@ThatsMrTalbot
feat: default ControllerConfiguration apiVersion and kind in helm
e30ad68 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
@cert-manager-prow
Merge pull request cert-manager#7125 from SgtCoDFish/bump-http-lib
054887d 
Bump go-retryablehttp to address CVE-2024-6104
@cert-manager-prow
Merge pull request cert-manager#7126 from ThatsMrTalbot/feat/helm-def…
1b9c02e 
…ault-config-apiversion-and-kind

feat: default ControllerConfiguration apiVersion and kind in helm
@inteon
BUGFIX: Venafi issuer and clusterissuer checks were failing due to ni…
e906cb8 
…lpointer exception

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7140 from inteon/bugfix_nilpointer
c65c757 
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception
@inteon
add bind resource request to improve availability during tests, also …
0e45b3b 
…set memory limit = request following best practice

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cbroglie
Add renewBeforePercentage alternative to renewBefore
0f74d75 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes cert-manager#4423, resolves cert-manager#5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
@cert-manager-prow
Merge pull request cert-manager#6987 from cbroglie/renew-before-pct
50abeda 
feat: Add renewBeforePercentage alternative to renewBefore
@cert-manager-prow
Merge pull request cert-manager#7141 from inteon/add_bind_resource_re…
74fe287 
…quest_and_limit

Tests: add bind resource request to improve availability during tests
@inteon
use supported bind9 image and run bind as non-root user
452ee1e 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7142 from inteon/bind_update
b497dad 
Tests: use supported bind9 image and run as non-root
@lunarwhite
fix API fields description for venafi tpp
df37eba 
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
wallrj and others added 28 commits September 25, 2024 20:00
@wallrj
Always fall back on the ambient region
7c5df3a 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@wallrj
Use regional STS endpoints for the dedicated STS client, when a Role …
8fcd13b 
…or WebIdentityToken are supplied in the Issuer

Signed-off-by: Richard Wall <richard.wall@venafi.com>
@cert-manager-prow
Merge pull request cert-manager#7299 from wallrj/route53-ambient-region
f3b2a98 
Route53 DNS01 Solver: Always fall back on the ambient region
@wallrj
Fix possible OOM failures in the makestage Google Cloud Build
b9df662 
By reducing the make parallelism.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
@wallrj
Use a better supported machine type
13912bf 
N1_HIGHCPU_32 is no longer listed in the table of supported GCB machine types,
but there is the following foot note in the documentation:
> Cloud Build continues to offer n1-highcpu-8 and n1-highcpu-32 machine types. They are offered at the same price as e2-highcpu-8 and e2-highcpu-32

https://cloud.google.com/build/pricing

Signed-off-by: Richard Wall <richard.wall@venafi.com>
@cert-manager-prow
Merge pull request cert-manager#7309 from cert-manager-bot/cherry-pic…
e358f59 
…k-7308-to-release-1.16

[release-1.16] Fix makestage OOM failures
@wallrj
Revert "Reduce load on the Kubernetes API server and reduce the peak …
514f559 
…memory use of the cert-manager components by enabling the use of the WatchList (Streaming Lists) feature"

Signed-off-by: Richard Wall <richard.wall@venafi.com>
@cert-manager-prow
Merge pull request cert-manager#7318 from cert-manager-bot/cherry-pic…
e381fb0 
…k-7315-to-release-1.16

[release-1.16] Revert "Reduce load on the Kubernetes API server and reduce the peak memory use of the cert-manager components by enabling the use of the WatchList (Streaming Lists) feature"
@wallrj
Add extraEnv to webhook, cainjector, and startupapicheck
99dc5d2 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@wallrj
make generate-helm-schema generate-helm-docs
8c46145 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@wallrj
Update deployments and startupapi Job
78dd1bf 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@cert-manager-prow
Merge pull request cert-manager#7319 from cert-manager-bot/cherry-pic…
f98340d 
…k-7317-to-release-1.16

[release-1.16] Allow extra environment variables to be added to  cainjector, webhook and startupapicheck
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
d09894c 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7324 from cert-manager-bot/cherry-pic…
f9e8aa6 
…k-7321-to-release-1.16

[release-1.16] [CI] Merge self-upgrade-master into master
@wallrj
make update-base-images
3470785 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@cert-manager-prow
Merge pull request cert-manager#7325 from cert-manager-bot/cherry-pic…
67c897d 
…k-7323-to-release-1.16

[release-1.16] make update-base-images
@inteon
BUGFIX: use correct resource namespace for Cluster Issuers
18e99f5 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
add ACME ClusterIssuer resource namespace test
1144aab 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7342 from cert-manager-bot/cherry-pic…
17d9d81 
…k-7339-to-release-1.16

[release-1.16] BUGFIX: use correct resource namespace for Cluster Issuers
@inteon
update schema validation for minAvailable and maxAvailable to accept …
4f4ea8b 
…both string and integer values

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7345 from cert-manager-bot/cherry-pic…
2d22a92 
…k-7343-to-release-1.16

[release-1.16] BUGFIX: Update schema validation to accept both string and integer values
@inteon
Run 'make upgrade-klone' and 'make generate'
c3bdc1f 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7348 from cert-manager/self-upgrade-r…
b44f375 
…elease-1.16

[CI] Merge self-upgrade-release-1.16 into release-1.16
@JordanP
Helm chart: fix documentation for service accounts annotations
7525267 
Signed-off-by: jordanp <jordan@rezel.net>
@cert-manager-prow
Merge pull request cert-manager#7355 from cert-manager-bot/cherry-pic…
02f4a60 
…k-7351-to-release-1.16

[release-1.16] Helm chart: fix documentation for service accounts annotations
@inteon
Helm: add enabled to json schema
2298278 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@cert-manager-prow
Merge pull request cert-manager#7356 from cert-manager-bot/cherry-pic…
ff50c06 
…k-7350-to-release-1.16

[release-1.16] Helm: add enabled to json schema
@mjsmithnh
pull forward changes
6043357
@mjsmithnh mjsmithnh force-pushed the mjsmith/v1.16.1-sync branch from 3f3181f to 6043357 Compare October 16, 2024 19:38
@mjsmithnh mjsmithnh closed this Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.