New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow config of http01 solver pod security context #5373
base: master
Are you sure you want to change the base?
Conversation
Hi @aidy. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is feels like a slightly clumsy way to allow this configuration, but I think it's the cleanest approach. Other approaches involve radically altering the way in which the cm controller takes configuration, or providing configuration flags for all the possible If necessary, helm templates could be modified to enable more intuitive usage. I couldn't spot any prior art in the e2e tests for http01 solvers, and it was a little beyond my available time to implement - but if I've just missed it, please do point me in the right direction. |
/ok-to-test Thanks for raising this! I probably won't be able to review but hopefully someone will! |
We do already have one mechanism how to configure some pod spec values (for Ingress solvers only at the moment) via |
Maybe this isn't the right approach, but - Isn't that already the case? The options from buildDefaultPod all come from extraArgs, I think. |
I think that the existing flags are an older approach of configuring the solver pod and the pod template was added later to avoid having to add more and more flags to configure various options, see #1097 but I will verify this, if that's the case, we probably want to document it somewhere x-post https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1660041935692369 |
I've looked a bit harder, and I think I agree - setting via the issuer spec is a cleaner and more intuitive approach. I'll have a look at reworking this. |
Thanks @aidy and thanks for the work you've done already! |
fd26335
to
afa4b7b
Compare
afa4b7b
to
f9a1550
Compare
Hi @maelvls sorry for bothering, but can you also lift the Thank you! |
This allows configuration of the http01 solver PodSecurityContext as part of the Issuer specification. Signed-off-by: Adrian Lai <aidy@loathe.me.uk>
Signed-off-by: Adrian Lai <aidy@loathe.me.uk>
Signed-off-by: Adrian Lai <aidy@loathe.me.uk>
Signed-off-by: Adrian Lai <adrian.lai@jetstack.io>
Signed-off-by: Adrian Lai <adrian.lai@jetstack.io>
These were copy-pasted in from the parent definitions. We don't marshal to protobuf (none of the other structs have equivalent annotations), so remove them as they are unnecessary. Signed-off-by: Adrian Lai <adrian.lai@jetstack.io>
Looks like the import changed Signed-off-by: Adrian Lai <adrian.lai@jetstack.io>
f440f4c
to
91bf83a
Compare
New changes are detected. LGTM label has been removed. |
Rebased on master, no new changes |
Hi @maelvls everything seems to be solved. Would it be possible to add Thanks! |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/reopen |
@phandox: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/reopen |
@aidy: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@aidy: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
hello, any progress on this ? |
@aidy: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This allows configuration of the http01 solver PodSecurityContext as
part of the Issuer specification.
Pull Request Motivation
#5295
Kind
/kind feature
Release Note