github/dynamiclistener
1
0
Fork 1
mirror of https://github.com/rancher/dynamiclistener.git synced 2025-05-19 05:19:45 +00:00
Code Issues Projects Releases Wiki Activity
143 Commits 23 Branches 40 Tags 2.4 MiB
release/v0.4
Commit Graph

28 Commits

Author SHA1 Message Date
Jonas Wagner
6cc9a670e1
Prevent Panic for empty Arrays on Error 
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jonas Wagner <jwagner@knoppiks.de>
 2023-07-14 08:28:48 +02:00
Jonas Wagner
02304047cf
Enable intermediate CA Certificates 
Signed-off-by: Jonas Wagner <jwagner@knoppiks.de>
 2023-07-10 09:42:17 +02:00
Brad Davidson
8ebd77f8a4 Raise default ExpirationDaysCheck to 90 and extend into cert factory 
Most of our products actually renew at 90 days, so make that the default.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-21 14:08:16 -07:00
Brad Davidson
fdf983a935 Don't merge expired certs over the top of an unexpired cert 
Fixes an issue where an expired Kubernetes secret would replace the renewed locally-cached cert after cluster startup.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-21 14:08:16 -07:00
Brad Davidson
a30741bb53 Send complete certificate chain, not just the leaf cert 
Also, print a warning when signing may change the issuer.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-05-20 12:21:30 -07:00
Brad Davidson
b1d65efb6f Move Kubernetes Secrets storage update to goroutine 
Fixes issue where apiserver outages can block dynamiclistener from accepting new connections.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-05-02 18:48:48 -07:00
Brad Davidson
43f9c3ae0a Fix handling of IPv6 addresses and long hostnames 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-11-23 23:38:49 -08:00
Brad Davidson
284cc004e8 Fix listenAndServe certificate expiration by preloading certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-11-23 23:38:49 -08:00
Nick Gerace
f147aa4166 Fix defaultNewSignedCertExpirationDays const 
This a quick fix for 2644a6ed16
 2021-11-19 12:31:47 -05:00
Kinara Shah
63157c59ce
Merge pull request #46 from nickgerace/days 
Allow for default expiration days to be loaded from env
 2021-11-19 08:59:57 -08:00
Nick Gerace
2644a6ed16 Allow for default expiration days to be loaded from env 2021-11-18 12:38:35 -05:00
Brian Downs
27f4642299
Add ability to force cert regeneration (#43) 
* add ability to force cert regeneration
 2021-11-15 13:50:26 -07:00
Darren Shepherd
ff22834bde Avoid panic when secret is nil 2021-06-15 22:42:42 -07:00
Sjoerd Simons
dc7452dbb8 Accept IPv6 address as CN names 
Expand the cnRegexp to also accept ipv6 addresses such as:
  * ::1
  * 2a00:1450:400e:80e::
  * 2a00:1450:400e:80e::200e

Fixes: #37

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
 2021-06-14 11:07:13 -07:00
Dan Ramich
f373fc1c7c Update IsStatic to check for nil annotations 2021-04-23 14:56:14 -06:00
Darren Shepherd
a60200ab9e Merge tag 'v0.2.3' 2021-04-12 15:00:05 -07:00
Darren Shepherd
85f32491cb Add dumb hook to set the organization in the client cert 2020-09-10 13:32:14 -07:00
Brad Davidson
53f6b38760 Allow forcing cert reissuance (#28) 
Refreshing the cert should force renewal as opposed to returning
early if the SANs aren't changing. This is currently breaking refresh
of expired certs as per:
https://github.com/rancher/k3s/issues/1621#issuecomment-669464318

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-08-10 17:12:39 -07:00
Darren Shepherd
479ab335d6 Add LoadOrGenClient to handle client cert generation 2020-08-10 17:12:39 -07:00
Darren Shepherd
ebebb82b9b Add LoadOrGenClient to handle client cert generation 2020-08-01 23:37:51 -07:00
Darren Shepherd
c992ce309c Reject bad CNs that will prevent the secret from being saved. 2020-04-02 22:07:45 -07:00
Darren Shepherd
05d7922a86 Add ability to limit the maximum number of SANs 2020-03-18 23:16:38 -07:00
Darren Shepherd
bc68bf5499 Fix merging of the k8s secret to reduce the number of writes 2020-02-04 12:48:38 -07:00
Darren Shepherd
a75e84bc81 Add more helpers 2020-01-30 22:41:19 -07:00
Darren Shepherd
f1484a07b3 Add static storage and listener opts 2019-12-04 11:32:00 -07:00
Darren Shepherd
3c2990b7c5 Support old or imported RSA keys 2019-11-15 23:45:14 +00:00
Darren Shepherd
02b97e01f1 Attempt to minimize additional cert gens 2019-11-13 14:46:32 +00:00
Darren Shepherd
af04867843 Refactor to not include a server by default 2019-10-30 19:14:34 -07:00