-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to Integrate Cert-Manager #868
Comments
FYI, blog on this subject with NIC: https://www.nginx.com/blog/automating-certificate-management-in-a-kubernetes-environment/ |
The primary use case that NKG supports - TLS termination, which is configured in the Gateway resource by referencing TLS Secrets. How those TLS Secrets are obtained -- NKG doesn't really care -- it just cares that they exist and valid. They can be provisioned using cert-manager or any other software that can provision them. Additionally, so far, although we didn't test it fully, it doesn't look like cert-manager needs any special configuration from us -- it integrates with the Gateway resource directly (in contrast with NIC and its VirtualServer resource, where cert-manager config needs to be added to VirtualServer). Considering that, I think that is more important to cover our primary use case (TLS termination) and don't spend much time into covering something that we don't do and support -- certificate management. Having a doc with a list of integrations where cert-manager is one of them would be enough imho, with a link to its documentation on how to use it with the Gateway API -- because cert-manager is a popular project and people will be asking if NKG integrates with it. |
NIC with VirtualServer is a special case - a bespoke CRD. |
Maybe this could be a blog post instead? Similar to the blog linked above (which covers Ingress and VirtualServer), maybe we could do a follow up to continue that guide. |
is the real use case here supporting Let's Encrypt? If we put it that way, NKG can support TLS termination using certificates from Let's Encrypt using cert-manager (as an enabler). This could be a guide :)
If we frame it as a use case, I think the guide is better, because it will be easier to find in our docs |
Not really, we don't "support" Let's Encrypt through the support organization nor through the project. Nor did we have to build any specific integration.
It is absolutely a use case. Let's Encrypt supports the Gateway API, like it supports the Ingress object. It should technically be documented by Let's Encrypt, but there is no harm in us producing a blog about the use case. |
As a potential user of NKG
I want a guide on how to integrate cert-manager in my NKG deployment
So that I can feel confident using NKG knowing I can rely on cert-manager to manage my certificates for me
And so that I can easily integrate it within my environment.
Acceptance
Links
The text was updated successfully, but these errors were encountered: