[pull] master from cert-manager:master#1066
Open
pull[bot] wants to merge 3397 commits intonext-stack:masterfrom
Open
[pull] master from cert-manager:master#1066pull[bot] wants to merge 3397 commits intonext-stack:masterfrom
pull[bot] wants to merge 3397 commits intonext-stack:masterfrom
Conversation
Event handling: use typed handlers
- Use nonroot-<arch> tags for STATIC_BASE image digests - Use nonroot-<arch> tags for DYNAMIC_BASE image digests - Update hack/latest-base-images.sh to emit nonroot digests Signed-off-by: Richard Wall <richard.wall@cyberark.com>
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
Instead inherit the default user and group from the nonroot base images Signed-off-by: Richard Wall <richard.wall@cyberark.com>
Use nonroot base images
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: lif <1835304752@qq.com>
Signed-off-by: calm329 <calmdev0329@gmail.com>
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
[CI] Merge self-upgrade-master into master
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
- update renovate config to set currentValueTemplate to "nonroot"
- add LATEST_TAG=nonroot in hack/latest-base-images.sh
- use ${LATEST_TAG} for architecture-specific crane digest tags
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
Renovate: Use nonroot base image tag and run post-upgrade script
feat(deploy/chart): optional networkPolicy for more containers
…invalid-cert Fail issuance when certificate public key doesn't match CSR (#8380)
fix(deps): update cloud go deps (master)
… tests Signed-off-by: Richard Wall <richard.wall@cyberark.com>
…/v12 to v12.3.0 Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
…-when-certi-0101-2255 fix: Confusing messaging when certificate secret name already exist
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
…-go-deps fix(deps): update module sigs.k8s.io/controller-runtime to v0.23.0 (master)
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
[CI] Merge self-upgrade-master into master
…-e2e-tests [VC-48226] Enable default NetworkPolicies in best-practice installation e2e tests
For IPv6 addresses, the Host header may contain square brackets Signed-off-by: SlashNephy <slashnephy@hatena.ne.jp>
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
[CI] Merge self-upgrade-master into master
fix(deps): update module github.com/akamai/akamaiopen-edgegrid-golang/v12 to v12.3.0 (master)
Signed-off-by: felix.phipps <felix.phipps@cyberark.com>
Signed-off-by: felix.phipps <felix.phipps@cyberark.com>
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
…x-deps fix(deps): update golang.org/x deps (master)
…b-actions chore(deps): update github/codeql-action action to v4.32.6 (master)
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
[CI] Merge self-upgrade-master into master
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Configure test logger for controller-runtime webhook correctly
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Test webhook: disable metrics server to prevent "bind: address already in use" error
fix(deps): update module github.com/go-openapi/jsonreference to v0.21.5 (master)
…-go-deps fix(deps): update module k8s.io/klog/v2 to v2.140.0 (master)
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
fix(deps): update module google.golang.org/api to v0.270.0 (master)
…cret-creation fix: harden the creation of private key secrets to avoid creating duplicates
…wordsecretref-not-found feat: emit event when passwordSecretRef not found
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
[CI] Merge self-upgrade-master into master
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Remove incorrect github.com/segmentio/encoding dependency
fix(deps): update cloud go deps (master)
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
…x-deps fix(deps): update module golang.org/x/crypto to v0.49.0 (master)
instead of hardcoding "Kubernetes 1.22+". Signed-off-by: Maël Valais <mael@vls.dev>
helm's readme.md: point to the supported releases page
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
…#8577) * fix(keymanager): preserve expected secret when cleaning up duplicates When multiple next private key secrets exist, preserve the secret that matches the certificate's status.nextPrivateKeySecretName field instead of deleting all secrets. This prevents unnecessary recreation of the expected secret and improves robustness when handling duplicate secrets. Changes: - Update logic to identify and preserve the secret matching nextPrivateKeySecretName - Delete only duplicate secrets that don't match the expected name - Add comprehensive test cases covering various duplicate secret scenarios - Remove TODO comment as the behavior is now implemented Fixes issue where the controller would delete the expected next private key secret along with duplicates, causing unnecessary regeneration. Fixes #8514 Signed-off-by: putongyong <xieyong0226@gmail.com> * refactor: simplified code by using new delete secret function signature. Signed-off-by: putongyong <xieyong0226@gmail.com> * refactor: using ptr.Deref for checking skipped secret name. Signed-off-by: putongyong <xieyong0226@gmail.com> * fix: return result of delete secret resources. Signed-off-by: putongyong <xieyong0226@gmail.com> * fix: put back log message for cleaning up secrets duplicates. Signed-off-by: putongyong <xieyong0226@gmail.com> * lint: corrected import package order. Signed-off-by: putongyong <xieyong0226@gmail.com> --------- Signed-off-by: putongyong <xieyong0226@gmail.com>
…-go-deps fix(deps): update module sigs.k8s.io/gateway-api to v1.5.1 (master)
chore(deps): update module sigs.k8s.io/gateway-api to v1.5.1 (master)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )