Richard Wall

icon company @jetstack icon location Bristol, England

Results 105 issues of Richard Wall

CI may not be running make verify-crds

2 comment

While reviewing #6791 I ran `make verify-crds` locally and it failed with a stack trace. But why didn't that failure also show up in our periodic and pull-request CI results?...

kind/bug
lifecycle/rotten

Bug in E2E_EXISTING_CHART=true E2E_CERT_MANAGER_VERSION=1.14.2 make e2e-setup-certmanager

```sh $ E2E_EXISTING_CHART=true E2E_CERT_MANAGER_VERSION=1.14.2 make e2e-setup-certmanager /home/richard/projects/cert-manager/cert-manager/_bin/tools/kubectl apply --server-side -f _bin/scratch/gateway-api-v1.0.0.yaml > /dev/null /home/richard/projects/cert-manager/cert-manager/_bin/tools/helm upgrade \ --install \ --create-namespace \ --wait \ --namespace cert-manager \ --repo https://charts.jetstack.io \ --version1.14.2 \...

kind/bug

[VC-34401] Add metrics settings to the Helm chart

In https://github.com/jetstack/jetstack-secure/pull/341 @tfadeyi added a metrics server to the agent. In this PR I've made the minimum viable changes to allow that metrics server to be queried by Prometheus, when...

WIP: Release cert-manager 1.16

3 comment

**Preview**: https://deploy-preview-1520--cert-manager.netlify.app/ Not to be merged until cert-manager 1.16.0 is released and when all the cert-manager 1.16 release notes have been merged to the release-next branch. /hold

dco-signoff: yes
do-not-merge/hold
size/L
needs-rebase
do-not-merge/work-in-progress

WIP: Reduce load on the Kubernetes API server by enabling the WatchList (Streaming Lists) feature

3 comment

- The [WatchList feature](https://kubernetes.io/docs/reference/using-api/api-concepts/#streaming-lists) of the kube-apiserver is available since v1.27. - The ClientWatchList feature of client-go is available since [v0.28.0](https://github.com/kubernetes/client-go/blob/v0.28.0/tools/cache/reflector.go#L240-L242) enabled with a non-standard [ENABLE_CLIENT_GO_WATCH_LIST_ALPHA environment variable](https://github.com/kubernetes/kubernetes/pull/118235). - In...

size/L
release-note
do-not-merge/work-in-progress
dco-signoff: yes
area/deploy
needs-kind

Route53: Allow STS token to be refreshed by the AWS client if necessary

3 comment

An alternative approach to #7235. Instead of creating a bespoke STS client and STS credential provider, this branch just uses the AWS-SDK LoadDefaultConfig mechanisms which creates an STS client if...

release-note
size/XL
area/api
kind/bug
kind/feature
area/acme
dco-signoff: yes
area/acme/dns01
area/deploy

WIP: Test secretless authentication on GKE

This modified script will create a GKE cluster and set up: venafi-enhanced-issuer, approver-policy-enterprise, and venafi-kubernetes-agent to authenticate to Venafi Control Plane using a Kubernetes ServiceAccount Token. ```console $ ./hack/e2e/test.sh ......

Check the presence of the images after releasing

1 comment

**Unrelated:** I think we should also check the presence of the images after releasing. Just to double check. Do you think this check should be part as the release process...

WIP: Update AWS Route53 documentation to better explain the authentication options

2 comment

dco-signoff: yes
size/L
do-not-merge/work-in-progress

cmctl always reports v0.0.0 in the user-agent header

I downloaded cmctl from https://github.com/cert-manager/cmctl/releases/download/v2.1.1/cmctl_linux_amd64 When I ran `cmctl version` with verbose logging, I noticed the request header: `User-Agent: cmctl/v0.0.0 (linux/amd64) kubernetes/$Format`. Should contain `User-Agent: cmctl/v2.1.1 (linux/amd64)` I think. Not...