rancher/dynamiclistener
1
0
Fork 0
forked from github/dynamiclistener
Code Issues Pull Requests Projects Releases Wiki Activity
71 Commits 4 Branches 17 Tags 210 KiB
ada93274e5
Commit Graph

71 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Sokolovsky
ada93274e5 Allow for default expiration days to be loaded from env 
(cherry picked from commit 2644a6ed16)
 2022-01-04 11:42:50 -05:00
Brian Downs
2df892b5d7
Add ability to force cert regeneration (#43) (#48) 
* add ability to force cert regeneration
 2021-11-15 14:05:41 -07:00
Brad Davidson
cec44b5e30 Update wrangler to v0.8.3 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-07-13 15:16:59 -07:00
Sjoerd Simons
8056fb92e8 Accept IPv6 address as CN names 
Expand the cnRegexp to also accept ipv6 addresses such as:
  * ::1
  * 2a00:1450:400e:80e::
  * 2a00:1450:400e:80e::200e

Fixes: #37

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
(cherry picked from commit dc7452dbb8)
 2021-06-14 14:43:06 -07:00
Dan Ramich
51bda41d9c
Merge pull request #34 from dramich/wrangler 
Update wrangler and drop wrangler-api
 2021-04-23 08:46:33 -06:00
Dan Ramich
624606ae5a Update wrangler and drop wrangler-api 2021-04-22 15:44:19 -06:00
Hussein Galal
fc8cf5f3ea
Merge pull request #33 from galal-hussein/fix_load_certs 
Fixing loading certs to work with etcd only nodes
 2021-03-05 22:54:49 +02:00
galal-hussein
3878ff2a1f Fixing loading certs 2021-03-05 22:39:13 +02:00
Hussein Galal
1b2460c151
Merge pull request #32 from galal-hussein/fix_resversion 
Add check to update dynamic listener cert in etcd only nodes
 2021-03-01 21:58:18 +02:00
galal-hussein
e34610a1ae Add check to update dynamic listener cert in etcd only nodes 2021-03-01 21:52:45 +02:00
Brad Davidson
7c224dcdfb
Merge pull request #29 from brandond/force_reissue_0.2 
Allow forcing cert reissuance (v0.2 backport)
 2020-08-11 12:58:42 -07:00
Brad Davidson
53f6b38760 Allow forcing cert reissuance (#28) 
Refreshing the cert should force renewal as opposed to returning
early if the SANs aren't changing. This is currently breaking refresh
of expired certs as per:
https://github.com/rancher/k3s/issues/1621#issuecomment-669464318

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-08-10 17:12:39 -07:00
Darren Shepherd
479ab335d6 Add LoadOrGenClient to handle client cert generation 2020-08-10 17:12:39 -07:00
Darren Shepherd
2bfb7bd0cb Fix error masking issue 
Also don't do an extra lookup of TLS secret after update.
 2020-08-10 17:12:39 -07:00
Knic Knic
94e23c7edb fix certpath generation for windows 2020-04-25 22:59:52 -07:00
Darren Shepherd
52ede5ec92
Merge pull request #22 from ibuildthecloud/master 
Always allow configured SANs regardless of the FilterCN
 2020-04-17 19:33:42 -07:00
Darren Shepherd
5c222d5753 Don't parse x509 cert on each request 2020-04-17 19:31:42 -07:00
Darren Shepherd
74a61a850d Always allow configured SANs regardless of the FilterCN 2020-04-17 19:31:31 -07:00
Darren Shepherd
4436fc6b48
Merge pull request #21 from ibuildthecloud/master 
Add ability to confirm adding new CNs
 2020-04-02 22:10:05 -07:00
Darren Shepherd
4bac3f291f Add ability to confirm adding new CNs 2020-04-02 22:08:36 -07:00
Darren Shepherd
c992ce309c Reject bad CNs that will prevent the secret from being saved. 2020-04-02 22:07:45 -07:00
Darren Shepherd
763229ddcd
Merge pull request #20 from ibuildthecloud/master 
Add ability to limit the maximum number of SANs
 2020-03-18 23:17:31 -07:00
Darren Shepherd
171fcf6b79 If connection closing is enabled then don't support HTTP/2 2020-03-18 23:16:38 -07:00
Darren Shepherd
05d7922a86 Add ability to limit the maximum number of SANs 2020-03-18 23:16:38 -07:00
Darren Shepherd
1e67d402dc
Merge pull request #19 from ibuildthecloud/master 
For web browser based requests do not consider IPs in host headers
 2020-03-14 10:17:03 -07:00
Darren Shepherd
7e3fc0c594 For web browser based requests do not consider IPs in host headers 2020-03-14 10:16:11 -07:00
Darren Shepherd
111c5b43e9
Merge pull request #18 from ibuildthecloud/dropconn 
Wrong lock used to protect conn map
 2020-02-13 09:53:08 -07:00
Darren Shepherd
bd73d0d4bc Wrong lock used to protect conn map 2020-02-13 09:52:45 -07:00
Darren Shepherd
5276ad483a
Merge pull request #17 from ibuildthecloud/dropconn 
Add option to close connections on cert change
 2020-02-12 14:13:44 -07:00
Darren Shepherd
8545ce98db Add option to close connections on cert change 2020-02-12 14:00:40 -07:00
Darren Shepherd
3f92468568
Merge pull request #16 from ibuildthecloud/master 
Fix acme listener
 2020-02-07 14:28:38 -07:00
Darren Shepherd
5ba69b1c5f Fix acme listener 2020-02-07 14:20:45 -07:00
Darren Shepherd
6281628cd4
Merge pull request #15 from ibuildthecloud/master 
Add BindHost option
 2020-02-05 23:12:55 -07:00
Darren Shepherd
0b114dc0c2 Add BindHost option 2020-02-05 23:11:51 -07:00
Darren Shepherd
ece289ed54
Merge pull request #14 from ibuildthecloud/master 
Fix merging of the k8s secret to reduce the number of writes
 2020-02-04 12:49:56 -07:00
Darren Shepherd
bc68bf5499 Fix merging of the k8s secret to reduce the number of writes 2020-02-04 12:48:38 -07:00
Darren Shepherd
795bb90214
Merge pull request #13 from ibuildthecloud/master 
Add more helpers
 2020-01-30 22:41:53 -07:00
Darren Shepherd
dcc205f52d mod tidy 2020-01-30 22:41:19 -07:00
Darren Shepherd
4e8035fa46 Fix go fmt/vet issues 2020-01-30 22:41:19 -07:00
Darren Shepherd
a75e84bc81 Add more helpers 2020-01-30 22:41:19 -07:00
Darren Shepherd
ab900b5268
Merge pull request #12 from ibuildthecloud/master 
Add static storage and listener opts
 2019-12-04 11:35:09 -07:00
Darren Shepherd
f1484a07b3 Add static storage and listener opts 2019-12-04 11:32:00 -07:00
Darren Shepherd
b6b942bff0
Merge pull request #11 from ibuildthecloud/master 
Support old or imported RSA keys
 2019-11-15 23:45:38 +00:00
Darren Shepherd
3c2990b7c5 Support old or imported RSA keys 2019-11-15 23:45:14 +00:00
Darren Shepherd
ccf76b35ea Don't clobber secret key 
On the start of a new server we do not want to blindly save the
cert because that will change the TLS key.  Instead only write
to k8s on start if there is no secret in k8s.  On start of the
controller it will sync up if the local file and k8s secret aren't
the same
 2019-11-15 23:45:10 +00:00
Darren Shepherd
988d8dd3f4 Add info logging when certs change 2019-11-15 23:43:29 +00:00
Darren Shepherd
736b5d5d8b
Merge pull request #10 from ibuildthecloud/master 
Don't generate cert for ipv6 address
 2019-11-13 14:47:57 +00:00
Darren Shepherd
655c08132d Don't generate cert for ipv6 address 2019-11-13 14:46:32 +00:00
Darren Shepherd
02b97e01f1 Attempt to minimize additional cert gens 2019-11-13 14:46:32 +00:00
Darren Shepherd
aaa5bc0d2a
Merge pull request #9 from ibuildthecloud/master 
Save secret to k8s on start
 2019-11-10 03:52:54 +00:00