github.com/cert-manager/signer-venafi commits

Merge pull request #11 from wallrj/kubeadm-1.19

Use kubeadm 1.19 rc1

e4eaa00ed0d6d921ff1800e5aa44c03946455c03 authored over 4 years ago by Richard Wall <[email protected]>

Use kubeadm 1.19 rc1

Required to make the kubelet-signer demo work

Signed-off-by: Richard Wall <richard.wall@jetstac...

9bdbf048ecf0cab83f15b47c4b5c9fcf4794d3f0 authored over 4 years ago by Richard Wall <[email protected]>

Merge pull request #10 from wallrj/make-gomod

Make gomod and make go-get-patch

2159f29049a402cb798678af45b7c8487b12b6a4 authored over 4 years ago by Richard Wall <[email protected]>

make go-get-patch

Signed-off-by: Richard Wall <[email protected]>

b1a24e2abd64c1b875965e9e9699ee4c7d367487 authored over 4 years ago by Richard Wall <[email protected]>

make gomod

Signed-off-by: Richard Wall <[email protected]>

c0885129cbb007f76e99544c14182b6e129a0a27 authored over 4 years ago by Richard Wall <[email protected]>

Merge pull request #9 from wallrj/make-verify

Re-organise demos and add a make verify target

b3eff9e7ec958106e89c418e090df7eaefa5ace6 authored over 4 years ago by Richard Wall <[email protected]>

Move Kubelet Signer configuration files into the demo folder

Signed-off-by: Richard Wall <[email protected]>

34f9c7290525f33454a783c2c78d8ab46a8ab4a5 authored over 4 years ago by Richard Wall <[email protected]>

Move example signer to its own demo folder

Signed-off-by: Richard Wall <[email protected]>

d118efaa72028723cca525edec64dd0d1f96c27c authored over 4 years ago by Richard Wall <[email protected]>

make manifests

Signed-off-by: Richard Wall <[email protected]>

fb146586fa36d95c32cf175d3d6a395d502f183a authored over 4 years ago by Richard Wall <[email protected]>

make verify

Signed-off-by: Richard Wall <[email protected]>

f8af5ba8f1cffda1ac10e4c2e4f9f00423a36518 authored over 4 years ago by Richard Wall <[email protected]>

Merge pull request #8 from wallrj/run-on-control-plane-node

Deploy signer-venafi on the control-plane node

7ed0a80e66e4526df5eb9afe574cdc6f86d98fbf authored over 4 years ago by Richard Wall <[email protected]>

Deploy signer-venafi on the control-plane node

Signed-off-by: Richard Wall <[email protected]>

5eafb7f1c147253b6b6260b29efd6e02339e76d2 authored over 4 years ago by Richard Wall <[email protected]>

Merge pull request #7 from wallrj/combined-demo

Provision a multi-node cluster where control-plane and worker node certificates are signed by Ve...

b0cb78cf8dd334c76330dce4aa9cf2bf0a722822 authored over 4 years ago by Richard Wall <[email protected]>

Document how to start signer-venafi to sign worker node certificates

Signed-off-by: Richard Wall <[email protected]>

5a0bb9a6e0a7781df779f023a648e18a3befbaba authored over 4 years ago by Richard Wall <[email protected]>

Wait for nodes to be ready

Signed-off-by: Richard Wall <[email protected]>

5c3b57f654f080a5128a145a2ec70a5333ebd0fc authored over 4 years ago by Richard Wall <[email protected]>

Async enroll and pickup venafi certs

Signed-off-by: Richard Wall <[email protected]>

986c1e53bcff725194018180ec2d88002e3f5959 authored over 4 years ago by Richard Wall <[email protected]>

Mount the ca.crt into the worker node

Signed-off-by: Richard Wall <[email protected]>

68a84ad387cf3fd36cf0aaa55fb64618b7ea56b0 authored over 4 years ago by Richard Wall <[email protected]>

Start the signer

Signed-off-by: Richard Wall <[email protected]>

3b7efab8c489a7288317bbd1f8f92b399d360855 authored over 4 years ago by Richard Wall <[email protected]>

Add an extra node

Signed-off-by: Richard Wall <[email protected]>

27602f99bb2a09597767330f2ec0de74fb918081 authored over 4 years ago by Richard Wall <[email protected]>

Merge pull request #6 from wallrj/use-kubeadm-alpha-certs-generate-csr

Use kubeadm alpha certs generate-csr in demo

60f0a35bd22277f79d58af318591efd66d36c3f1 authored over 4 years ago by Richard Wall <[email protected]>

Fix typos

Signed-off-by: Richard Wall <[email protected]>

95fb785737b49b152d6bb86710cb62389975484b authored over 4 years ago by Richard Wall <[email protected]>

Use tmux for a split screen demo

Signed-off-by: Richard Wall <[email protected]>

939d6cdab940fdcb93501d6a2bc5bc5f21cfb237 authored over 4 years ago by Richard Wall <[email protected]>

Update instructions

Signed-off-by: Richard Wall <[email protected]>

0701b7dbc82e95105b1079e357a2f334a2323119 authored over 4 years ago by Richard Wall <[email protected]>

Link to asciinema recording

Signed-off-by: Richard Wall <[email protected]>

68d32e2aa4da21f95d823d4f26201926d18b66cf authored over 4 years ago by Richard Wall <[email protected]>

Node registration belongs in InitConfiguration

Signed-off-by: Richard Wall <[email protected]>

71bf439b43c684bee6893e5f6577df7514a5aefc authored over 4 years ago by Richard Wall <[email protected]>

Use kubeadm alpha certs generate-csr in demo

Signed-off-by: Richard Wall <[email protected]>

80718c2a07a442cb5095c091c00a1d678876fe48 authored over 4 years ago by Richard Wall <[email protected]>

Merge pull request #5 from wallrj/kubeadm-init-phase-certs-venafi

Bootstrapping a K8S cluster with Kubeadm + Venafi TPP Demo

4df2df9757292dcd3816f439d4519819a62ac8d8 authored over 4 years ago by Richard Wall <[email protected]>

Fix the script to match the policy folder names in the documentation

Signed-off-by: Richard Wall <[email protected]>

6ca00d26ace41da539e57d3349489ca6f79e0dd8 authored over 4 years ago by Richard Wall <[email protected]>

Download the TPP CA file earlier for compatibility with the script

Signed-off-by: Richard Wall <[email protected]>

6de37a9d6fe9e65ae9b14e5e3581a4c3bf102e0c authored over 4 years ago by Richard Wall <[email protected]>

A note about running the script

Signed-off-by: Richard Wall <[email protected]>

c1b23c82a374f67c6b70e61332d0d984693fa3e9 authored over 4 years ago by Richard Wall <[email protected]>

Re-order some steps to match the narrative

Signed-off-by: Richard Wall <[email protected]>

52dd3c9bca93ebf7476c741ed5feccff17893285 authored over 4 years ago by Richard Wall <[email protected]>

Discussion

Signed-off-by: Richard Wall <[email protected]>

9f8a47740f7410702710ca3188080e71e84a3687 authored over 4 years ago by Richard Wall <[email protected]>

Start the cluster

Signed-off-by: Richard Wall <[email protected]>

0495755b4d45ba56771f9f0431bf3bb60d935dac authored over 4 years ago by Richard Wall <[email protected]>

Notes on kind.conf

Signed-off-by: Richard Wall <[email protected]>

8892caaf04570a2e635d8000ad8e53630b49c930 authored over 4 years ago by Richard Wall <[email protected]>

A note about self-signed client certs

Signed-off-by: Richard Wall <[email protected]>

0dd5c7ae8696bb4a7a86057859a6a47f87da7e84 authored over 4 years ago by Richard Wall <[email protected]>

A note about downloading the CA certificate

Signed-off-by: Richard Wall <[email protected]>

fe649f9024152ccf274b0cb040deee0fce47ce7d authored over 4 years ago by Richard Wall <[email protected]>

Signing certificates

Signed-off-by: Richard Wall <[email protected]>

2c169da8efe5dbe71237a15d418132263a78f3db authored over 4 years ago by Richard Wall <[email protected]>

Generating CSR files

Signed-off-by: Richard Wall <[email protected]>

472553833f48ceca7ee9b6d910cf1aa16b78cd79 authored over 4 years ago by Richard Wall <[email protected]>

Download vcert

Signed-off-by: Richard Wall <[email protected]>

77620dc9c451640e3b1c414a225997e231a6791f authored over 4 years ago by Richard Wall <[email protected]>

Some notes on configuring TPP

Signed-off-by: Richard Wall <[email protected]>

07cd55a50ec965aa22b5176fdc898249d1404931 authored over 4 years ago by Richard Wall <[email protected]>

Create CSRs and sign certs first

Signed-off-by: Richard Wall <[email protected]>

7ee59d6f478adecb2cae6125c452b3164fa646ce authored over 4 years ago by Richard Wall <[email protected]>

Start a README file

Signed-off-by: Richard Wall <[email protected]>

4471da51b1b4447d1270f97d44937a58b707ef8c authored over 4 years ago by Richard Wall <[email protected]>

Move everything into a demo folder and add a Make target

Signed-off-by: Richard Wall <[email protected]>

cde831d3bc30817815b1d45bc28b2efbd22ad5d5 authored over 4 years ago by Richard Wall <[email protected]>

Disable xtrace

Signed-off-by: Richard Wall <[email protected]>

bd123b86f7f7b9f09c56c7abcddc52be251554d6 authored over 4 years ago by Richard Wall <[email protected]>

It works! but requires documentation

Signed-off-by: Richard Wall <[email protected]>

a92839e08c01db0e977bfda493b66173857a3284 authored over 4 years ago by Richard Wall <[email protected]>

Partially working

Signed-off-by: Richard Wall <[email protected]>

dfdae67545469e5c4e46c8c979bfa914625d84f9 authored over 4 years ago by Richard Wall <[email protected]>

A script to create initial certificates signed by Venafi TPP

Signed-off-by: Richard Wall <[email protected]>

60d7005cd6ab623b25f84d591befbf1eaaa4dda6 authored over 4 years ago by Richard Wall <[email protected]>

Merge pull request #4 from wallrj/signing-with-venafi

Venafi Signer

5e829d7dc6cc00b4f4c4ed550ee8d992b57508c8 authored over 4 years ago by Richard Wall <[email protected]>

Document the Filter interface

Signed-off-by: Richard Wall <[email protected]>

32d2e8e51f475e55b3e29b8a8cb5b754a29d0559 authored over 4 years ago by Richard Wall <[email protected]>

A note about exporting the TPP CA certificate for the demo

Signed-off-by: Richard Wall <[email protected]>

85596634780bc440cc625e8c6a1d6a5503a4ae85 authored over 4 years ago by Richard Wall <[email protected]>

Document the signer tests and explain that they are incomplete

Signed-off-by: Richard Wall <[email protected]>

f3b8df4ff4b844c07b67178f42a6ecfe8dad6152 authored over 4 years ago by Richard Wall <[email protected]>

Check for vcert error ErrCertificatePending instead of parsing error message

Signed-off-by: Richard Wall <[email protected]>

67cbd57f5e4abeb3834b12d97f598aec283f83da authored over 4 years ago by Richard Wall <[email protected]>

Document the signer interface and implementations

Signed-off-by: Richard Wall <[email protected]>

64d18c10a5088d2879458c40269e871a3d3a3697 authored over 4 years ago by Richard Wall <[email protected]>

Link to upstream origin of the certificate helper utilities

Signed-off-by: Richard Wall <[email protected]>

59bce2bdbca5d7b951d1c7aa17117983bf16ce0d authored over 4 years ago by Richard Wall <[email protected]>

Documentation for the demo

Signed-off-by: Richard Wall <[email protected]>

2105f2451ab4ea04202276677a517228eb7f2fd2 authored over 4 years ago by Richard Wall <[email protected]>

A comment explaining how we disable the csrsigning controller

Signed-off-by: Richard Wall <[email protected]>

d00d128fcd6d938cb82d82f6126aeb6607ea252a authored over 4 years ago by Richard Wall <[email protected]>

A comment about the use of clientset for accessing the approval sub-resource

Signed-off-by: Richard Wall <[email protected]>

69bceeebf94fe062dce9d760ade7c0095cc271aa authored over 4 years ago by Richard Wall <[email protected]>

A wider tmux window for the operator logs

Signed-off-by: Richard Wall <[email protected]>

52c46b3fe64dc2fa8a2a92f5260e5bf60405539c authored over 4 years ago by Richard Wall <[email protected]>

A make target for the demo

Signed-off-by: Richard Wall <[email protected]>

e3240d52a7ab0069e2b7014045d7608c24133018 authored over 4 years ago by Richard Wall <[email protected]>

Clearer logging

Signed-off-by: Richard Wall <[email protected]>

b4732c6c72ada7e33b93a61ab45e4555e579d854 authored over 4 years ago by Richard Wall <[email protected]>

A tmux based demo with separate windows for kind and signer-venafi

Signed-off-by: Richard Wall <[email protected]>

ba8d3396c9d1143cd39a80055d4fbecf090dacc3 authored over 4 years ago by Richard Wall <[email protected]>

Remove obsolete comment

Signed-off-by: Richard Wall <[email protected]>

a3141d3c6c27610bee2c335249a57e3338f3e754 authored over 4 years ago by Richard Wall <[email protected]>

Consistent log messages

Signed-off-by: Richard Wall <[email protected]>

c812e5d65a957eac94b063a178958841ee8799d4 authored over 4 years ago by Richard Wall <[email protected]>

Move CSR filter logic to a separate package and unit test it

Signed-off-by: Richard Wall <[email protected]>

c34dac4f4950a04ba853c1f14031f3b9d2b52284 authored over 4 years ago by Richard Wall <[email protected]>

Explain the origin of the sample CSR and certificate in tests

Signed-off-by: Richard Wall <[email protected]>

11de99e3ee3e0201d247803f4ba4832cd8be8818 authored over 4 years ago by Richard Wall <[email protected]>

Wait 5 seconds between pickup attempts

Signed-off-by: Richard Wall <[email protected]>

2ba16b13c5b88b5676fd2c6a99be2db58eb70436 authored over 4 years ago by Richard Wall <[email protected]>

Use a qualified annotation key for pickup-id

Signed-off-by: Richard Wall <[email protected]>

5aba00358261f71a7bbaa1ae014561fccf71afd4 authored over 4 years ago by Richard Wall <[email protected]>

Remove unnecessary DeepEqual check before patching

Signed-off-by: Richard Wall <[email protected]>

6102bbfd87ce24fbb9052ce6b4f1740a1254bf3e authored over 4 years ago by Richard Wall <[email protected]>

Formatting

Signed-off-by: Richard Wall <[email protected]>

137f88de2a2f8d24f83c5c54d4effa4cc6c51deb authored over 4 years ago by Richard Wall <[email protected]>

Add example of deploying a CSR and approving it

Signed-off-by: Richard Wall <[email protected]>

90ebd481b08ff2a60a9624ec94fbfe453d7f613f authored over 4 years ago by Richard Wall <[email protected]>

Add a sample RBAC rule to allow signing of the sample CSR

Signed-off-by: Richard Wall <[email protected]>

6c0cc0159e6458b6728dea7438bc705c041d122e authored over 4 years ago by Richard Wall <[email protected]>

Embed a recording of the kubernetes bootstrapping demo

Signed-off-by: Richard Wall <[email protected]>

d806bf4c26eca6fa78218535c4ef3b24504db260 authored over 4 years ago by Richard Wall <[email protected]>

Less verbose logging in the demo script

Signed-off-by: Richard Wall <[email protected]>

d9b0a05672ea6f39310abb8ccd150a8863252773 authored over 4 years ago by Richard Wall <[email protected]>

Demo script

Signed-off-by: Richard Wall <[email protected]>

3e2c0eadcdc293e1ca320d12b690aec051bec612 authored over 4 years ago by Richard Wall <[email protected]>

Initialise a new vcert client for each TPP interaction

Signed-off-by: Richard Wall <[email protected]>

e8a93b12e07e6eef20e34e29a13fb77a74d47fa7 authored over 4 years ago by Richard Wall <[email protected]>

Log temporary errors for debugging purposes

Signed-off-by: Richard Wall <[email protected]>

6d1fa91c8d825deceb562ee2a23a04486e539922 authored over 4 years ago by Richard Wall <[email protected]>

Use make kind-create-cluster in the README file

Signed-off-by: Richard Wall <[email protected]>

e3a56be163c6a6a6e10e8c8c6a0e91f2dc0093dd authored over 4 years ago by Richard Wall <[email protected]>

Change the default vcert.ini path

Signed-off-by: Richard Wall <[email protected]>

7dd1112f91e243b36cfdeaf87111ddfabbd76ae5 authored over 4 years ago by Richard Wall <[email protected]>

Add an example vcert.ini to the deployment section of the README file

Signed-off-by: Richard Wall <[email protected]>

c5b9dafcf9db3288ded9978f2237a1ea3f62ab12 authored over 4 years ago by Richard Wall <[email protected]>

Add a sample vcert.ini file to the kustomize config

Signed-off-by: Richard Wall <[email protected]>

6ddd36253f2c54981a84d66dbcbeaf67ba47b1a8 authored over 4 years ago by Richard Wall <[email protected]>

Generate a vcert.ini secret and mount it

Signed-off-by: Richard Wall <[email protected]>

e5a5445e4a3e67131d8263fd2e95410d58e05062 authored over 4 years ago by Richard Wall <[email protected]>

Remove demo test

Signed-off-by: Richard Wall <[email protected]>

c86aa2e2ac6a13a8b9133c21b713672fa738b00e authored over 4 years ago by Richard Wall <[email protected]>

Start the manager-under-test

Signed-off-by: Richard Wall <[email protected]>

46bdd00dd62af5e12aff2054908876f53151163d authored over 4 years ago by Richard Wall <[email protected]>

Signer interface and a Fake Signer

Signed-off-by: Richard Wall <[email protected]>

661f14f10d52bb20bb118129eec4d14ef4a583d3 authored over 4 years ago by Richard Wall <[email protected]>

Embed the raw PEM content instead

Signed-off-by: Richard Wall <[email protected]>

a99d40c407a8b4bd2a9d5ff8987d4bbfbab5a807 authored over 4 years ago by Richard Wall <[email protected]>

Initialize a venafi signer in main.go

Signed-off-by: Richard Wall <[email protected]>

4c0e116356b21d4dac79c55b8a7c4c68f803a684 authored over 4 years ago by Richard Wall <[email protected]>

Copy internal/ to the Docker build context

Signed-off-by: Richard Wall <[email protected]>

d98d1a306838185e6af62f662096bda0d8f3837b authored over 4 years ago by Richard Wall <[email protected]>

Replace HaveOccurred with Succeed

Signed-off-by: Richard Wall <[email protected]>

6d44041a610ab3fc16e847e9b166c46039fa2c9e authored over 4 years ago by Richard Wall <[email protected]>

Test Signer.Sign using vcert fake connector

Signed-off-by: Richard Wall <[email protected]>

c6eae9c13757614c05fd70c3d4f82cf4c95c0830 authored over 4 years ago by Richard Wall <[email protected]>

WIP Integration tests

Signed-off-by: Richard Wall <[email protected]>

1c7efa86617d02a61f010bcf1c795144b393451d authored over 4 years ago by Richard Wall <[email protected]>

Fix broken test

Signed-off-by: Richard Wall <[email protected]>

c16f76cd89a9f3d2668440a05064be72da5bd8a3 authored over 4 years ago by Richard Wall <[email protected]>

Fake Signer returns a valid certificate.

Signed-off-by: Haoxiang Zhou <[email protected]>

d1b1874fc07abe45b65ad140eeb6bf95e35eb1c2 authored over 4 years ago by Haoxiang Zhou <[email protected]>

Load TPP credentials from an INI file

Signed-off-by: Richard Wall <[email protected]>

76bc621c3f6e4f03c2e2c496634b7b2bc2545cf8 authored over 4 years ago by Richard Wall <[email protected]>

Add a sample vcert.ini file and a sample CSR

Signed-off-by: Richard Wall <[email protected]>

68adf6531606b1a620997708497cb51169652e51 authored over 4 years ago by Richard Wall <[email protected]>

Asynchronous signing interface

Signed-off-by: Richard Wall <[email protected]>

f47abf594a28ca03612d248420fba0107d5499ef authored over 4 years ago by Richard Wall <[email protected]>

Check that the approval condition has been applied.

Signed-off-by: Richard Wall <[email protected]>

ef95227984edb18fcf29bba80c53b3cb7956ee85 authored over 4 years ago by Richard Wall <[email protected]>

Avoid nil map panics when setting annotations

Signed-off-by: Richard Wall <[email protected]>

7604afc610ff61e77425f5c6e3325031f6103104 authored over 4 years ago by Richard Wall <[email protected]>

Approve the test CSR

Signed-off-by: Richard Wall <[email protected]>

b20947d598621e288ee1e7a0438f5c4ad6497fdf authored over 4 years ago by Richard Wall <[email protected]>

Re-enable the Signer tests

Signed-off-by: Richard Wall <[email protected]>

2a19067863ed0ebd7077a1a63c91b732edc14e79 authored over 4 years ago by Richard Wall <[email protected]>

Download kube-apiserver 1.18.2

Signed-off-by: Richard Wall <[email protected]>

19c7b996fa1e76d057e42a8ff0c0605b9539840e authored over 4 years ago by Richard Wall <[email protected]>

Ecosyste.ms: OpenCollective

github.com/cert-manager/signer-venafi