You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New version of https://github.com/gardener/cert-management/releases/tag/v0.14.0 enables possibility to annotate "Istio Gateway/Virtual Service" as a result certificate manager will be able to create certificate secret in istio namespace.
And thus cap-operator will not need to create certificate object in istio system namespace.
The text was updated successfully, but these errors were encountered:
Hi Daniel,
Thanks for this info.
We plan to do this along with a similar feature we got to know a while back w.r.t annotating for DNSEntries https://github.com/gardener/external-dns-management/releases/tag/v0.18.0 (avaialable for a few months now), so that in garderner clusters both DNS records and certificates can be take over by gardner controllers and we are not manually doing the same.
We need to plan of we can just do the implementation assuming (and documenting) that all clusters are running these newer versions or we provide an option to switch this on for a while.
This issue will be updated once the implmentation happens.
external-dns-management 0.18.4 is already present in Gardener Canary.
as for cert-manager 0.14.0 it needs to undergo some rounds of testing first
we will monitor and let you know.
ceritificate object is created in the same namespace as gateway with name
<gateway name>-<generated string>
and owner reference is set to originating gateway.
As well as TLS secret is created which is referenced in certificate spec.
Can you please come up with proposal how this feature can be utilized by cap-operator?
Not every user of cap-operator should use gardener or gardener/cert-management so probably it would be good to configure it at CAPApplication level.
New version of https://github.com/gardener/cert-management/releases/tag/v0.14.0 enables possibility to annotate "Istio Gateway/Virtual Service" as a result certificate manager will be able to create certificate secret in istio namespace.
And thus cap-operator will not need to create certificate object in istio system namespace.
The text was updated successfully, but these errors were encountered: