vcert: upgrade to v4.23.0 to fix certificate renewal stuck on TPP errors ("Click Retry" and "Web...

Signed-off-by: Maël Valais <[email protected]>

cert-manager was not able to retry failed TPP certificates due to the
fact that TPP will not res...

Signed-off-by: Igor Beliakov <[email protected]>

helm: add option to override ACME HTTP-01 solver image

Signed-off-by: Yann Soubeyrand <[email protected]>

Bump supported versions of k8s mentioned in the helm chart

Signed-off-by: Luca Comellini <[email protected]>

This reflects the latest supported releases as of an update on
2022-12-16

See https://github.co...

Add CABundle for ACME Servers

Experimental make targets for pushing images to a Docker registry and redeploying cert-manager

Signed-off-by: Richard Wall <[email protected]>

Update base images to latest

Bump helm.sh/helm/v3 from 3.10.0 to 3.10.3

Bump version of contour helm chart + images

Signed-off-by: Ashley Davis <[email protected]>

Also adds a note about how to update the helm chart version, in the
future

Signed-off-by: Ashle...

Signed-off-by: Richard Wall <[email protected]>

Bump golang.org/x/net version to fix trivy vulns

Signed-off-by: Ashley Davis <[email protected]>

Update SECURITY policy to exclude vuln reports

Signed-off-by: Ashley Davis <[email protected]>

Enable + use k8s 1.26 for e2e tests by default

Signed-off-by: Ashley Davis <[email protected]>

- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/[email protected])...

Previously it wasn't possible to set a custom CA bundle for an ACME
server, leading users to eit...

Clarifies language a little; makes it clearer that the bundle
should be base64 encoded. Previous...

fix kubebuilder tools arm64 sha256sum

Bump k8s.io deps to v0.26.0

Signed-off-by: Luca Comellini <[email protected]>

Signed-off-by: Luca Comellini <[email protected]>

Signed-off-by: Tim Ramlot <[email protected]>
Signed-off-by: Luca Comelli...

Signed-off-by: Tim Ramlot <[email protected]>
Signed-off-by: Luca Comelli...

feat: Add max-concurrent-challenges parameter to helm

End-to-end tests: use Vault 1.12.1 instead of the outdated Vault 1.2.3

Set the max-concurrent-challenges value with -set maxConcurrentChallenges=value when deploying w...

Signed-off-by: Denis Romanenko <[email protected]>

Bump dep versions to fix trivy-reported vulns

```text
{
"VulnerabilityID": "CVE-2022-41717",
"PkgName": "golang.org/x/net",
"InstalledVe...

Fixed a typo in helm chart values

Signed-off-by: Yannic Kilcher <[email protected]>

Remove verify-licenses from ci-presubmit

Bump go to 1.19.4

Signed-off-by: Ashley Davis <[email protected]>

Refreshing secrets if keystore format change

see https://github.com/cert-manager/release/pull/111

Signed-off-by: Ashley Davis <ashley.davis@...

Signed-off-by: Sathyanarayanan Saravanamuthu <[email protected]>

Co-authored-by: Richard Wall <[email protected]>
Signed-off-by: Sathyanarayanan Sa...

Signed-off-by: Sathyanarayanan Saravanamuthu <[email protected]>

Signed-off-by: Sathyanarayanan Saravanamuthu <[email protected]>

Signed-off-by: Sathyanarayanan Saravanamuthu <[email protected]>

Updates Gateway API test setup

Signed-off-by: irbekrm <[email protected]>

TLS block is only valid for TLS listeners

Signed-off-by: irbekrm <[email protected]>

Rather than whole gateway git repo

Signed-off-by: irbekrm <[email protected]>

Signed-off-by: irbekrm <[email protected]>

current cert-manager version no longer supports Kubernetes 1.19

Signed-off-by: irbekrm <irbekrm...

Signed-off-by: irbekrm <[email protected]>

Signed-off-by: irbekrm <[email protected]>

feature: update gateway api to v1beta1

Signed-off-by: lvyanru <[email protected]>

feature: update gateway api to v1beta1

Signed-of...

Return error when Gateway has a cross-namespace secret ref

The main reason for bumping Vault's version is because 1.2.3 is not
compatible with the config p...

Signed-off-by: Martín Montes <[email protected]>

feat(AzureDNS): Add support for Workload Identity

Use distinct manifest dirs for signed / unsigned manifests

This avoids a race condition with the `release-manifests` and
`release-manifests-signed` targets...

Add support for required LDAP (rfc4514) RDNs in LiteralSubject

Signed-off-by: SpectralHiss <[email protected]>

Signed-off-by: SpectralHiss <[email protected]>

Signed-off-by: SpectralHiss <[email protected]>

* Enabled feature flag for literalsubject in e2e test runner
* Added "happy path" test

Signed-o...

Signed-off-by: Igor Beliakov <[email protected]>

Set the Vault namespace using vault SDK client methods instead of using raw request object

Signed-off-by: Richard Wall <[email protected]>

Signed-off-by: Richard Wall <[email protected]>

Signed-off-by: Richard Wall <[email protected]>

Signed-off-by: Richard Wall <[email protected]>

Signed-off-by: Richard Wall <[email protected]>

Signed-off-by: Richard Wall <[email protected]>

Signed-off-by: Houssem El Fekih <[email protected]>

* Add OID translation for mandatory DC component
* Used extensively in LDAP certificates, also r...

Signed-off-by: Igor Beliakov <[email protected]>

fix: featureGates add webhook deployment in chart yaml

Signed-off-by: lvyanru <[email protected]>

Adding support to elevate acme-solver pod to root during testing

Signed-off-by: Corey McGalliard <[email protected]>

Improve gen.CSR and use it in all tests

Improve gen.CSR and use it in all tests

Signed-off-by: Tim Ramlot <[email protected]>

Signed-off-by: Tim Ramlot <[email protected]>

Enable basicConstraints feature in e2e environments by default

Enable basicConstraints feature in e2e environments by default

Signed-off-by: Ashley Davis <[email protected]>

Signed-off-by: Ashley Davis <[email protected]>

Fixing CA flag in basic constraints extension

Fixing CA flag in basic constraints extension

Signed-off-by: Sathyanarayanan Saravanamuthu <[email protected]>

Signed-off-by: Sathyanarayanan Saravanamuthu <[email protected]>

Signed-off-by: Tim Ramlot <[email protected]>