Document the certificate shim support for Gateways by maelvls · Pull Request #640 · cert-manager/website

maelvls · 2021-07-09T12:10:08Z

I started writing some of the details of how we support the Gateway API in this document:

Preview	https://deploy-preview-640--cert-manager-website.netlify.app/docs/usage/gateway-api/

Before Netlify was enabled on the release-next branch, I would do my own previews with the following:

gsutil mb -b on gs://website-pr-640
rm -rf public
HUGO_UGLYURLS=true hugo
rm -rf /public/*-docs
gsutil -m cp -r public/* gs://website-pr-640
gsutil web set -m index.html gs://website-pr-640
gsutil iam ch allUsers:objectViewer gs://website-pr-640
# Publically available at: https://storage.googleapis.com/website-pr-640/index.html

irbekrm · 2021-07-13T16:52:59Z

Suggestion: I found the second diagram here very useful in understanding what is sig-network's recommended way to configure TLS for infra that uses Gateways. Perhaps we could copy paste that into this doc (with a reference)? Not sure if the image is somewhere in GitHub.

Signed-off-by: Maël Valais <mael@vls.dev>

jakexks · 2021-08-04T17:47:14Z

/assign

I'll give it a read

wallrj

I left a few suggestions, but ignore or adapt them as you please.

/lgtm
/hold

wallrj · 2021-08-05T08:38:10Z

content/en/docs/usage/gateway-api.md

+Since 1.5, cert-manager supports requesting TLS certificates using annotations
+on Gateway resources. This works similarly as to what you can do with
+annotations on the Ingress resource, as described on the page [Securing Ingress
+Resources](/docs/usage/ingress/).


Suggested change

Since 1.5, cert-manager supports requesting TLS certificates using annotations

on Gateway resources. This works similarly as to what you can do with

annotations on the Ingress resource, as described on the page [Securing Ingress

Resources](/docs/usage/ingress/).

**FEATURE STATE**: cert-manager v1.5 [stable]

cert-manager can generate TLS certificates for Gateway resources.

This is configured by adding annotations to a Gateway and is similar to the process for [Securing Ingress

Resources](/docs/usage/ingress/).

I like your idea!

I'll go with 1.5 instead of v1.5 as per https://cert-manager.io/docs/installation/supported-releases/#terminology (1.5 is the release, v1.5 is a tag)

**FEATURE STATE**: cert-manager 1.5 [stable] ^^^

(I re-read the "Terminology" section and I'll admit that this section is quite confusing... like release vs. version, patch release vs. patch release...)

content/en/docs/usage/gateway-api.md

Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>

maelvls · 2021-08-05T09:16:24Z

Thank you @wallrj for the review! I added your suggestions.

/unassign
/assign @wallrj

wallrj

Nice docs @maelvls

Love the diagram.

/lgtm
/approve

jetstack-bot · 2021-08-05T09:20:45Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maelvls, wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [maelvls]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Since the Ingress shim page is /ingress, I figured that /gateway would make sense. Signed-off-by: Maël Valais <mael@vls.dev>

wallrj · 2021-08-05T09:57:33Z

/lgtm

maelvls · 2021-08-05T12:47:44Z

Although the discussion around discovery vs. feature gate is not done, I will proceed with merging this PR. The discussion is visible here:

Document the certificate shim support for Gateways #640 (comment)

We plan on adding a feature gate for 1.5.0-beta.1, e.g.

--feature-gates=GatewayAPI=true

Currently, the documentation says

FEATURE STATE: cert-manager 1.5 [stable]

I will fix this in #625 before we release 1.5.0-beta.1.

/unhold

maelvls mentioned this pull request Jul 9, 2021

Implement the Gateway API shim ("gateway-shim" controller) cert-manager/cert-manager#4158

Merged

4 tasks

maelvls force-pushed the document-gateway-shim branch from 5107d45 to 9896fe3 Compare July 9, 2021 12:14

jetstack-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 9, 2021

maelvls changed the base branch from master to release-next July 9, 2021 12:15

maelvls force-pushed the document-gateway-shim branch from 9896fe3 to ac6b572 Compare July 9, 2021 12:16

jetstack-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jul 9, 2021

maelvls force-pushed the document-gateway-shim branch 5 times, most recently from ae3fcde to f242afe Compare July 12, 2021 09:09

maelvls force-pushed the document-gateway-shim branch from f242afe to c0e4fca Compare July 14, 2021 15:55

jetstack-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 14, 2021

maelvls force-pushed the document-gateway-shim branch from c0e4fca to 2556414 Compare July 16, 2021 09:01

jetstack-bot added dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. and removed dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. labels Jul 16, 2021

maelvls force-pushed the document-gateway-shim branch from 2556414 to a285f4e Compare July 19, 2021 10:05

jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels Jul 19, 2021

maelvls added 3 commits August 4, 2021 19:39

gateway-api: vendor png

eef1a1a

Signed-off-by: Maël Valais <mael@vls.dev>

gateway-api: removed unused "acme.cert-manager.io/http01-gateway-class"

f42cb71

Signed-off-by: Maël Valais <mael@vls.dev>

gateway-api: weight 90 -> 105, fix PR review comments

d18808a

Signed-off-by: Maël Valais <mael@vls.dev>

maelvls force-pushed the document-gateway-shim branch from 53dba99 to d18808a Compare August 4, 2021 17:39

jetstack-bot assigned jakexks Aug 4, 2021

wallrj approved these changes Aug 5, 2021

View reviewed changes

jetstack-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 5, 2021

jetstack-bot assigned wallrj Aug 5, 2021

jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021

review: rephrasing, use "FEATURE STATE [stable]" like in Kubernetes

961160c

Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>

jetstack-bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021

maelvls unassigned jakexks and JoshVanL Aug 5, 2021

wallrj approved these changes Aug 5, 2021

View reviewed changes

jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021

gateway-api: shim page should be /gateway, not /gateway-api

ddd28a4

Since the Ingress shim page is /ingress, I figured that /gateway would make sense. Signed-off-by: Maël Valais <mael@vls.dev>

jetstack-bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021

jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021

jakexks added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Aug 5, 2021

jetstack-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 5, 2021

jetstack-bot merged commit af76009 into cert-manager:release-next Aug 5, 2021

This was referenced Aug 11, 2021

Merge release-next into master for the 1.5 release #675

Merged

Update build scripts for 1.5 #680

Merged

jetstack-bot mentioned this pull request Oct 27, 2021

Update the release-1.5 branch #732

Merged

Conversation

maelvls commented Jul 9, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

irbekrm commented Jul 13, 2021

Uh oh!

jakexks commented Aug 4, 2021

Uh oh!

wallrj left a comment

Choose a reason for hiding this comment

Uh oh!

wallrj Aug 5, 2021

Choose a reason for hiding this comment

Uh oh!

maelvls Aug 5, 2021

Choose a reason for hiding this comment

Uh oh!

maelvls Aug 5, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

maelvls commented Aug 5, 2021

Uh oh!

wallrj left a comment

Choose a reason for hiding this comment

Uh oh!

jetstack-bot commented Aug 5, 2021

Uh oh!

wallrj commented Aug 5, 2021

Uh oh!

maelvls commented Aug 5, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

maelvls commented Jul 9, 2021 •

edited

Loading

maelvls Aug 5, 2021 •

edited

Loading

maelvls commented Aug 5, 2021 •

edited

Loading