{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":301829454,"defaultBranch":"trunk","name":"origin-ca-issuer","ownerLogin":"cloudflare","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-10-06T19:11:13.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/314135?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1720434474.0","currentOid":""},"activityList":{"items":[{"before":"bf9a61cfa72e1405b3d0c3e4613e672252f2ff61","after":null,"ref":"refs/heads/terin/helm-update","pushedAt":"2024-07-08T10:27:54.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"}},{"before":"4a15e56dfcf86f8c7286ac2227c9e2b8f17c15e8","after":"bf9a61cfa72e1405b3d0c3e4613e672252f2ff61","ref":"refs/heads/trunk","pushedAt":"2024-07-08T10:27:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(helm): update chart for v0.9.0","shortMessageHtmlLink":"chore(helm): update chart for v0.9.0"}},{"before":null,"after":"bf9a61cfa72e1405b3d0c3e4613e672252f2ff61","ref":"refs/heads/terin/helm-update","pushedAt":"2024-07-05T21:29:39.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(helm): update chart for v0.9.0","shortMessageHtmlLink":"chore(helm): update chart for v0.9.0"}},{"before":"d8c1b77425c2755f7907de14f41a10f6a0add74e","after":"4a15e56dfcf86f8c7286ac2227c9e2b8f17c15e8","ref":"refs/heads/trunk","pushedAt":"2024-07-04T14:56:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"release: v0.9.0","shortMessageHtmlLink":"release: v0.9.0"}},{"before":"d8c1b77425c2755f7907de14f41a10f6a0add74e","after":null,"ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-05T01:17:27.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"}},{"before":"fd52ada2941f4d985cbecdb7405c102fa5919a56","after":"d8c1b77425c2755f7907de14f41a10f6a0add74e","ref":"refs/heads/trunk","pushedAt":"2024-06-05T01:17:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":"09592e10d69bbc91b05f55f52e7ae6ae6d565fea","after":"d8c1b77425c2755f7907de14f41a10f6a0add74e","ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-05T01:10:57.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":"e82f5dd556240b909dae2dd11d24a2e7a8ddc35d","after":"09592e10d69bbc91b05f55f52e7ae6ae6d565fea","ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-05T01:02:07.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":"fd52ada2941f4d985cbecdb7405c102fa5919a56","after":null,"ref":"refs/heads/terin/collections","pushedAt":"2024-06-04T23:53:10.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"}},{"before":"364ab3419fdf82437a7113c92e25a418ff9554f4","after":"fd52ada2941f4d985cbecdb7405c102fa5919a56","ref":"refs/heads/trunk","pushedAt":"2024-06-04T23:53:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: remove provisioners.Collection\n\nThe controller was creating an instance of a signing provisioner in the\nOriginIssuer reconciler, as an attempt to optimize against creating new\nAPI clients. As the certificates issued by the Origin API are valid for\na minimium of 7 days this seems like a premature optimization. As the\nreconciler was not watching the service key secret for updates, it was\nalso persisting stale API tokens.\n\nThis changeset removes the concept of the provisioner collection. A new\nAPI client and provisioner will be created as needed in the OriginIssuer\nreconciler. This allows users to update their API token without needing\nto restart the controller.\n\nFixes: ##109","shortMessageHtmlLink":"feat: remove provisioners.Collection"}},{"before":"88c2d056538f0668551f89ede43b9f61f9e72356","after":"e82f5dd556240b909dae2dd11d24a2e7a8ddc35d","ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-03T18:53:10.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":"08dafcc8c1b02f17674e45c3d64b0c2249fcfee1","after":"88c2d056538f0668551f89ede43b9f61f9e72356","ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-03T18:50:41.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":"18c31dc6253b644edbb78db2615aa7c790a54d31","after":"08dafcc8c1b02f17674e45c3d64b0c2249fcfee1","ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-03T09:13:53.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":"b5c5400e2b922abbe75de3d21922acbe912bcca2","after":"18c31dc6253b644edbb78db2615aa7c790a54d31","ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-03T09:04:18.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":null,"after":"b5c5400e2b922abbe75de3d21922acbe912bcca2","ref":"refs/heads/terin/clusteroriginissuer","pushedAt":"2024-06-03T09:01:44.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: add ClusterOriginIssuer\n\nWhen using this controller in single-tenant clusters it becomes\ndesirable for many users to have a single cluster-scoped issuer rather\nthan each namespace duplicating the issuers and secrets.\n\nThis changeset introduces a \"cluster resource namespace\", which defaults\nto the same namespace as the controller (eg, \"origin-ca-issuer\"). A\nClusterOriginIssuer resource type has been added which resolves\nSecretKeySelectors in this namespace. Other than determing what\nnamespace to resolve the secret, the implementation is the same as the\nexisting OriginIssuer.\n\nFixes: #24","shortMessageHtmlLink":"feat: add ClusterOriginIssuer"}},{"before":"b898a2f9b9802f9a27bc2ffc53c6be542edfa5c3","after":"fd52ada2941f4d985cbecdb7405c102fa5919a56","ref":"refs/heads/terin/collections","pushedAt":"2024-06-01T21:08:19.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"feat: remove provisioners.Collection\n\nThe controller was creating an instance of a signing provisioner in the\nOriginIssuer reconciler, as an attempt to optimize against creating new\nAPI clients. As the certificates issued by the Origin API are valid for\na minimium of 7 days this seems like a premature optimization. As the\nreconciler was not watching the service key secret for updates, it was\nalso persisting stale API tokens.