-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate temporary certificate to appease ingress-gce #1392
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: munnerz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
aac555a
to
fb775f9
Compare
@DanielMorsing I've updated this PR now to use serial numbers to identify the temporary certificate. As we discussed, I need to update the I'll have that update ready later on 😄 but this is ready for some eyes now 👀 |
Signed-off-by: James Munnelly <james@munnelly.eu>
fb775f9
to
cf2f9ea
Compare
…test Signed-off-by: James Munnelly <james@munnelly.eu>
Signed-off-by: James Munnelly <james@munnelly.eu>
a33c3d6
to
dfabece
Compare
/lgtm |
/retest |
1 similar comment
/retest |
/retest |
1 similar comment
/retest |
What this PR does / why we need it:
This PR changes the issuance flow to issue a self signed certificate the has already expired and only valid for the CN
cert-manager.local
that will be stored in the target Secret resource whilst a certificate is being issued.Which issue this PR fixes: fixes #1343
Special notes for your reviewer:
This is incomplete due to failing unit tests, and there are some open questions about how we handle setting metadata (e.g. annotations) on the Secret resource wrt this new certificate.
Release note: