Skip to content

[pull] master from cert-manager:master#1066

Open
pull[bot] wants to merge 3715 commits into
next-stack:masterfrom
cert-manager:master
Open

[pull] master from cert-manager:master#1066
pull[bot] wants to merge 3715 commits into
next-stack:masterfrom
cert-manager:master

Conversation

@pull

@pull pull Bot commented Oct 28, 2022
edited
Loading

Copy link
Copy Markdown

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull Bot added the ⤵️ pull label Oct 28, 2022
erikgb and others added 29 commits April 3, 2026 15:23
@erikgb
Improve CAInjector SSA code
0007286 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@renovate
fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6…
fa5486a 
….9.0

Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@ThatsMrTalbot @claude
feat(gateway): make Gateway API TLS protocols configurable
6057c30 
Fixes #8300

cert-manager's Gateway API shim previously hard-coded HTTPS and TLS as
the only accepted Listener protocol types. This prevents users with
custom TLS-based protocols (e.g. DTLS for STUNner Gateways) from using
cert-manager to manage their certificates.

This change introduces a new `gatewayAPI.extraProtocols` field on
ControllerConfiguration (both external v1alpha1 and internal types)
that allows operators to specify additional protocol strings the shim
should treat as TLS-capable.

Changes:
- Add `GatewayAPIConfig` struct with `ExtraProtocols []string` to both
  the v1alpha1 and internal ControllerConfiguration types; regenerate
  deepcopy and conversion code
- Expose `--gateway-api-extra-protocols` CLI flag on the controller
  binary, wired through `IngressShimOptions.GatewayAPIExtraProtocols`
- Extract `isTLSProtocol(protocol, extra)` helper in sync.go to replace
  duplicated inline protocol checks in both the Gateway and ListenerSet
  branches of buildCertificates
- Add unit tests for isTLSProtocol and extra-protocol buildCertificates
  flows (Gateway and ListenerSet), including passthrough and duplicate
  built-in cases
- Add e2e test case "Creating a Gateway with a custom extra protocol
  generates a Certificate" in the conformance suite, gated on
  --gateway-shim-extra-protocols being non-empty
- Add --gateway-api-extra-protocols=DTLS to the e2e cluster setup so
  the new e2e test runs in CI

Signed-off-by: Adam Talbot <adamtalbot93@googlemail.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
a232cb0 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8684 from cert-manager/self-upgrade-master
df6152a 
[CI] Merge self-upgrade-master into master
@cert-manager-prow
Merge pull request #8680 from cert-manager/renovate/master-cloud-go-deps
987a811 
fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.9.0 (master)
@cert-manager-prow
Merge pull request #8678 from erikgb/cainjector-ssa-improve
7409d5b 
Improve CAInjector SSA code
@archy-rock3t-cloud
Fix typo in Order Duration field comment
07728df 
Signed-off-by: Artem Muterko <artem@sopho.tech>
@cert-manager-prow
Merge pull request #8567 from sophotechlabs/fix/typo-as-per-acme-orde…
1485395 
…r-spec

Fix typo in Order Duration field comment
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
fd74ef8 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8689 from cert-manager/self-upgrade-master
b44fb4a 
[CI] Merge self-upgrade-master into master
@hjoshi123
adding helm unittest targets
932bd64 
Signed-off-by: Hemant Joshi <mail@hjoshi.me>
@renovate
fix(deps): update module github.com/hashicorp/vault/sdk to v0.25.1
1d5755d 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
437c314 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8694 from cert-manager/self-upgrade-master
1941a04 
[CI] Merge self-upgrade-master into master
@cert-manager-prow
Merge pull request #8693 from cert-manager/renovate/master-misc-go-deps
6dd6a8c 
fix(deps): update module github.com/hashicorp/vault/sdk to v0.25.1 (master)
@renovate
chore(deps): update module go.opentelemetry.io/otel/sdk to v1.43.0 [s…
50bbe17 
…ecurity]

Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8695 from cert-manager/renovate/master-go-go.open…
d698af4 
…telemetry.io-otel-sdk-vulnerability

chore(deps): update module go.opentelemetry.io/otel/sdk to v1.43.0 [security] (master)
@renovate
fix(deps): update module golang.org/x/crypto to v0.50.0
1244536 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8700 from cert-manager/renovate/master-golang.org…
f83bb57 
…x-deps

fix(deps): update module golang.org/x/crypto to v0.50.0 (master)
@renovate
chore(deps): update base images
34fe4fa 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8701 from cert-manager/renovate/master-base-images
42a2592 
chore(deps): update base images (master)
@renovate
chore(deps): update actions/upload-artifact action to v7.0.1
4717746 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
52f2e40 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8708 from cert-manager/self-upgrade-master
0523778 
[CI] Merge self-upgrade-master into master
@cert-manager-prow
Merge pull request #8707 from cert-manager/renovate/master-misc-githu…
4ba78fc 
…b-actions

chore(deps): update actions/upload-artifact action to v7.0.1 (master)
@cert-manager-prow
Merge pull request #8523 from dap0am/feature/startupapicheck-ttlSecon…
e6bbc98 
…dsAfterFinished

feat(helm): add opt-in ttlSecondsAfterFinished for startupapicheck Job
@erikgb
Migrate upgrade e2e test to Helm OCI
4837022 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@cert-manager-prow
Merge pull request #8711 from erikgb/upgrade-test-oci
43ceb12 
Migrate upgrade e2e test to Helm OCI
cert-manager-prow Bot and others added 30 commits June 8, 2026 18:08
@cert-manager-prow
Merge pull request #8862 from cert-manager/renovate/master-golang.org…
438258c 
…x-deps

fix(deps): update golang.org/x deps to v0.53.0 (master)
@renovate
fix(deps): update cloud go deps
e2d5fd3 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@renovate
chore(deps): update base images
783f394 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8864 from cert-manager/renovate/master-cloud-go-deps
05f9044 
fix(deps): update cloud go deps (master)
@renovate
fix(deps): update github.com/onsi deps to v2.30.0
5d3e135 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8869 from cert-manager/renovate/master-github.com…
77442e9 
…onsi-deps

fix(deps): update github.com/onsi deps to v2.30.0 (master)
@lotheac
replace non-breaking spaces with spaces
d9bb4e7 
I found this through a warning from Renovate in a repo containing kube
manifests; there was an nbsp (U+00A0) in the upstream release version of
cert-manager.yaml which got flagged. that one had been generated from a
source code comment.

I figure that any instances of nbsp's in cert-manager's docs and source
are not intentional; so, replace them with spaces.

Signed-off-by: Lauri Tirkkonen <lauri@hacktheplanet.fi>
@cert-manager-prow
Merge pull request #8870 from lotheac/push-ouvouvyrmkoo
95120a8 
replace non-breaking spaces with spaces
@cert-manager-prow
Merge pull request #8867 from cert-manager/renovate/master-base-images
3ef51f1 
chore(deps): update base images (master)
@maelvls
venafi issuer: correctly classify Venafi NGTS network errors
6700481 
Transport-level failures (DNS, connection refused, TLS errors) reaching
the NGTS OAuth token endpoint were incorrectly reported as
`Ready=False reason=AuthFailed`, misleading operators to chase
credentials/scope issues during network outages.

Fixes VC-54664

Signed-off-by: Maël Valais <mael@vls.dev>
@cert-manager-prow
Merge pull request #8868 from cert-manager/fix-ngts-network-error-cla…
e1fd486 
…ssification

fix: Correctly classify Venafi NGTS network errors
@cert-manager-prow
Merge pull request #8857 from maelvls/fix-logs-gcb-custom-serviceaccount
09a8b0b 
build-on-tag: let's store GCB logs in a bucket
@renovate
fix(deps): update kubernetes go patches to v0.36.2
d46c907 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8872 from cert-manager/renovate/master-kubernetes…
958e319 
…-go-patches

fix(deps): update kubernetes go patches to v0.36.2 (master)
@erikgb
Fix kind image switch
a21735e 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@cert-manager-prow
Merge pull request #8874 from erikgb/k8s-kind-1-36-fix
950538a 
Fix kind image switch
@erikgb
Try fixing Renovate for release branches
f52b2e2 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@renovate
fix(deps): update github.com/onsi deps
101c253 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8879 from cert-manager/renovate/master-github.com…
4c8ebab 
…onsi-deps

fix(deps): update github.com/onsi deps (master)
@cert-manager-prow
Merge pull request #8781 from wallrj/wallrj/docs/acme-challenge-sched…
f52ac2a 
…uler-key

Document the conservative ACME challenge scheduler key
@cert-manager-prow
Merge pull request #8878 from erikgb/better-release-branch-renovate
f368f56 
Try fixing Renovate for release branches
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
20e2036 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8873 from cert-manager/self-upgrade-master
fc5f570 
[CI] Merge self-upgrade-master into master
@renovate
chore(deps): update makefile modules to 7835ffe
802bd77 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@cert-manager-prow
Merge pull request #8881 from cert-manager/renovate/master-makefile-m…
64a2ddf 
…odules

chore(deps): update makefile modules to 7835ffe (master)
@renovate
fix(deps): update cloud go deps
cd0c67f 
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
@wallrj @wallrj-cyberark @claude
Skip ACME self-check when waitInsteadOfSelfCheck is set
969de20 
Add an optional waitInsteadOfSelfCheck duration to ACME HTTP01 and DNS01
solvers. When set, cert-manager skips its own propagation self-check and
instead waits the configured duration after first presentation (recorded
in status.presentedAt) before asking the ACME server to validate.

- A value of 0 skips the self-check and asks the ACME server to validate
  immediately, relying on the server's own validation retries (RFC 8555
  section 8.2); negative durations are rejected by the webhook.
- status.presentedAt is retained on completion so the server-side-apply
  and legacy status-update paths stay consistent.

Fixes #1292

Signed-off-by: Richard Wall <richard@the-moon.net>
Co-authored-by: Richard Wall <richard.wall@cyberark.com>
Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@cert-manager-prow
Merge pull request #8858 from wallrj/1292-wait-instead-of-self-check
919de80 
ACME: add waitInsteadOfSelfCheck per solver
@cert-manager-prow
Merge pull request #8803 from SebTardif/fix-doh-unbounded-read
f94f120 
Bound DNS-over-HTTPS response read with io.LimitReader
@cert-manager-prow
Merge pull request #8882 from cert-manager/renovate/master-cloud-go-deps
9d7df4f 
fix(deps): update cloud go deps (master)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.