\n\nThis changeset removes the concept of the provisioner collection. A new\nAPI client and provisioner will be created as needed in the OriginIssuer\nreconciler. This allows users to update their API token without needing\nto restart the controller.\n\nFixes: ##109","shortMessageHtmlLink":"feat: remove provisioners.Collection"}},{"before":null,"after":"b898a2f9b9802f9a27bc2ffc53c6be542edfa5c3","ref":"refs/heads/terin/collections","pushedAt":"2024-06-01T20:35:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"remove provisioners.Collection\n\nFixes: ##109","shortMessageHtmlLink":"remove provisioners.Collection"}},{"before":"364ab3419fdf82437a7113c92e25a418ff9554f4","after":null,"ref":"refs/heads/terin/helm","pushedAt":"2024-05-22T01:04:44.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"}},{"before":"42a256306d486dfb11635016f6193ab1105853ff","after":"364ab3419fdf82437a7113c92e25a418ff9554f4","ref":"refs/heads/trunk","pushedAt":"2024-05-22T01:04:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(helm): update chart for v0.8.0","shortMessageHtmlLink":"chore(helm): update chart for v0.8.0"}},{"before":null,"after":"364ab3419fdf82437a7113c92e25a418ff9554f4","ref":"refs/heads/terin/helm","pushedAt":"2024-05-22T00:52:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(helm): update chart for v0.8.0","shortMessageHtmlLink":"chore(helm): update chart for v0.8.0"}},{"before":"42a256306d486dfb11635016f6193ab1105853ff","after":null,"ref":"refs/heads/terin/release-0.8.0","pushedAt":"2024-05-21T23:44:22.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"}},{"before":"3af9ceadd509d24e7110c5bb30890d17ea724585","after":"42a256306d486dfb11635016f6193ab1105853ff","ref":"refs/heads/trunk","pushedAt":"2024-05-21T23:44:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"release: v0.8.0","shortMessageHtmlLink":"release: v0.8.0"}},{"before":null,"after":"42a256306d486dfb11635016f6193ab1105853ff","ref":"refs/heads/terin/release-0.8.0","pushedAt":"2024-05-21T23:23:11.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"release: v0.8.0","shortMessageHtmlLink":"release: v0.8.0"}},{"before":"3af9ceadd509d24e7110c5bb30890d17ea724585","after":null,"ref":"refs/heads/terin/docker","pushedAt":"2024-05-21T23:05:46.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"}},{"before":"3ab8e9473e2eab4d6523599b6e755e87b96017ee","after":"3af9ceadd509d24e7110c5bb30890d17ea724585","ref":"refs/heads/trunk","pushedAt":"2024-05-21T23:05:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(docker): enable sbom and cache\n\nUpdate the Docker publishing Action to enable SBOM and provenance\nattestations to the published images, as well as enabling caching of\nlayers across runs.","shortMessageHtmlLink":"chore(docker): enable sbom and cache"}},{"before":"d0c35e630fdbb451649ab7026809ba065f94b612","after":"3af9ceadd509d24e7110c5bb30890d17ea724585","ref":"refs/heads/terin/docker","pushedAt":"2024-05-21T11:18:56.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(docker): enable sbom and cache\n\nUpdate the Docker publishing Action to enable SBOM and provenance\nattestations to the published images, as well as enabling caching of\nlayers across runs.","shortMessageHtmlLink":"chore(docker): enable sbom and cache"}},{"before":"d1a7f96b5efae5bad67ea35cfbe80588cf90d9eb","after":"d0c35e630fdbb451649ab7026809ba065f94b612","ref":"refs/heads/terin/docker","pushedAt":"2024-05-21T11:17:46.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(docker): enable sbom and cache\n\nUpdate the Docker publishing Action to enable SBOM and provenance\nattestations to the published images, as well as enabling caching of\nlayers across runs.","shortMessageHtmlLink":"chore(docker): enable sbom and cache"}},{"before":"5379b1e46167ee28ec7335a5a5ce88d131622621","after":"d1a7f96b5efae5bad67ea35cfbe80588cf90d9eb","ref":"refs/heads/terin/docker","pushedAt":"2024-05-21T11:00:53.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"chore(docker): enable sbom and cache\n\nUpdate the Docker publishing Action to enable SBOM and provenance\nattestations to the published images, as well as enabling caching of\nlayers across runs.","shortMessageHtmlLink":"chore(docker): enable sbom and cache"}},{"before":"3ab8e9473e2eab4d6523599b6e755e87b96017ee","after":null,"ref":"refs/heads/terin/apierror","pushedAt":"2024-05-21T10:56:06.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"}},{"before":"9cbc0d54b1c5ca7971dabe114b3891478a2e7c90","after":"3ab8e9473e2eab4d6523599b6e755e87b96017ee","ref":"refs/heads/trunk","pushedAt":"2024-05-21T10:56:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terinjokes","name":"Terin Stock","path":"/terinjokes","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273509?s=80&v=4"},"commit":{"message":"fix(cfapi): requeue after DB error\n\nThe Origin CA API occasionally returns error code 1100 signaling a\nfailure to write the certificate to the database. This reconciler\nintepreted this error as a permament failure, despite no local issues.\n\nThis changeset detects this error code and requeues the\nCertificateRequest with controller-runtime's default backoff behavior.\n\nFixes: #115\nFixes: #116","shortMessageHtmlLink":"fix(cfapi): requeue after DB error"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEeXZcTgA","startCursor":null,"endCursor":null}},"title":"Activity · cloudflare/origin-ca-issuer"}