Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/cert-manager/istio-csr

istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.
https://github.com/cert-manager/istio-csr

Change context root to use controller-runtime signal handler

Signed-off-by: joshvanl <[email protected]>

2f4f3b46dd9ad96d80e358132c0adabbb5dcbbff authored over 3 years ago by joshvanl <[email protected]>
Ensure that the watcher returns a non-nil object before decoding

Signed-off-by: joshvanl <[email protected]>

0f81e0326ed5e5cb06dbed7b7fc1d6a914c981f4 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #97 from JoshVanL/controller-configmap-refactor

Controller configmap refactor

0be442cbd660705de7e25f27e644a30296b5b7b7 authored over 3 years ago by jetstack-bot <[email protected]>
Adds empty carotation Makefile target to pass CI

Signed-off-by: joshvanl <[email protected]>

f289c19fd100a539f55c74a4314cb271f3263eea authored over 3 years ago by joshvanl <[email protected]>
Update root CAs from issuer _when_ the bytes are different

Signed-off-by: joshvanl <[email protected]>

c68c6dc4c32473afa727275d4888e1d40f343fc5 authored over 3 years ago by joshvanl <[email protected]>
Fix tests, send subscription events correctly

Signed-off-by: joshvanl <[email protected]>

2ad1edb41b7e8f6999ecbb9f4324f4c400386b3c authored over 3 years ago by joshvanl <[email protected]>
Update go modules with testify

Signed-off-by: joshvanl <[email protected]>

6eb2417adff9e1ee84fa7a481a3ff7ed4f62b90e authored over 3 years ago by joshvanl <[email protected]>
Remove flag which is not used anymore

Signed-off-by: joshvanl <[email protected]>

90a7771a6186726fab9ae2ace32ba26cf5d18b40 authored over 3 years ago by joshvanl <[email protected]>
Update controller options with new signatures

Signed-off-by: joshvanl <[email protected]>

b73cc86bf84d3fb8cb2a59bd9365f68e26845a2d authored over 3 years ago by joshvanl <[email protected]>
Adds RootCASubscription to catch when root CA changes

Signed-off-by: joshvanl <[email protected]>

d14dbbf810c41e829eb35a1fa57558712796be64 authored over 3 years ago by joshvanl <[email protected]>
Refactor controller to use metadata only cache, and be safer on

namespace termination

Signed-off-by: joshvanl <[email protected]>

0337d66cee9bef9b0ebf8105e104d07fe678a199 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #96 from JoshVanL/root-ca-parsing

Certificate chain parsing and Root CA concatanation

f008b85d4a9843209192ed39eb9d4d820e9eee55 authored over 3 years ago by jetstack-bot <[email protected]>
Updates go modules

Signed-off-by: joshvanl <[email protected]>

0a59c125d32f3089618aa8b74304a5e158a53368 authored over 3 years ago by joshvanl <[email protected]>
Adds docker network creation to help reduce CI flakes

Signed-off-by: joshvanl <[email protected]>

c4b19b5ac3e41391cff3565404cb751d995afc95 authored over 3 years ago by joshvanl <[email protected]>
Adds warning message when not specifying a CA, and updates signatures

Signed-off-by: joshvanl <[email protected]>

df8308e972196c48aa394b1a8b138a88dd29eabd authored over 3 years ago by joshvanl <[email protected]>
Update namespace controller to use new RootCAs signature

Signed-off-by: joshvanl <[email protected]>

17c1501e2611778eb6d148e7cea06363033558a9 authored over 3 years ago by joshvanl <[email protected]>
Ensure the mesh root CAs are appended to the certificate chain response

Signed-off-by: joshvanl <[email protected]>

225723f2a13309d435dad532eb3786b9471e5ecf authored over 3 years ago by joshvanl <[email protected]>
Changes tls provider to also expose a cert pool containing the root CAs

Signed-off-by: joshvanl <[email protected]>

d21dc3de4e1530aaf26e8513b0f885139e32fe57 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #93 from JoshVanL/image-tags-v0.2.1

Adds support for making multi-arch images. Updates tags

b5e0fb7eef308b3ca937fcad046a7c7eb4811281 authored over 3 years ago by jetstack-bot <[email protected]>
Use a `kind load docker-image` strategy for loading in istio-csr images

to the kind cluster for testing

Signed-off-by: joshvanl <[email protected]>

b49eca7d722bc6a37851b9e0153df66f34239c9f authored over 3 years ago by joshvanl <[email protected]>
Adds support for making multi-arch images. Updates tags

Signed-off-by: joshvanl <[email protected]>

57731b7f583a850812b59e0b8073b7f207a72d7c authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #92 from JoshVanL/helm-chart-v0.2.2

Updates helm chart to v0.2.2, fixes home URL

bd01bea374b1188fefd7d8269fb7b0e65d693675 authored over 3 years ago by jetstack-bot <[email protected]>
Updates helm chart to v0.2.2, fixes home URL

Signed-off-by: joshvanl <[email protected]>

5c670cf7b3c1bffcc400150a00e02ef6de545f47 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #91 from JoshVanL/helm-certificate-istiod-common-name

Adds hard coded `commonName: istiod.istio-system.svc` to istiod Certificate

e42b714b7890e9079a3c25a7055e8b4e4f8a7bde authored over 3 years ago by jetstack-bot <[email protected]>
Adds comment to `app.istio.revisions` to describe a workaround for

issuers with common name constraints

Signed-off-by: joshvanl <[email protected]>

f5cbf0ea012f4589c8c137f9bab78d36e64b4c63 authored over 3 years ago by joshvanl <[email protected]>
Adds hard coded `commonName: istiod.istio-system.svc` to istiod

Certificate

Signed-off-by: joshvanl <[email protected]>

9dfa73cd8cf4a384bc3c0e59db018fdf9128da50 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #88 from JoshVanL/helm-istio-revisions

Allows istio revisions to be configurable from helm chart

5939f38e08bb8778023c2d6c50dd4f6ce6d79f78 authored over 3 years ago by jetstack-bot <[email protected]>
Change Helm `app.istio.revsions` default value to `default`

Signed-off-by: joshvanl <[email protected]>

330437146b49cf493da22ff511ce4287e17fdde5 authored over 3 years ago by joshvanl <[email protected]>
Fix helm chart istio revisions to not allow duplicates

Signed-off-by: joshvanl <[email protected]>

ed48a16a538be60873de612723ae15be8b977b85 authored over 3 years ago by joshvanl <[email protected]>
Updates boilerplate script to use python3

Signed-off-by: joshvanl <[email protected]>

4cc9b50a96cbe6d9361cd379141c234073dfe81f authored over 3 years ago by joshvanl <[email protected]>
Allows istio revisions to be configurable from helm chart

Signed-off-by: joshvanl <[email protected]>

1222ce44d5ab3fe8560fa43775512405dc9fc7e6 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #82 from JoshVanL/helm-istiod-certificate-duraiton

Adds .app.tls.istiodCertificateDuration helm field as value to istiod's certificate.spec.,duration

b94b080fe770bf35b61aab6b659b2c5709709a62 authored over 3 years ago by jetstack-bot <[email protected]>
Remove duplicate `--serving-certificate-duration` arguments

Signed-off-by: joshvanl <[email protected]>

0e44f3a4ab14e85e738c62e71b4d7b3afd1ff4de authored over 3 years ago by joshvanl <[email protected]>
Create new helm value, specifically for istiod's certificate

Signed-off-by: joshvanl <[email protected]>

0b378c1565e9f4429992f9fd7cbf12b738661eb2 authored over 3 years ago by joshvanl <[email protected]>
Uses .app.tls.certificateDuration helm value as field to istiod's

Certificate

Signed-off-by: joshvanl <[email protected]>

3a6b9559cf922b081c8b996af74a1c262727090c authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #79 from JoshVanL/image-tags-v0.2.0

Updates image tags to v0.2.0

ee7939da2e72f78353d9b42d7584c280f4ff8d78 authored over 3 years ago by jetstack-bot <[email protected]>
Merge pull request #78 from JoshVanL/ctx-to-tls-config

Pass context to tls.GetConfig so it returns when context is canceled

b17eeddb47ae1e016c50842db3158455cc96b2c5 authored over 3 years ago by jetstack-bot <[email protected]>
Merge pull request #75 from JoshVanL/server-unit-tests

Server unit tests

3ac9188e8559e4e46b438776bce9159aaface776 authored over 3 years ago by jetstack-bot <[email protected]>
Updates image tags to v0.2.0

Signed-off-by: joshvanl <[email protected]>

3f551e4ee83fef2018a54ae1fb7708e5d5d053e5 authored over 3 years ago by joshvanl <[email protected]>
Pass context to tls.GetConfig so it returns when context is canceled

Signed-off-by: joshvanl <[email protected]>

d0772fcbde9907b7af672f2b00013f8f269378cb authored over 3 years ago by joshvanl <[email protected]>
Rename certmanager Interface to Signer

Signed-off-by: joshvanl <[email protected]>

8550a4c187ff733d02423553413fdbefba4cdce8 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #74 from JoshVanL/cert-manager-delete-on-return

Change delete CertificateRequest to defer so it is always done

9cead1616f0d7fb3d292aa98e5bf04e3b83b3f0a authored over 3 years ago by jetstack-bot <[email protected]>
Merge pull request #76 from cert-manager/fix-custom-volumes

Fix custom volume and volumeMount helm template

09d17852f6ff14cedb8ddb3d18144495ddd2564a authored over 3 years ago by jetstack-bot <[email protected]>
Merge pull request #77 from irbekrm/bump_base_image

Bumps base image version

1ebdd68e4f27f03677fac538017f19e75540e87f authored over 3 years ago by jetstack-bot <[email protected]>
Change delete CertificateRequest to defer so it is always done

Signed-off-by: joshvanl <[email protected]>

1fa07c3bab205be60d464c1cdb5b3202f5d7e923 authored over 3 years ago by joshvanl <[email protected]>
Add go routine to cert-manager Delete to prevent blocking

Signed-off-by: joshvanl <[email protected]>

db1ab5ce18be79b5303a507035f34dd0071bdce1 authored over 3 years ago by joshvanl <[email protected]>
Change certmanager into Interface, and add unit tests to server

Signed-off-by: joshvanl <[email protected]>

d661606e293df6a38f3d372b3e1cf596e0db824d authored over 3 years ago by joshvanl <[email protected]>
Bumps base image version

Signed-off-by: irbekrm <[email protected]>

ce8b167bc949f0baa0ce104543aabf0fb4c20acf authored over 3 years ago by irbekrm <[email protected]>
Merge pull request #72 from JoshVanL/metrics

Add metrics

b4c07743792cd6365980233ce291248c12841122 authored over 3 years ago by jetstack-bot <[email protected]>
Fix custom volume and volumeMount helm template

Signed-off-by: joshvanl <[email protected]>

d9fa1b50d30febdadc61d8db735dbb1b135ce631 authored over 3 years ago by joshvanl <[email protected]>
Adds optional Service and ServiceMonitor to helm deployment to expose

metrics

Signed-off-by: joshvanl <[email protected]>

e92d05acae3970598869fe52c68f58d93a98db74 authored over 3 years ago by joshvanl <[email protected]>
Removes Stream Interceptor from grpc metrics as it is not used

Signed-off-by: joshvanl <[email protected]>

b8641b0d291ae266dcd2f7f8f57e1cdae5b48044 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #63 from JoshVanL/change-default-cert-settings

Change default certificate settings

c66977b745ecdcb159e0ba9a9f67df3f513af97e authored over 3 years ago by jetstack-bot <[email protected]>
Adds metrics endpoint to controler-runtime manager

Signed-off-by: joshvanl <[email protected]>

42642ddc5ec014fe6ba91a7869061dc78d6a0a2c authored over 3 years ago by joshvanl <[email protected]>
Adds Prometheus to go modules

Signed-off-by: joshvanl <[email protected]>

df11fc975fbf737475f34fe4b69b23428c003701 authored over 3 years ago by joshvanl <[email protected]>
Adds Prometheus metrics to the gRPC service

Signed-off-by: joshvanl <[email protected]>

c025074d6f786e07e916595a8e40833265932487 authored over 3 years ago by joshvanl <[email protected]>
Change e2e test identity annotation to hard coded

Signed-off-by: joshvanl <[email protected]>

b598a9622bc3fe86e6797e8148e725ee0b40e760 authored over 3 years ago by joshvanl <[email protected]>
Adds --metrics-port CLI flag

Signed-off-by: joshvanl <[email protected]>

bccc00115bb32492256565f95dd736e473659838 authored over 3 years ago by joshvanl <[email protected]>
Expose metrics port to helm chart

Signed-off-by: joshvanl <[email protected]>

153030b415c2b10aebb53c0161dbd684dcc6494f authored over 3 years ago by joshvanl <[email protected]>
Add metric to the tls provider

Signed-off-by: joshvanl <[email protected]>

b25facb9ebb4fa7e068788e5b31e543772070015 authored over 3 years ago by joshvanl <[email protected]>
Give NIST reasoning for length of certificate durations

Signed-off-by: joshvanl <[email protected]>

b6129ba1db7845fd5209366fa77fb218256b6276 authored over 3 years ago by joshvanl <[email protected]>
Updates README.md to reflect cert-manager's minimum supported version

Signed-off-by: joshvanl <[email protected]>

30c56d143bed6e68bc9986ca232a43086ab0df16 authored over 3 years ago by joshvanl <[email protected]>
Changes helm certificate default values to all be 1 hour. Hard codes

istiod Certificate to be 1 hour with revision history limit

Signed-off-by: joshvanl <vleeuwenjos...

929996e6777a067fcdf9b6c71e813c0f9f284fbe authored over 3 years ago by joshvanl <[email protected]>
Change default certificate flag settings to be 1 hour

Signed-off-by: joshvanl <[email protected]>

61cde1f551a0362c19bf3eac86a6bf7f50db4341 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #71 from JoshVanL/services-runnables

Make all istio-csr internal services into controller-runtime runnables.

9ee95f1fb8b04103217cb7738bf81ce42069c354 authored over 3 years ago by jetstack-bot <[email protected]>
Fix namespace controller tests

Signed-off-by: joshvanl <[email protected]>

b133dd1b1324b96826bab88935b9a5451cea2473 authored over 3 years ago by joshvanl <[email protected]>
Cleans up the namespace controller struct fields

Signed-off-by: joshvanl <[email protected]>

4fb6f455023b4a07c2ccb8870fa74a9704a82b65 authored over 3 years ago by joshvanl <[email protected]>
Set readiness to false in tls provider when context is cancelled

Signed-off-by: joshvanl <[email protected]>

b13607ad5ef35ea4b7e561009eacbcb97f453774 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #70 from JoshVanL/isito-config-append-last

Change istio config to use "append last" in patches

3f5a889f06297fcd441deb60dce5ca6ddb6629e0 authored over 3 years ago by jetstack-bot <[email protected]>
Change tls provider into a controller-runtime runnable

Signed-off-by: joshvanl <[email protected]>

bc08c6adfce5d0aea7b6573857b31f1fb950ecbb authored over 3 years ago by joshvanl <[email protected]>
Refactor helm chart to use new options structure

Signed-off-by: joshvanl <[email protected]>

979b71417564b20a494065bc6668ed2bc34cec66 authored over 3 years ago by joshvanl <[email protected]>
Initialise all services and controller-runtime manager into app, make

use of runnables

Signed-off-by: joshvanl <[email protected]>

105c9786bade9590dff621c9f586e857814449ec authored over 3 years ago by joshvanl <[email protected]>
Refactor the options package according to the services package changes

Signed-off-by: joshvanl <[email protected]>

a80aa6930da478327393b1aefd9b1bd6aee57f7e authored over 3 years ago by joshvanl <[email protected]>
Remove controller-runtime manager from namespace controller

Signed-off-by: joshvanl <[email protected]>

3990755c8a2826c835807315560335dec2df23e9 authored over 3 years ago by joshvanl <[email protected]>
Change server to initialise the auther in the package, and make a

controller-runtime runnable

Signed-off-by: joshvanl <[email protected]>

1cda4c2158bf3fd8ed06b7abf3b89c53f7b3adad authored over 3 years ago by joshvanl <[email protected]>
Change cert-manager manager to Get the CR before setting a watch, to

ensure we don't miss the CR being signed going into the loop

Signed-off-by: joshvanl <vleeuwenjo...

3f71273def1722df310eabb6c0db714fc8e2fe87 authored over 3 years ago by joshvanl <[email protected]>
Deletes the healthz utils, in favour of the controller-runtime

implementation

Signed-off-by: joshvanl <[email protected]>

842ddcbfd3f25683fa644c63453a43341364071d authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #69 from JoshVanL/pkg-certmanager

Create new cert-manager package

4fe42bd4dd924229093973255a14a9b35aa3aecf authored over 3 years ago by jetstack-bot <[email protected]>
Change tls to use new cert-manager manager and move options to locally

Signed-off-by: joshvanl <[email protected]>

d07866d1590612a443e7b06e3d78e04185c155ee authored over 3 years ago by joshvanl <[email protected]>
Move healthz into util

Signed-off-by: joshvanl <[email protected]>

5659bcda8d54a7a70788bed9e34c3f71edb368cb authored over 3 years ago by joshvanl <[email protected]>
Change server service to use new cert-manager manager and move optional

to local

Signed-off-by: joshvanl <[email protected]>

687aad432436be3e9aa87512c2a9e9e63b4c59fc authored over 3 years ago by joshvanl <[email protected]>
Change controller to use local options

Signed-off-by: joshvanl <[email protected]>

309327498a277b4159018e1dac9ccb69eabd1a48 authored over 3 years ago by joshvanl <[email protected]>
Change options to import option structs

Signed-off-by: joshvanl <[email protected]>

fc08bc8fb368f48d0ec689a9c738b25bdd7f0e18 authored over 3 years ago by joshvanl <[email protected]>
Update helm values file and templates to use more sane variable

structure

Signed-off-by: joshvanl <[email protected]>

cf75e4f947b7211a5278bf620d2046ac916c3582 authored over 3 years ago by joshvanl <[email protected]>
Update e2e helm values file to use new structure

Signed-off-by: joshvanl <[email protected]>

6e120a035190d688657a008591601f4ea8e2692f authored over 3 years ago by joshvanl <[email protected]>
Fixes some spelling and added comments/debug log messages

Signed-off-by: joshvanl <[email protected]>

eaff69cccc291ade82336b6a0787d7404aeefe3d authored over 3 years ago by joshvanl <[email protected]>
Create dedicated cert-manager service for creating CertificateRequests

Signed-off-by: joshvanl <[email protected]>

783bc1a41457a0828c5bab6e080ea2d58481c356 authored over 3 years ago by joshvanl <[email protected]>
Improve certmanager Helm value fields

Signed-off-by: joshvanl <[email protected]>

0c87572f875270b58d983740f38ef46c8d20bf81 authored over 3 years ago by joshvanl <[email protected]>
Update app to use new options structure

Signed-off-by: joshvanl <[email protected]>

b721706e6810057aca7b8642d6325b37038f2ce2 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #67 from JoshVanL/update-deps-istio

Update Deps

25bcbe688a3cb668de65c26deb3bd6240a3d3add authored over 3 years ago by jetstack-bot <[email protected]>
Merge pull request #68 from JoshVanL/remove-boiler-test

Remove test boilerplate files

e4306b224bb98bfeedf2815c176e7d73ff6a6621 authored over 3 years ago by jetstack-bot <[email protected]>
Change istio config to use "append last" in patches

Signed-off-by: joshvanl <[email protected]>

5411e6c15db91f47dee68710bcdbf0df184cf775 authored over 3 years ago by joshvanl <[email protected]>
Change cert-manager deployment version to 1.4.0 to e2e

Signed-off-by: joshvanl <[email protected]>

1ccaeec3f3491260902fc5a733514b367553fe50 authored over 3 years ago by joshvanl <[email protected]>
Remove test boilerplate files

Signed-off-by: joshvanl <[email protected]>

0f8e39e2c5102031a91e73ae85171427cb93a665 authored over 3 years ago by joshvanl <[email protected]>
Change request e2e test to use new internal client

Signed-off-by: joshvanl <[email protected]>

9cd26667f8228bb8b1e3184860392b337cfe77e5 authored over 3 years ago by joshvanl <[email protected]>
Update internal test ca client with new client interface

Signed-off-by: joshvanl <[email protected]>

fa595b1064600acdc3e631ef397d0a1caf748a31 authored over 3 years ago by joshvanl <[email protected]>
Use new auther in server

Signed-off-by: joshvanl <[email protected]>

27c2c38afd365796caa8115a232574460c28214d authored over 3 years ago by joshvanl <[email protected]>
Configure kube auther using mesh.Holder()

Signed-off-by: joshvanl <[email protected]>

a6263d70786b4ef9914687a1c5e9b204f9dbdd58 authored over 3 years ago by joshvanl <[email protected]>
Update cert-manager and istio to latest deps

Signed-off-by: joshvanl <[email protected]>

7e746d1468081806a8efd884aa04513025530694 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #62 from JoshVanL/fix-controller-readiness-leader-election

Exit error if we lose leader election, fix election ID

feb1eca07992986a6519aafe49e261842aecee50 authored over 3 years ago by jetstack-bot <[email protected]>