Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support injection pem into an existing configmap #58

Open
bakito opened this issue Sep 30, 2022 · 9 comments · May be fixed by #395
Open

Support injection pem into an existing configmap #58

bakito opened this issue Sep 30, 2022 · 9 comments · May be fixed by #395
Assignees
@erikgb
Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@bakito
Copy link

bakito commented Sep 30, 2022
edited
Loading

It would be great if it was supported to have certificates injected into existing ConfigMaps if they are labelled, similar to the approach that ist available in OpenShift https://docs.openshift.com/container-platform/4.11/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki

Something like the snippet belo would inject the bundle to configmaps with the provided label.

target:
  configMapLabel:
    trust.https://cert-manager.io/inject-bundle: "true"
@erikgb
Copy link
Contributor

erikgb commented Jul 28, 2023

I like this idea and would love to see it implemented. Suggesting a small adjustment to the proposed API:

spec:
  target:
    configMapSelector:
      my-label-key: my-label-value

The type of the selector should be map[string]string as any other Kubernetes label selector.

@erikgb
Copy link
Contributor

erikgb commented Nov 17, 2023

/good-first-issue

@jetstack-bot
Copy link
Contributor

@erikgb:
This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-good-first-issue command.

In response to this:

/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jetstack-bot jetstack-bot added good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Nov 17, 2023
@erikgb erikgb mentioned this issue Nov 24, 2023
Open
@erikgb
Copy link
Contributor

erikgb commented Nov 24, 2023

I have a suggestion to the UX here, which I think can increase the usability/flexibility. What do you think of just having a well-known annotation/label key that you could add to any configmap or secret. Assuming the name of the trust-manager Bundle is my-ca-bundle, this could be as easy as:

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    trust.cert-manager.io/inject-bundle: my-ca-bundle
  name: ca-inject 
  namespace: apache

@erikgb erikgb mentioned this issue Nov 26, 2023
Open
@erikgb
Copy link
Contributor

erikgb commented Nov 30, 2023

I would like to see this feature implemented, and I think I know how it could be done.

/assign

@erikgb erikgb mentioned this issue Nov 30, 2023
Open
@hawksight hawksight mentioned this issue Dec 1, 2023
Open
@erikgb
Copy link
Contributor

erikgb commented May 16, 2024

I discussed this issue with the cert-manager maintainers on today's stand-up, and if ever implemented this will probably require a design.

/remove-help
/remove-good-first-issue

@cert-manager-prow cert-manager-prow bot removed help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. labels May 16, 2024
@erikgb erikgb mentioned this issue Jul 7, 2024
Merged
@erikgb
Copy link
Contributor

erikgb commented Jul 16, 2024

/priority important-longterm

@cert-manager-prow cert-manager-prow bot added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Jul 16, 2024
@erikgb erikgb linked a pull request Jul 18, 2024 that will close this issue
Open
@cert-manager-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
/lifecycle stale

@cert-manager-prow cert-manager-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 6, 2024
@erikgb
Copy link
Contributor

erikgb commented Nov 6, 2024

/remove-lifecycle stale

@cert-manager-prow cert-manager-prow bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@erikgb erikgb

Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: feat: inject bundle data into configmap erikgb/trust-manager
4 participants
@erikgb @bakito @jetstack-bot @cert-manager-bot