site: clarify cert-manager guide #2708
Conversation
Edits the cert-manager guide to remove references to ingress-shim, which is an internal component of cert-manager, knowledge of which is unnecessary for a Contour user. Also adds a link to the relevant cert-manager docs. Signed-off-by: Steve Kriss <[email protected]>
| The dummy Ingress record exists only to hold the annotations `ingress-shim` requires. | ||
| Because it does not include the `ingress-class: contour` annotation, Contour will not see it and so the configuration of the Ingress does not matter, except that it is valid enough for ingress-shim to use. | ||
| The dummy Ingress record exists only to hold the annotations that cert-manager requires in order to kick off the certification creation process. | ||
| Because it does not include the `ingress-class: contour` annotation, Contour will not see it and so the configuration of the Ingress does not matter, except that it is valid enough for cert-manager to use. |
There was a problem hiding this comment.
Because it does not include the
ingress-class: contourannotation, Contour will not see it...
I know this isn't part of this change directly, but I don't understand this statement that Contour won't see the resource. Contour will "see" this resource and use it to make the HTTP01 challenge work to generate the certificate unless a specific ingress class is configured for Contour.
Also the annotation referenced earlier is: kubernetes.io/ingress.class: contour which I think is what the ingress-class: contour statement is referring to.
There was a problem hiding this comment.
OK - I can try to dig into what's wrong with that part of the sentence too but I'll need to spend some more time understanding this whole process first. Do you want to accept this fix as-is, or hold it until the other thing is addressed too?
There was a problem hiding this comment.
This is fine as-is probably. I still feel the Cert way is much simpler than this dummy ingress resource. So maybe you can take a look at this method (using ingress) and the other way (using Certificate CRD) and help decide what we should have in this guide, possibly both or two guides.
There was a problem hiding this comment.
Yeah I can definitely do that, will probably defer for a bit until I wrap up all the timeout-related changes. I thought this issue was just an easy fix, but nope :)
Codecov Report
@@ Coverage Diff @@
## master #2708 +/- ##
=======================================
Coverage 76.85% 76.85%
=======================================
Files 72 72
Lines 5702 5702
=======================================
Hits 4382 4382
Misses 1228 1228
Partials 92 92 |
closes #2692
Edits the cert-manager guide to remove references to ingress-shim,
which is an internal component of cert-manager, knowledge of which
is unnecessary for a Contour user. Also adds a link to the relevant
cert-manager docs.
Signed-off-by: Steve Kriss [email protected]