You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey I think you can use this flag on the cert-manager-controller, --auto-certificate-annotations strings?
--auto-certificate-annotations strings The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate (default [kubernetes.io/tls-acme])
I found this running the latest image:
docker run -ti --rm quay.io/jetstack/cert-manager-controller:v1.14.5 --help
I might have missread it, but perhaps give that a go to see if you can add multiple strings to that argument including the additional one you need?
To respond to myself, ingress-nginx have a dedicated option no-auth-locations to bypass location for specific locations, like /.well-known/acme-challenge (set by default).
Is your feature request related to a problem? Please describe.
All my ingress are protected with an oauth2-proxy.
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#global-auth-url
But ACME challenge must be allowed with a custom annotation:
nginx.ingress.kubernetes.io/enable-global-auth
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#global-external-authentication
Describe the solution you'd like
I should be able, like adding
ClusterIssuer
etc, to add arbitrary annotations to ingress ressources.Describe alternatives you've considered
Using kyverno to patch ing ressource
ClusterPolicy
Additional context
cert-manager/pkg/issuer/acme/http/ingress.go
Line 152 in d073db1
/kind feature
The text was updated successfully, but these errors were encountered: