You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Currently, the secretTemplate field in Certificate resources allows adding arbitrary annotations/labels to secrets. This is fine, but there is no option to set this field in Certificate resources automatically generated by ingress-shim from Ingress resources.
Describe the solution you'd like
Any solution that allows setting arbitrary annotations in the secretTemplate field of Certificate resources generated by ingress-shim, or on any Secret created by cert-manager.
I can think of:
[1] a new Ingress annotation that sets the secretTemplate field (to be added here)
[2] a new Issuer/ClusterIssuer annotation that does something similar
[3] values.yaml
[4] controller arguments
I have some changes that implement [1], I will shortly create a PR. Any feedback is appreciated 🙂
Describe alternatives you've considered
Mutating webhooks, but that increaases maintenance burden.
Tools like Kyverno (suggested here), also increases maintenance burden.
Not using ingress-shim at all and manually creating Certificate resources in all cases, not feasible.
Additional context
Many users have asked for this functionality in the past, it seems that #2239 should have taken care of this use case, but it seems to be shelved.
It makes sense for cert-manager to support this as this is essentially a gap between manually deployed Certificate resources and those created by ingress-shim. I understand that adding additional ingress annotations might be discouraged now, but since secret sync tools are quite popular (the fact that this page exists), I think an extra annotation makes sense in this case.
Not using ingress-shim at all and manually creating Certificate resources in all cases, not feasible.
@mangeshhambarde I'm interested to know why it is not feasible.
I think that manually creating Certificate resources is a good approach.
But I would like to understand how you intend to use ingress-shim and use that to write better justifications in the documentation:
Is your feature request related to a problem? Please describe.
Currently, the
secretTemplate
field inCertificate
resources allows adding arbitrary annotations/labels to secrets. This is fine, but there is no option to set this field inCertificate
resources automatically generated by ingress-shim fromIngress
resources.This makes it difficult to use sync tools (e.g. kubenetes-reflector) in combination with ingress-shim, as they usually need annotations to be set on the
Secret
resources. Secret sync tools are popularly used when secrets need to be accessed in a different namespace (e.g. the istio ingress gateway needs the secrets to be present in its own namespace).Describe the solution you'd like
Any solution that allows setting arbitrary annotations in the
secretTemplate
field ofCertificate
resources generated by ingress-shim, or on anySecret
created by cert-manager.I can think of:
[1] a new
Ingress
annotation that sets thesecretTemplate
field (to be added here)[2] a new
Issuer
/ClusterIssuer
annotation that does something similar[3] values.yaml
[4] controller arguments
I have some changes that implement [1], I will shortly create a PR. Any feedback is appreciated 🙂
Describe alternatives you've considered
Certificate
resources in all cases, not feasible.Additional context
Many users have asked for this functionality in the past, it seems that #2239 should have taken care of this use case, but it seems to be shelved.
It makes sense for cert-manager to support this as this is essentially a gap between manually deployed
Certificate
resources and those created by ingress-shim. I understand that adding additional ingress annotations might be discouraged now, but since secret sync tools are quite popular (the fact that this page exists), I think an extra annotation makes sense in this case.Slack conversation in #cert-manager-dev about the presets design v/s adding more annotations:
https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1653985421386439?thread_ts=1653895488.262499&cid=CDEQJ0Q8M
Exhibits
#933
#5859
#2576 (comment)
#2239 (comment)
/kind feature
The text was updated successfully, but these errors were encountered: