diff --git a/solutions/cncf-generated/cert-manager/cert-manager-2576-support-adding-custom-annotations-to-generated-secret.json b/solutions/cncf-generated/cert-manager/cert-manager-2576-support-adding-custom-annotations-to-generated-secret.json new file mode 100644 index 00000000..6c44fa13 --- /dev/null +++ b/solutions/cncf-generated/cert-manager/cert-manager-2576-support-adding-custom-annotations-to-generated-secret.json @@ -0,0 +1,75 @@ +{ + "version": "kc-mission-v1", + "name": "cert-manager-2576-support-adding-custom-annotations-to-generated-secret", + "missionClass": "solution", + "author": "KubeStellar Bot", + "authorGithub": "kubestellar", + "mission": { + "title": "cert-manager: Support adding custom annotations to generated secret", + "description": "Support adding custom annotations to generated secret. Requested by 26+ users.", + "type": "feature", + "status": "completed", + "steps": [ + { + "title": "Check current cert-manager deployment", + "description": "Verify your cert-manager version and configuration:\n```bash\nkubectl get pods -n cert-manager -l app.kubernetes.io/name=cert-manager\nhelm list -n cert-manager 2>/dev/null || echo \"Not installed via Helm\"\n```\nThis feature requires a working cert-manager installation." + }, + { + "title": "Review cert-manager configuration", + "description": "Inspect the relevant cert-manager configuration:\n```bash\nkubectl get all -n cert-manager -l app.kubernetes.io/name=cert-manager\nkubectl get configmap -n cert-manager -l app.kubernetes.io/part-of=cert-manager\n```\nIs there support for adding custom annotations to generated secret for syncing using kubed or similar?\n\nIf not, is this feature in the pipeline?" + }, + { + "title": "Apply the fix for Support adding custom annotations to generated secret", + "description": ":\n\nThis change introduces the concept of SecretTemplate for Certificates. When a certificate is issued, a new secret is created to hold the certificate data. This secret is created by cert-manager. In order to use solutions like [kubed](https://appscode.com/products/kubed/v0.12.0/guides/config-syncer/intra-cluster/) to copy this secret to multiple namespaces, this created secret must be annotated. \n\nSecretTemplate is a property of CertificateSpec. Labels and Annotations defined there will be\n\nSee the fix PR for details: linked PR" + }, + { + "title": "Verify the feature works", + "description": "Test that the new capability is working as expected:\n```bash\nkubectl get pods -n cert-manager -l app.kubernetes.io/name=cert-manager\nkubectl get events -n cert-manager --sort-by='.lastTimestamp' | tail -10\n```\nConfirm the feature described in \"Support adding custom annotations to generated secret\" is functioning correctly." + } + ], + "resolution": { + "summary": ":\n\nThis change introduces the concept of SecretTemplate for Certificates. When a certificate is issued, a new secret is created to hold the certificate data. This secret is created by cert-manager.", + "codeSnippets": [] + } + }, + "metadata": { + "tags": [ + "cert-manager", + "graduated", + "security", + "feature" + ], + "cncfProjects": [ + "cert-manager" + ], + "targetResourceKinds": [ + "Namespace" + ], + "difficulty": "intermediate", + "issueTypes": [ + "feature" + ], + "maturity": "graduated", + "sourceUrls": { + "issue": "https://github.com/cert-manager/cert-manager/issues/2576", + "repo": "https://github.com/cert-manager/cert-manager", + "pr": "https://github.com/cert-manager/cert-manager/pull/3828" + }, + "reactions": 26, + "comments": 21, + "synthesizedBy": "copilot" + }, + "prerequisites": { + "kubernetes": ">=1.24", + "tools": [ + "kubectl" + ], + "description": "A running Kubernetes cluster with cert-manager installed or the issue environment reproducible." + }, + "security": { + "scannedAt": "2026-03-11T02:49:51.956Z", + "scannerVersion": "cncf-gen-3.0.0", + "sanitized": true, + "findings": [] + } +}