-
Notifications
You must be signed in to change notification settings - Fork 332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document the certificate shim support for Gateways #640
Document the certificate shim support for Gateways #640
Conversation
5107d45
to
9896fe3
Compare
9896fe3
to
ac6b572
Compare
ae3fcde
to
f242afe
Compare
Suggestion: I found the second diagram here very useful in understanding what is sig-network's recommended way to configure TLS for infra that uses Gateways. Perhaps we could copy paste that into this doc (with a reference)? Not sure if the image is somewhere in GitHub. |
f242afe
to
c0e4fca
Compare
c0e4fca
to
2556414
Compare
2556414
to
a285f4e
Compare
Signed-off-by: Maël Valais <mael@vls.dev>
Signed-off-by: Maël Valais <mael@vls.dev>
53dba99
to
d18808a
Compare
/assign I'll give it a read |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left a few suggestions, but ignore or adapt them as you please.
/lgtm
/hold
content/en/docs/usage/gateway-api.md
Outdated
Since 1.5, cert-manager supports requesting TLS certificates using annotations | ||
on Gateway resources. This works similarly as to what you can do with | ||
annotations on the Ingress resource, as described on the page [Securing Ingress | ||
Resources](/docs/usage/ingress/). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since 1.5, cert-manager supports requesting TLS certificates using annotations | |
on Gateway resources. This works similarly as to what you can do with | |
annotations on the Ingress resource, as described on the page [Securing Ingress | |
Resources](/docs/usage/ingress/). | |
**FEATURE STATE**: cert-manager v1.5 [stable] | |
cert-manager can generate TLS certificates for Gateway resources. | |
This is configured by adding annotations to a Gateway and is similar to the process for [Securing Ingress | |
Resources](/docs/usage/ingress/). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like your idea!
I'll go with 1.5 instead of v1.5 as per https://cert-manager.io/docs/installation/supported-releases/#terminology (1.5 is the release, v1.5 is a tag)
**FEATURE STATE**: cert-manager 1.5 [stable]
^^^
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I re-read the "Terminology" section and I'll admit that this section is quite confusing... like release vs. version, patch release vs. patch release...)
Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: maelvls, wallrj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Since the Ingress shim page is /ingress, I figured that /gateway would make sense. Signed-off-by: Maël Valais <mael@vls.dev>
/lgtm |
Although the discussion around discovery vs. feature gate is not done, I will proceed with merging this PR. The discussion is visible here: We plan on adding a feature gate for
Currently, the documentation says
I will fix this in #625 before we release /unhold |
I started writing some of the details of how we support the Gateway API in this document:
Before Netlify was enabled on the
release-next
branch, I would do my own previews with the following: