Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document the certificate shim support for Gateways #640

Merged
merged 8 commits into from
Aug 5, 2021
Merged

Document the certificate shim support for Gateways #640

merged 8 commits into from
Aug 5, 2021

Conversation

maelvls
Copy link
Member

@maelvls maelvls commented Jul 9, 2021
edited
Loading

I started writing some of the details of how we support the Gateway API in this document:

Preview https://deploy-preview-640--cert-manager-website.netlify.app/docs/usage/gateway-api/

Before Netlify was enabled on the release-next branch, I would do my own previews with the following:

gsutil mb -b on gs://website-pr-640
rm -rf public
HUGO_UGLYURLS=true hugo
rm -rf /public/*-docs
gsutil -m cp -r public/* gs://website-pr-640
gsutil web set -m index.html gs://website-pr-640
gsutil iam ch allUsers:objectViewer gs://website-pr-640
# Publically available at: https://storage.googleapis.com/website-pr-640/index.html

@jetstack-bot jetstack-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 9, 2021
@maelvls maelvls mentioned this pull request Jul 9, 2021
Merged
4 tasks
@jetstack-bot jetstack-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 9, 2021
@maelvls maelvls changed the base branch from master to release-next July 9, 2021 12:15
@jetstack-bot jetstack-bot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 9, 2021
@jetstack-bot jetstack-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jul 9, 2021
@maelvls maelvls force-pushed the document-gateway-shim branch 5 times, most recently from ae3fcde to f242afe Compare July 12, 2021 09:09
@irbekrm
Copy link
Contributor

irbekrm commented Jul 13, 2021

Suggestion: I found the second diagram here very useful in understanding what is sig-network's recommended way to configure TLS for infra that uses Gateways. Perhaps we could copy paste that into this doc (with a reference)? Not sure if the image is somewhere in GitHub.

@jetstack-bot jetstack-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 14, 2021
@jetstack-bot jetstack-bot added dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. and removed dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. labels Jul 16, 2021
@jetstack-bot jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels Jul 19, 2021
@maelvls
gateway-api: removed unused "acme.cert-manager.io/http01-gateway-class"
f42cb71 
Signed-off-by: Maël Valais <mael@vls.dev>
@maelvls
gateway-api: weight 90 -> 105, fix PR review comments
d18808a 
Signed-off-by: Maël Valais <mael@vls.dev>
@jakexks
Copy link
Member

jakexks commented Aug 4, 2021

/assign

I'll give it a read

wallrj
wallrj approved these changes Aug 5, 2021
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a few suggestions, but ignore or adapt them as you please.

/lgtm
/hold

content/en/docs/usage/gateway-api.md Outdated
Comment on lines 8 to 11
Since 1.5, cert-manager supports requesting TLS certificates using annotations
on Gateway resources. This works similarly as to what you can do with
annotations on the Ingress resource, as described on the page [Securing Ingress
Resources](/docs/usage/ingress/).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Since 1.5, cert-manager supports requesting TLS certificates using annotations
on Gateway resources. This works similarly as to what you can do with
annotations on the Ingress resource, as described on the page [Securing Ingress
Resources](/docs/usage/ingress/).
**FEATURE STATE**: cert-manager v1.5 [stable]
cert-manager can generate TLS certificates for Gateway resources.
This is configured by adding annotations to a Gateway and is similar to the process for [Securing Ingress
Resources](/docs/usage/ingress/).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like your idea!

I'll go with 1.5 instead of v1.5 as per https://cert-manager.io/docs/installation/supported-releases/#terminology (1.5 is the release, v1.5 is a tag)

**FEATURE STATE**: cert-manager 1.5 [stable]
                                ^^^

Copy link
Member Author

@maelvls maelvls Aug 5, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I re-read the "Terminology" section and I'll admit that this section is quite confusing... like release vs. version, patch release vs. patch release...)

content/en/docs/usage/gateway-api.md Outdated Show resolved Hide resolved
content/en/docs/usage/gateway-api.md Outdated Show resolved Hide resolved
content/en/docs/usage/gateway-api.md Outdated Show resolved Hide resolved
content/en/docs/usage/gateway-api.md Outdated Show resolved Hide resolved
content/en/docs/usage/gateway-api.md Outdated Show resolved Hide resolved
content/en/docs/usage/gateway-api.md Outdated Show resolved Hide resolved
content/en/docs/usage/gateway-api.md Outdated Show resolved Hide resolved
@jetstack-bot jetstack-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 5, 2021
@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021
@maelvls @wallrj
review: rephrasing, use "FEATURE STATE [stable]" like in Kubernetes
961160c 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Richard Wall <richard.wall@jetstack.io>
@jetstack-bot jetstack-bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021
@maelvls
Copy link
Member Author

maelvls commented Aug 5, 2021

Thank you @wallrj for the review! I added your suggestions.

/unassign
/assign @wallrj

wallrj
wallrj approved these changes Aug 5, 2021
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice docs @maelvls

Love the diagram.

/lgtm
/approve

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maelvls, wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@maelvls
gateway-api: shim page should be /gateway, not /gateway-api
ddd28a4 
Since the Ingress shim page is /ingress, I figured that /gateway would
make sense.

Signed-off-by: Maël Valais <mael@vls.dev>
@jetstack-bot jetstack-bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021
@wallrj
Copy link
Member

wallrj commented Aug 5, 2021

/lgtm

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021
@jakexks jakexks added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Aug 5, 2021
@maelvls
Copy link
Member Author

maelvls commented Aug 5, 2021
edited
Loading

Although the discussion around discovery vs. feature gate is not done, I will proceed with merging this PR. The discussion is visible here:

We plan on adding a feature gate for 1.5.0-beta.1, e.g.

--feature-gates=GatewayAPI=true

Currently, the documentation says

FEATURE STATE: cert-manager 1.5 [stable]

I will fix this in #625 before we release 1.5.0-beta.1.

/unhold

@jetstack-bot jetstack-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 5, 2021
@jetstack-bot jetstack-bot merged commit af76009 into cert-manager:release-next Aug 5, 2021
@maelvls maelvls deleted the document-gateway-shim branch August 5, 2021 13:26
This was referenced Aug 11, 2021
Merged
Merged
@jetstack-bot jetstack-bot mentioned this pull request Oct 27, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoshVanL JoshVanL JoshVanL requested changes

@irbekrm irbekrm irbekrm requested changes

@wallrj wallrj wallrj approved these changes

Assignees

@wallrj wallrj

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@maelvls @irbekrm @jakexks @jetstack-bot @wallrj @JoshVanL