-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle #7036
base: master
Are you sure you want to change the base?
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle #7036
Conversation
Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @sankalp-at-gh. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR, it looks really good. Looking through from a very inexperienced view it looks quite complete but I will ask someone with the right experience to give it a. more thorough review.
It looks great though and such a great improvement to have,.
Thanks for the quick review 🙂 |
Hi @erikgb ! When you get some time, could you please review this PR as discussed in slack. It has been quiet some time since the PR and I hope the changes have not diverged much. |
Pull Request Motivation
To address issue #5514 so that we would no longer need to pass long CA Bundles but could just have a reference to a secret or configmap having the bundle. Having support for secret ref will also allow reading CAs distributed by trust-manager
As per below example, any of one of the fields caBundle or caBundleSecretRef would be supported to read the CA bundle
All of the controllers, testcases and rbac have been updated to support this functionality
Kind
feature
Release Note