-
For HA installations accessed via Cloudflare, it's not uncommon to configure mutual TLS protection to restrict access to that domain unless the client has the certificate. All other access is blocked.…
-
### Proposal Details
The definition of extensionCertificateAuthorities exists in the tls/common.go file.
// TLS extension numbers
const (
...
extensionCertificateAuthorities uint16 = 47
...
)…
-
**Is your feature request related to a problem? Please describe.**
By default cert-manager will keep all `CertificateRequest` resources, which can add up on long lived and / or busy clusters.
Wh…
-
In the `NodePublishVolume` call, we have a `defer` that calls `UnmanageVolume` (and deletes metadata from the storage backend) if initial issuance fails: https://github.com/cert-manager/csi-lib/blob/0…
-
Kubernetes has support for [third-party resources](https://github.com/kubernetes/kubernetes/blob/master/docs/design/extending-api.md).
Ideally instead of using service annotations this controller wou…
-
AWS PCA expects the commonName to be passed in as part of the CSR. Adding `commonName: istiod.istio-system.svc` in the Certificate.yaml file was all that was needed.
```
spec:
dnsNames:
- is…
-
https://author-tools.ietf.org/iddiff?url1=rfc8446&url2=draft-ietf-tls-rfc8446bis-09&difftype=--html
- [x] Forbid negotiating TLS 1.0 and 1.1 as they are now deprecated by RFC8996.
- [x] Removes am…
-
**Describe the bug**:
If the aws-privateca-issuer pod on my cluster is unavailabe and cert-manager attempts to renew a certificate
a CertificateRequest object is created with a status of "faile…
-
Hi there!
We've had several users ask for support for OpenShift `Route` support in cert-manager, e.g.: https://github.com/jetstack/cert-manager/issues/1064.
While we are unwilling to add support…
-
**Describe the bug**:
Running a normal helm upgrade to get cert-manager from version v1.15.3 to v1.16.0 results in the below error
```
Error: UPGRADE FAILED: template: cert-manager/templates/webhoo…