Skip to content

Pod Certificate: Document PodCertificate and podCertificate projected volumes #51817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 6, 2025
Merged

Pod Certificate: Document PodCertificate and podCertificate projected volumes #51817

merged 1 commit into from
Aug 6, 2025

Conversation

ahmedtd
Copy link
Contributor

@ahmedtd ahmedtd commented Aug 6, 2025

This is a narrow change that just adds documentation for the new PodCertificate type and podCertificate projected volumes.

The "Certificates" page is now very unwieldy, and needs to be split up. This is being pursued in a separate PR (#51487)

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 6, 2025
@ahmedtd ahmedtd mentioned this pull request Aug 6, 2025
Open
@k8s-ci-robot k8s-ci-robot added the language/en Issues or PRs related to English language label Aug 6, 2025
@k8s-ci-robot k8s-ci-robot requested review from cici37 and deads2k August 6, 2025 19:39
@ahmedtd ahmedtd force-pushed the podcertificates-narrow branch from 4ba864c to 7655916 Compare August 6, 2025 19:39
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 6, 2025
@ahmedtd ahmedtd changed the base branch from main to dev-1.34 August 6, 2025 19:40
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Aug 6, 2025
@ahmedtd ahmedtd mentioned this pull request Jul 30, 2025
Open
7 tasks
enj
enj approved these changes Aug 6, 2025
View reviewed changes
Copy link
Member

@enj enj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

content/en/docs/concepts/storage/projected-volumes.md Outdated
* `maxExpirationSeconds`: The maximum lifetime you will accept for the
certificate issued to the pod. If not set, will be defaulted to `86400` (24
hours). Must be at least `3600` (1 hour), and at most `7862400` (91 days).
Kubernetes built-in signers are restrict to a max lifetime of `86400` (1 day).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Kubernetes built-in signers are restrict to a max lifetime of `86400` (1 day).
Kubernetes built-in signers are restricted to a max lifetime of `86400` (1 day).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done (uploaded in "Review feedback 1")

@netlify Netlify
Copy link

netlify bot commented Aug 6, 2025
edited
Loading

👷 Deploy Preview for kubernetes-io-vnext-staging processing.

Name Link
🔨 Latest commit f72ccf8
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-io-vnext-staging/deploys/6893b24e0fe0270008208488

@netlify Netlify
Copy link

netlify bot commented Aug 6, 2025

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit 4ba864c
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-io-main-staging/deploys/6893af418e12fb00082cee25
😎 Deploy Preview https://deploy-preview-51817--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@ahmedtd
Pod Certificates: Narrow documentation of new feature
f72ccf8 
The "Certificates" page is creaking under its own weight, and is due to
be split up.  This is being pursued in a separate PR:

  kubernetes#51487
@ahmedtd ahmedtd force-pushed the podcertificates-narrow branch from 63130a6 to f72ccf8 Compare August 6, 2025 19:51
@enj
Copy link
Member

enj commented Aug 6, 2025

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 6, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: c73f85228d8166e22cb8f2aacab969524d2a9431

@ahmedtd
Copy link
Contributor Author

ahmedtd commented Aug 6, 2025

/assign @katcosgrove

@netlify Netlify
Copy link

netlify bot commented Aug 6, 2025

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit 63130a6
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-io-main-staging/deploys/6893b1ac1697030008bafcd0
😎 Deploy Preview https://deploy-preview-51817--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify Netlify
Copy link

netlify bot commented Aug 6, 2025

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit f72ccf8
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-io-main-staging/deploys/6893b24e3cbcf20008e43aef
😎 Deploy Preview https://deploy-preview-51817--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

lmktfy
lmktfy reviewed Aug 6, 2025
View reviewed changes
Copy link
Contributor

@lmktfy lmktfy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I haven't checked the preview to see if it looks OK, but I am happy for this to merge if someone else has.

@lmktfy
Copy link
Contributor

lmktfy commented Aug 6, 2025

/approve

/hold
Just holding this because I didn't actually check it looks OK.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 6, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj, lmktfy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 6, 2025
@lmktfy
Copy link
Contributor

lmktfy commented Aug 6, 2025

Feel free to unhold BTW

@ahmedtd
Copy link
Contributor Author

ahmedtd commented Aug 6, 2025

I've scanned through the preview and it seems OK.

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 6, 2025
@k8s-ci-robot k8s-ci-robot merged commit 8451df9 into kubernetes:dev-1.34 Aug 6, 2025
6 checks passed
@k8s-ci-robot k8s-ci-robot added this to the 1.34 milestone Aug 6, 2025
@lmktfy lmktfy mentioned this pull request Aug 14, 2025
Merged
lmktfy
lmktfy reviewed Aug 14, 2025
View reviewed changes
content/en/docs/reference/command-line-tools-reference/feature-gates/PodCertificateRequests.md
@@ -0,0 +1,15 @@
---
title: PodCertificateRequest
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I spotted a bug. Is the feature gate called PodCertificateRequests or PodCertificateRequest? The metadata don't match (this line, and the filename).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lmktfy lmktfy lmktfy left review comments

@cici37 cici37 Awaiting requested review from cici37

@deads2k deads2k Awaiting requested review from deads2k

+1 more reviewer

@enj enj enj approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@enj enj

@katcosgrove katcosgrove

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. language/en Issues or PRs related to English language lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

1.34

Development

Successfully merging this pull request may close these issues.

5 participants

@ahmedtd @enj @k8s-ci-robot @lmktfy @katcosgrove