Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v1.16.1] sync with upstream #37

Merged
merged 311 commits into from
Oct 17, 2024
Merged

[v1.16.1] sync with upstream #37

merged 311 commits into from
Oct 17, 2024

Conversation

mjsmithnh
Copy link

@mjsmithnh mjsmithnh commented Oct 16, 2024
edited
Loading

Merge upstream/v1.16.1 into origin/teleport. Validated make test and make generate-all behaviors.

Had to resolve a few merge conflicts but they were all lock/license files for the most part.

Resulting diff vs upstream: cert-manager/cert-manager@v1.16.1...gravitational:cert-manager:mjsmith/v1.16.1-sync

inteon and others added 30 commits June 21, 2024 15:33
@inteon
self-review changes
c3a76a9 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7110 from inteon/simplify_csr_conform…
f7100f3 
…ance_tests

Simplify CertificateSigningRequest conformance tests and add missing tests
@cert-manager-prow
Merge pull request cert-manager#6966 from mindw/mindw/add_proc_go_bui…
9c28f4d 
…ld_metrics

Add process and go runtime metrics for controller
@inteon
add missing featureset.OnlySAN required feature
b65903f 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7119 from inteon/conformance_venafi
edfc1a3 
Fix Venafi conformance test
@inteon
move duplicate certificate conformance test logic to function
e9ab52c 
Signed-off-by: Tim Ramlot <[email protected]>
@inteon
transform certificate conformance tests into tabular tests
e4669aa 
Signed-off-by: Tim Ramlot <[email protected]>
@inteon
reorder certificate conformance tests
3703b07 
Signed-off-by: Tim Ramlot <[email protected]>
@inteon
fix CertificateOrganization matcher
ecf7b15 
Signed-off-by: Tim Ramlot <[email protected]>
@inteon
skip conformance test if featureGate is not enabled
7eba9c8 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7036 from fidelity-contributions/feat…
837c6a1 
…ure/5514-venafi-issuer-ca-ref-support

Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
@cert-manager-prow
Merge pull request cert-manager#7106 from inteon/conformance_cleanup
f037fd2 
Refactor Certificate conformance to tabular tests
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
e0b345b 
Signed-off-by: cert-manager-bot <[email protected]>
@inteon
remove duplicate Make targets
db4ab7f 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7123 from cert-manager/self-upgrade-m…
b10c02a 
…aster

[CI] Merge self-upgrade-master into master
@maelvls
make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works
dfff8c2 
Previously,

  E2E_EXISTING_CHART=true E2E_CERT_MANAGER_VERSION=1.14.2 make e2e-setup-certmanager

would fail with the error:

  Error: unknown flag: --version1.14.2

Signed-off-by: Maël Valais <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7124 from maelvls/make-fix-e2e_cert_m…
46100d4 
…anager_version

make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works
@SgtCoDFish
bump go-retryablehttp to address CVE-2024-6104
817a2bf 
Signed-off-by: Ashley Davis <[email protected]>
@ThatsMrTalbot
feat: default ControllerConfiguration apiVersion and kind in helm
e30ad68 
Signed-off-by: Adam Talbot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7125 from SgtCoDFish/bump-http-lib
054887d 
Bump go-retryablehttp to address CVE-2024-6104
@cert-manager-prow
Merge pull request cert-manager#7126 from ThatsMrTalbot/feat/helm-def…
1b9c02e 
…ault-config-apiversion-and-kind

feat: default ControllerConfiguration apiVersion and kind in helm
@inteon
BUGFIX: Venafi issuer and clusterissuer checks were failing due to ni…
e906cb8 
…lpointer exception

Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7140 from inteon/bugfix_nilpointer
c65c757 
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception
@inteon
add bind resource request to improve availability during tests, also …
0e45b3b 
…set memory limit = request following best practice

Signed-off-by: Tim Ramlot <[email protected]>
@cbroglie
Add renewBeforePercentage alternative to renewBefore
0f74d75 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes cert-manager#4423, resolves cert-manager#5821

Signed-off-by: Christopher Broglie <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#6987 from cbroglie/renew-before-pct
50abeda 
feat: Add renewBeforePercentage alternative to renewBefore
@cert-manager-prow
Merge pull request cert-manager#7141 from inteon/add_bind_resource_re…
74fe287 
…quest_and_limit

Tests: add bind resource request to improve availability during tests
@inteon
use supported bind9 image and run bind as non-root user
452ee1e 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7142 from inteon/bind_update
b497dad 
Tests: use supported bind9 image and run as non-root
@lunarwhite
fix API fields description for venafi tpp
df37eba 
Signed-off-by: Yuedong Wu <[email protected]>
cert-manager-prow bot and others added 26 commits September 26, 2024 05:59
@cert-manager-prow
Merge pull request cert-manager#7299 from wallrj/route53-ambient-region
f3b2a98 
Route53 DNS01 Solver: Always fall back on the ambient region
@wallrj
Fix possible OOM failures in the makestage Google Cloud Build
b9df662 
By reducing the make parallelism.

Signed-off-by: Richard Wall <[email protected]>
@wallrj
Use a better supported machine type
13912bf 
N1_HIGHCPU_32 is no longer listed in the table of supported GCB machine types,
but there is the following foot note in the documentation:
> Cloud Build continues to offer n1-highcpu-8 and n1-highcpu-32 machine types. They are offered at the same price as e2-highcpu-8 and e2-highcpu-32

https://cloud.google.com/build/pricing

Signed-off-by: Richard Wall <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7309 from cert-manager-bot/cherry-pic…
e358f59 
…k-7308-to-release-1.16

[release-1.16] Fix makestage OOM failures
@wallrj
Revert "Reduce load on the Kubernetes API server and reduce the peak …
514f559 
…memory use of the cert-manager components by enabling the use of the WatchList (Streaming Lists) feature"

Signed-off-by: Richard Wall <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7318 from cert-manager-bot/cherry-pic…
e381fb0 
…k-7315-to-release-1.16

[release-1.16] Revert "Reduce load on the Kubernetes API server and reduce the peak memory use of the cert-manager components by enabling the use of the WatchList (Streaming Lists) feature"
@wallrj
Add extraEnv to webhook, cainjector, and startupapicheck
99dc5d2 
Signed-off-by: Richard Wall <[email protected]>
@wallrj
make generate-helm-schema generate-helm-docs
8c46145 
Signed-off-by: Richard Wall <[email protected]>
@wallrj
Update deployments and startupapi Job
78dd1bf 
Signed-off-by: Richard Wall <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7319 from cert-manager-bot/cherry-pic…
f98340d 
…k-7317-to-release-1.16

[release-1.16] Allow extra environment variables to be added to  cainjector, webhook and startupapicheck
@cert-manager-bot
BOT: run 'make upgrade-klone' and 'make generate'
d09894c 
Signed-off-by: cert-manager-bot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7324 from cert-manager-bot/cherry-pic…
f9e8aa6 
…k-7321-to-release-1.16

[release-1.16] [CI] Merge self-upgrade-master into master
@wallrj
make update-base-images
3470785 
Signed-off-by: Richard Wall <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7325 from cert-manager-bot/cherry-pic…
67c897d 
…k-7323-to-release-1.16

[release-1.16] make update-base-images
@inteon
BUGFIX: use correct resource namespace for Cluster Issuers
18e99f5 
Signed-off-by: Tim Ramlot <[email protected]>
@inteon
add ACME ClusterIssuer resource namespace test
1144aab 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7342 from cert-manager-bot/cherry-pic…
17d9d81 
…k-7339-to-release-1.16

[release-1.16] BUGFIX: use correct resource namespace for Cluster Issuers
@inteon
update schema validation for minAvailable and maxAvailable to accept …
4f4ea8b 
…both string and integer values

Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7345 from cert-manager-bot/cherry-pic…
2d22a92 
…k-7343-to-release-1.16

[release-1.16] BUGFIX: Update schema validation to accept both string and integer values
@inteon
Run 'make upgrade-klone' and 'make generate'
c3bdc1f 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7348 from cert-manager/self-upgrade-r…
b44f375 
…elease-1.16

[CI] Merge self-upgrade-release-1.16 into release-1.16
@JordanP
Helm chart: fix documentation for service accounts annotations
7525267 
Signed-off-by: jordanp <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7355 from cert-manager-bot/cherry-pic…
02f4a60 
…k-7351-to-release-1.16

[release-1.16] Helm chart: fix documentation for service accounts annotations
@inteon
Helm: add enabled to json schema
2298278 
Signed-off-by: Tim Ramlot <[email protected]>
@cert-manager-prow
Merge pull request cert-manager#7356 from cert-manager-bot/cherry-pic…
ff50c06 
…k-7350-to-release-1.16

[release-1.16] Helm: add enabled to json schema
@mjsmithnh
Merge tag 'v1.16.1' into mjsmith/v1.16.1-sync
dcb5f4e 
v1.16.1
@taraspos
Copy link

taraspos commented Oct 17, 2024
edited
Loading

If you merge upstream into our fork it produces a bit messy diff.

For example, this is how our current fork diff against upstream looks like:

It shows only our custom commits, so it makes it easy to find all the modifications we had to make.
I would prefer keeping it that way, however if resolving merge conflicts that way is too painful, we can keep it as is.

Tried from my side as well, but couldn't produce better diff as well. It actually looks OK in the file diff, just the commit history looks different.

@mjsmithnh mjsmithnh merged commit dba99d7 into teleport Oct 17, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taraspos taraspos taraspos approved these changes

@sclevine sclevine sclevine approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.