-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for specifying ACME HTTP01 ingress name as an annotation on Certificates #1880
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: cheukwing The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
||
if ingress.AllowManuallySpecifiedIngress { | ||
if numIngressSpecifiers > 0 { | ||
el = append(el, field.Forbidden(fldPath.Child("allowManuallySpecifiedIngress"), "may not specify more than one of class, name, or allowManuallySpecifiedIngress")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had this in the original PR but I'm not sure if we require this, e.g. we could put a fallback Name
or Class
if this solver is selected but we do not have the annotation?
selectSolver() | ||
break | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From this point on wards, we continue as before but this could lead to problems if the solver which has AllowManuallySelectedIngress
is the most specific solver and we have not set the annotation, since we would end up with no final ingress - I'm not sure if this is something we should handle (i.e. prevent choosing this solver if annotation not set) or something the user has to handle themselves (maybe some more validation or some additional docs?).
The previous review comment also stands here.
Signed-off-by: Michael Tsang <michael.tsang@jetstack.io>
…tion set, with tests Signed-off-by: Michael Tsang <michael.tsang@jetstack.io>
Signed-off-by: Michael Tsang <michael.tsang@jetstack.io>
Closing in favour of #2061 |
What this PR does / why we need it:
Adds support for an annotation on Certificates
http01.acme.certmanager.k8s.io/ingress-to-edit
to manually specify the ingress to edit, to overcome the need to have access to adding a specific solver entry in the Issuer.A new field
AllowManuallySpecifiedIngress
is available for Issuer solvers to enable this annotation to be used, then if the annotation is set the solver will be prioritized.Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #1666Special notes for your reviewer:
Re-do of #1762 after the large changes in the order controller
Release note: