ejbca-cert-manager-issuer 2.2.0 - CA ConfigMap Bundle + End Date Usage#130
Merged
indrora merged 36 commits intorelease-2.2from Apr 1, 2026
Merged
ejbca-cert-manager-issuer 2.2.0 - CA ConfigMap Bundle + End Date Usage#130indrora merged 36 commits intorelease-2.2from
indrora merged 36 commits intorelease-2.2from
Conversation
Merge 2.1.1 to main
Merge 2.1.2 to main
…ejbca-cert-manager-issuer into cabundle_in_configmap
…tion Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
…ough feat: pass spec.duration to EJBCA as end_time (fixes #128)
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.34.1 to 0.35.1. - [Commits](kubernetes/apimachinery@v0.34.1...v0.35.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.36.1 to 1.39.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.36.1...v1.39.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-version: 1.39.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.34.1 to 0.35.1. - [Commits](kubernetes/api@v0.34.1...v0.35.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
…eat/AB#77467/ca-bundle-configmap
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
…ethods Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
…w changes Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
irby
changed the title
Contributor
|
The certificaterequest_controller is incomplete when using the ConfigMap option for the CA Bundle. the fetchCACertBytes function should also be implemented in the certificaterequest_controller |
Contributor
Author
|
Hey @HoogWater thanks for catching that. I'll do a review of this tomorrow and see if I can reproduce your findings and write up a solution for it! |
Contributor
Author
|
Hey @HoogWater just want to update that I have been able to reproduce the issue on my end. I've found an additional layer of fix that needs to be made, this may take an extra day or two to resolve but I should have a release candidate available early next week. |
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Contributor
Author
|
@HoogWater pushed out a new RC, 2.2.0-rc.4, that should have the updated fix in place. Please give this one a review and let me know if this one works! |
HoogWater
reviewed
Mar 30, 2026
HoogWater
approved these changes
Mar 30, 2026
Contributor
HoogWater
left a comment
HoogWater
left a comment
There was a problem hiding this comment.
I have tested the 2.2.0-rc.4 in my enviroment and it is now working perfectly.
so lgtm
I had 1 minor comment on the docker file specifically the GOIMAGE version being to specific that is nothing breaking anything
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com>
indrora
added a commit
that referenced
this pull request
Apr 2, 2026
* release: 2.1.3: Dependency Updates (#116) * chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.10.0 to 1.11.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.10.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-version: 1.11.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.22.1 to 0.22.3 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.22.1 to 0.22.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.22.1...v0.22.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.22.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.27.1 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.22.0 to 2.27.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.22.0...v2.27.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-version: 2.27.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Change builder image to major.minor(1.24) instead of major.minor.patch(1.24.6) When rebuilding the image now old critical vulnerabilities will not be in the resulting image anymore. * chore(tests): add documentation for configuring security roles and update test names Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(docs): update contributing guideline link in PR template Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(docs): update changelog Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark de Jong <HoogWater@users.noreply.github.com> * ejbca-cert-manager-issuer 2.2.0 - CA ConfigMap Bundle + End Date Usage (#130) * cabundle configmap option impelmented, and update to go 1.25 * Update the docs to reflect configmap option * Update README to include configmap option * cabundle configmap option impelmented, and update to go 1.25 * Update the docs to reflect configmap option * Update README to include configmap option * fix duplicate go line in go.mod * feat: pass spec.duration to EJBCA as end_time (fixes #128) * chore: update e2e test documentation, support dynamic variable resolution Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(test): add unit test for end_time logic Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(deps): bump k8s.io/apimachinery from 0.34.1 to 0.35.1 Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.34.1 to 0.35.1. - [Commits](kubernetes/apimachinery@v0.34.1...v0.35.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: bump Docker golang version to 1.25 Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(deps): bump github.com/onsi/gomega from 1.36.1 to 1.39.1 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.36.1 to 1.39.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.36.1...v1.39.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-version: 1.39.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump k8s.io/api from 0.34.1 to 0.35.1 Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.34.1 to 0.35.1. - [Commits](kubernetes/api@v0.34.1...v0.35.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: address linting issues Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * fix: use v7 go-lint-action Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: fix lint issue Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: address PR comments Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: fix lint issues. Update Makefile commands Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: check for CRD drift Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * feat: add caBundleKey to issuer specification Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: break the ca bundle and auth options retrieval into testable methods Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * feat: add logic to fetch caConfig from specified key Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: update overview.md with updated links and information about new changes Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * fix: update CONTROLLER_TOOLS_VERSION Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: update CHANGELOG and docs Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * fix: use CA trust bundle when connecting to OAuth Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * Update generated docs * chore: use ejbca-go-client-sdk v1.1.0 Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore: update go.sum Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> --------- Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com> Co-authored-by: Mark de Jong <HoogWater@users.noreply.github.com> Co-authored-by: JohnAuth <jdb@zuri.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> Co-authored-by: Matthew H. Irby <irby@users.noreply.github.com> Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark de Jong <HoogWater@users.noreply.github.com> Co-authored-by: JohnAuth <jdb@zuri.ch> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v2.2.0
Features:
caBundleKeyspecification on an Issuer / ClusterIssuer resource.durationproperty of the Certificate resource, otherwise it will be set according to the default validity configured in EJBCA for the relevant CA.Chores: