-
Notifications
You must be signed in to change notification settings - Fork 332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Kubectl cert manager install #633
Conversation
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: wallrj The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO:
- Investigate and discuss the VMWare Veloro CRD upgrade solution:
helm upgrade
does not upgrade the CRDs vmware-tanzu/helm-charts#197 - Create an issue about documenting that CRs are garbage collected when the CRDs are removed: https://cert-manager.io/docs/installation/uninstall/kubernetes/
- Followup on the various forked cert-manager charts mentioned in install CRDs with helm cert-manager#2646
- Find out what Helm have done regarding CRD support since closing: Allow patching/updating CRD resources after first install helm/helm#7735
- Investigate how Linkerd handle CRD installation with Helm : https://linkerd.io/2.10/tasks/install-helm/
- Investigate whether Linkerd install is documented as the preferred install method:https://linkerd.io/2.10/reference/cli/install/
`kubectl cert-manager install` forms part of a larger planned toolset. | ||
In cert-manager v1.6 we anticipate a `kubectl cert-manager upgrade` command | ||
which will convert "stored" version of resources for compatibility with the removal of old API versions in `v1.6`. | ||
We argue that it would be unbalanced to have an upgrade command without a corresponding install command. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are various problems with the way Helm manages the installation, upgrading and uninstallation of projects with CRDs. | ||
Helm recommend putting CRD manifests in a separate `crds/` directory in the chart, | ||
so that it knows to install those before installing the rest of the chart manifests. | ||
But cert-manager doesn't follow that recommendation because: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Link to helm/helm#7735
OR
Consider expanding https://cert-manager.io/docs/contributing/policy/#helm-crds
linkTitle: "Frequently asked questions about the Helm package" | ||
weight: 60 | ||
type: "docs" | ||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I forgot that there are already some notes about our decisions around Helm, in
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
@wallrj: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Design proposal and prototype documentation