Kops managed cert-manager with feature gates enabled #16498
Comments
k8s-ci-robot
added
the
kind/feature
|
Thank you for the suggestion @MTRNord. I think it's a good idea. Would you like to try and implement it? |
|
@hakman Hi first of all thanks to the PR. There seems to be a slight bug with it though. The cerrt manager docs say it must also be set on the webhook pod and not just the main pod:
from https://cert-manager.io/docs/usage/certificate/#additional-certificate-output-formats However https://cert-manager.io/docs/installation/configuring-components/#feature-gates also mentions that each component has different tables of feature gates. Possibly it should be split up like that in the yaml as well? Should I open a new ticket or reopen this one? (and yes I realise I should have been clearer on that.) |
/kind feature
1. Describe IN DETAIL the feature/behavior/change you would like to see.
Cert-manager has some things still behind Feature Gates this specifically is the case for outputting the pem format (see https://cert-manager.io/docs/usage/certificate/#additional-certificate-output-formats ) which some services which don't work k8s native, like ejabberd, require. (See https://github.com/sando38/helm-ejabberd/blob/main/charts/ejabberd/README.md#domain-tls-certificates-and-acme-client for ejabberd specifically).
Currently, there seems to be no way to add these things to the kops managed cert-manager, so one would be required to manage it by themselves. Ideally, it would be nice to have some way to enable these via kops as well to allow flexibility in that regard.
2. Feel free to provide a design supporting your feature request.
Either supporting a string that's passed or a subset of feature flags would be nice to be able to better support non-native apps on a k8s kops cluster more easily.
The text was updated successfully, but these errors were encountered: