Commit Graph

184 Commits

Author SHA1 Message Date
Ryan Richard
e29ac0f8be Promote CertificateSigningRequest's Spec.ExpirationSeconds field to GA
Remove the comment "As of v1.22, this field is beta and is controlled
via the CSRDuration feature gate" from the expirationSeconds field's
godoc.

Mark the "CSRDuration" feature gate as GA in 1.24, lock its value to
"true", and remove the various logic which handled when the gate was
"false".

Update conformance test to check that the CertificateSigningRequest's
Spec.ExpirationSeconds field is stored, but do not check if the field
is honored since this functionality is optional.
2022-03-18 14:41:43 -07:00
Davanum Srinivas
9405e9b55e
Check in OWNERS modified by update-yamlfmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2021-12-09 21:31:26 -05:00
Stephen Augustus
481cf6fbe7
generated: Run hack/update-gofmt.sh
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2021-08-24 15:47:49 -04:00
Kubernetes Prow Robot
f805f5588b
Merge pull request #104416 from liggitt/go117-certificates
Update unit tests to handle go1.17 certificate parsing error messages
2021-08-17 17:04:07 -07:00
Jordan Liggitt
0e925f266f Update unit tests to handle go1.17 certificate parsing error messages 2021-08-17 11:24:03 -04:00
Jordan Liggitt
87a4e082ac Change defaulter-gen input to package path 2021-08-14 11:00:18 -04:00
Jordan Liggitt
b1d344db44 Drop legacy validation logic for certificates API 2021-08-09 12:37:34 -04:00
Aldo Culquicondor
bb56a0bd04 Add Job.status.uncountedPodUIDs
For tracking Job Pods that have finished but are not yet counted as failed or succeeded

And feature gate JobTrackingWithFinalizers

Change-Id: I3e080f3ec090922640384b692e88eaf9a544d3b5
2021-07-08 15:31:59 +00:00
Monis Khan
29b3fa7826
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:16 -04:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:15 -04:00
卢振兴10069964
4e447acab0 code cleanup for pkg/api and pkg/apis 2021-04-28 08:57:23 +08:00
Kubernetes Prow Robot
4da27a93b3
Merge pull request #99444 from mengjiao-liu/update-signerName-field-description
Clarify external CSR signerName field description
2021-03-03 14:41:13 -08:00
Jordan Liggitt
4515889574 Prefer v1 storage versions 2021-03-02 12:06:13 -05:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
mengjiao.liu
cb4139cdde update SingnerName field doc 2021-02-28 18:21:29 +08:00
mengjiao.liu
3a09f7e5e4 Clarify external CSR signerName description 2021-02-25 16:34:37 +08:00
Matthew Fenwick
d407129cf7 modify DNS-1123 error messages to indicate that RFC 1123 is not followed exactly 2020-09-02 08:04:04 -04:00
Jordan Liggitt
1e621ab5d1 Update CSR fuzzing to match defaulting 2020-07-31 15:52:01 -04:00
Jordan Liggitt
db4ca87d9d Switch CSR approver/signer/cleaner controllers to v1 2020-06-05 18:45:34 -04:00
Jordan Liggitt
a504445086 Generated files
Change-Id: I598d686849f4b97846757b227f5191bac031798b
2020-06-05 04:58:14 +00:00
Jordan Liggitt
3f1546960d Fix validation message for CSR condition status values 2020-06-05 00:50:01 -04:00
Jordan Liggitt
7ee2e2f473 Update v1 CSR field types, API docs 2020-06-05 00:50:01 -04:00
Jordan Liggitt
595adc402a Validate unknown and duplicate usages in CSR v1 2020-06-05 00:50:01 -04:00
Jordan Liggitt
e0f5cca410 Copy CSR v1beta1 to v1
* Remove prerelease tags
* Update copyright, package, imports to v1
* Remove signerName, usages, and condition status defaulting
2020-06-05 00:47:24 -04:00
Jordan Liggitt
7049149181 Generated files 2020-05-28 16:53:23 -04:00
Jordan Liggitt
57eddd5e04 Record Failed condition in signer controller 2020-05-28 12:20:40 -04:00
Jordan Liggitt
aed0621f2e Plumb version info to validation, separate main/status/approval validation 2020-05-28 12:20:40 -04:00
Jordan Liggitt
9f49d98ccd Add conditions status field 2020-05-28 12:20:39 -04:00
Jordan Liggitt
6604b79796 Add signerName constants 2020-05-28 10:53:14 -04:00
James Munnelly
4144a2a1cf Add unit tests for IsKubeletClientCSR and IsKubeletServingCSR 2020-03-03 13:14:32 +00:00
James Munnelly
a983356caa Add signerName field to CSR resource spec
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
2020-02-27 10:17:55 +00:00
Andy Bursavich
c9c7c5409a Fix typos in KeyUsage constant names 2019-09-09 18:39:56 -07:00
Chao Xu
369314959c generated 2019-05-24 18:14:53 -07:00
yue9944882
71a58de48b clean up genclient tags for hub types 2019-04-24 16:53:21 +08:00
Kubernetes Prow Robot
808f2cf0ef
Merge pull request #72525 from justinsb/owners_should_not_be_executable
Remove executable file permission from OWNERS files
2019-02-14 23:55:45 -08:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Justin SB
dd19b923b7
Remove executable file permission from OWNERS files 2019-01-11 16:42:59 -08:00
Jordan Liggitt
4ebe084376 certificates subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Jingyi Hu
61117761cd *: Remove comment tags in GoDoc
Adding blank line between comment tag and package name in doc.go. So
that the comment tags such as '+k8s:deepcopy-gen=package' do not show up
in GoDoc.
2018-09-13 20:27:32 -07:00
Clayton Coleman
ef561ba8b5
generated: Avoid use of reflect.Call in conversion code paths 2018-07-17 23:02:16 -04:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Dr. Stefan Schimanski
1208437f84 Update generated files 2018-06-13 12:35:13 +02:00
David Eads
c5445d3c56 simplify api registration 2018-05-08 18:33:50 -04:00
David Eads
7b4f97aca3 generated 2018-05-08 18:32:44 -04:00
David Eads
8ae62517da remove rootscopedkinds from groupmeta 2018-05-01 13:08:23 -04:00
David Eads
e7fbbe0e3c eliminate indirection from type registration 2018-04-25 09:02:31 -04:00
fisherxu
b49ef6531c regenerated all files and remove all YEAR fields 2018-03-08 17:52:48 +08:00
jennybuckley
c8dacd8e63 Run hack/update-all.sh 2018-02-26 17:16:14 -08:00
Timothy St. Clair
da77826d08 Remove myself (timothysc) from OWNERS files on areas that I do not
actively maintain.
2018-02-12 18:56:41 -06:00
Di Xu
48388fec7e fix all the typos across the project 2018-02-11 11:04:14 +08:00