Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kops managed cert-manager with feature gates enabled #16498

Closed
MTRNord opened this issue Apr 27, 2024 · 2 comments · Fixed by #16520
Closed

Kops managed cert-manager with feature gates enabled #16498

MTRNord opened this issue Apr 27, 2024 · 2 comments · Fixed by #16520
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@MTRNord
Copy link

MTRNord commented Apr 27, 2024

/kind feature

1. Describe IN DETAIL the feature/behavior/change you would like to see.

Cert-manager has some things still behind Feature Gates this specifically is the case for outputting the pem format (see https://cert-manager.io/docs/usage/certificate/#additional-certificate-output-formats ) which some services which don't work k8s native, like ejabberd, require. (See https://github.com/sando38/helm-ejabberd/blob/main/charts/ejabberd/README.md#domain-tls-certificates-and-acme-client for ejabberd specifically).

Currently, there seems to be no way to add these things to the kops managed cert-manager, so one would be required to manage it by themselves. Ideally, it would be nice to have some way to enable these via kops as well to allow flexibility in that regard.

2. Feel free to provide a design supporting your feature request.

Either supporting a string that's passed or a subset of feature flags would be nice to be able to better support non-native apps on a k8s kops cluster more easily.

@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 27, 2024
@hakman
Copy link
Member

hakman commented Apr 28, 2024

Thank you for the suggestion @MTRNord. I think it's a good idea. Would you like to try and implement it?

@MTRNord
Copy link
Author

MTRNord commented May 16, 2024

@hakman Hi first of all thanks to the PR. There seems to be a slight bug with it though. The cerrt manager docs say it must also be set on the webhook pod and not just the main pod:

This feature is only enabled by adding it to the --feature-gates flag on the cert-manager controller and webhook components:

from https://cert-manager.io/docs/usage/certificate/#additional-certificate-output-formats

However https://cert-manager.io/docs/installation/configuring-components/#feature-gates also mentions that each component has different tables of feature gates. Possibly it should be split up like that in the yaml as well? Should I open a new ticket or reopen this one? (and yes I realise I should have been clearer on that.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants