Merge 2.6.0 to main#71
Merged
Merged
Conversation
…hcheck Interval, Updated Service Account Token Lifecycle (#70) * feat: Add volume and volume mount for service token * chore: fix sources and add changelog Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * feat(enrollment): make certificateAuthorityLogicalName be optional when using enrollment patterns Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * updated error messaging on csr enrollment Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * Update generated docs * chore: update docs + add e2e test for optional CA Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * Update generated docs * feat(healthcheck): bump default healthcheck interval from 1m to 10m Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(deps): bump go version to 1.26 Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * Update generated docs * chore: address copilot feedback. update linter version Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * Update generated docs * chore(ci): bump controller tools version Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> * chore(docs): document new Helm chart values for serviceAccount Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> --------- Signed-off-by: Matthew H. Irby <matt.irby@keyfactor.com> Co-authored-by: Sven Rajala <sven.rajala@keyfactor.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Contributor
There was a problem hiding this comment.
Pull request overview
Automated merge of the release-2.6 line into main, updating the issuer behavior and documentation around Enrollment Patterns, health checks, and Helm deployment defaults.
Changes:
- Makes
certificateAuthorityLogicalNameoptional when an Enrollment Pattern is used (with guidance for standalone CA cases). - Changes default health check interval from 1 minute to 10 minutes across code, CRDs, docs, and tests.
- Updates Helm chart defaults to disable ServiceAccount token automount and mount a short-lived projected token instead; bumps tooling/Go versions and adjusts lint configuration.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
README.md |
Updates API endpoint links, installation/docs wording, adds healthcheck documentation, and clarifies Issuer/ClusterIssuer fields. |
Makefile |
Bumps controller-tools and golangci-lint versions. |
internal/controller/issuer_controller_test.go |
Updates expected reconcile requeue intervals to the new 10m default. |
internal/command/command.go |
Relaxes CA requirement when Enrollment Pattern is set; improves enrollment error hints and adds helper methods. |
internal/command/command_test.go |
Updates validation expectations and adds tests for improved enrollment error messages. |
go.mod |
Updates the Go version directive (toolchain expectations for builds/CI). |
e2e/run_tests.sh |
Adds E2E coverage asserting CA is optional when using an Enrollment Pattern. |
docsource/content.md |
Mirrors README documentation updates for the published docs content. |
Dockerfile |
Bumps the Go builder image version. |
deploy/charts/command-cert-manager-issuer/values.yaml |
Introduces ServiceAccount token mount controls and projected-token configuration. |
deploy/charts/command-cert-manager-issuer/templates/serviceaccount.yaml |
Sets automountServiceAccountToken from chart values. |
deploy/charts/command-cert-manager-issuer/templates/deployment.yaml |
Adds projected ServiceAccount token volume + mount when automount is disabled. |
deploy/charts/command-cert-manager-issuer/templates/crds/issuers.yaml |
Updates CRD descriptions (CA optional with Enrollment Pattern) and healthcheck default text. |
deploy/charts/command-cert-manager-issuer/templates/crds/clusterissuers.yaml |
Same CRD description/healthcheck default updates for ClusterIssuers. |
deploy/charts/command-cert-manager-issuer/README.md |
Documents new ServiceAccount token settings and updates healthcheck default description. |
config/crd/bases/command-issuer.keyfactor.com_issuers.yaml |
Regenerated CRD base with updated descriptions and controller-gen version. |
config/crd/bases/command-issuer.keyfactor.com_clusterissuers.yaml |
Regenerated CRD base with updated descriptions and controller-gen version. |
cmd/main.go |
Changes default --default-health-check-interval to 10m. |
CHANGELOG.md |
Adds v2.6.0 release notes (features, security changes, upgrade notes). |
api/v1alpha1/issuer_types.go |
Updates API field comments and healthcheck default documentation in types. |
.golangci.yml |
Excludes selected linters for _test.go files. |
.github/workflows/test.yml |
Bumps golangci-lint action version parameter to v2.12.2. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ## Installing Command Issuer | ||
|
|
||
| Command Issuer is installed using a Helm chart. The chart is available in the [Command cert-manager Helm repository](https://keyfactor.github.io/command-cert-manager-issuer/). | ||
| Command Issuer is installed using a Helm chart. The chart is available in the [Command cert-manager Helm repository](./deploy/charts/command-cert-manager-issuer). |
Comment on lines
1
to
5
| module github.com/Keyfactor/command-cert-manager-issuer | ||
|
|
||
| go 1.24.0 | ||
| go 1.26.2 | ||
|
|
||
| require ( |
Comment on lines
1
to
3
| # Build the manager binary | ||
| FROM golang:1.24 AS builder | ||
| FROM golang:1.26 AS builder | ||
| ARG TARGETOS |
Comment on lines
+43
to
+47
| - configMap: | ||
| name: kube-root-ca.crt | ||
| items: | ||
| - key: ca.crt | ||
| path: ca.crt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge release-2.6 to main - Automated PR