From 7c251d2e64ab3c830c19ee628bcc8ff61b1edf97 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 21 Sep 2023 10:43:37 +0200 Subject: [PATCH] update feature flags page to reflect changes made in 1.13 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .spelling | 1 + content/docs/installation/featureflags.md | 10 +++++++--- content/v1.13-docs/installation/featureflags.md | 10 +++++++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/.spelling b/.spelling index 381178d532b..8e0a140cb10 100644 --- a/.spelling +++ b/.spelling @@ -617,6 +617,7 @@ v1.27.1 v0.6.0. v4.4.1 v1.13.0 +v1.13 liveness apiservices arm64 diff --git a/content/docs/installation/featureflags.md b/content/docs/installation/featureflags.md index 65ce69a0276..e84ea507814 100644 --- a/content/docs/installation/featureflags.md +++ b/content/docs/installation/featureflags.md @@ -60,8 +60,6 @@ See `--feature-gates` flags on cert-manager controller and webhook to enable any - `ServerSideApply`. Added in cert-manager 1.8.0. If this feature is enabled, cert-manager uses [Server side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) when creating or updating API resources. This will speed cert-manager operations and prevent the resource version conflict errors. See [release notes](../release-notes/release-notes-1.8.md#server-side-apply) -- `StableCertificateRequestName`. Added in cert-manager 1.10.0. Will enable generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487) - - `UseCertificateRequestBasicConstraints`. Added in cert-manager 1.12.0. Makes cert-manager add a basic constraints section to certificate signing requests with the CA constraint set to the correct value. See [`cert-manager#5552`](https://github.com/cert-manager/cert-manager/pull/5552) - `ValidateCAA`. Added in cert-manager 0.7.2. CAA checking when issuing a certificate. @@ -69,4 +67,10 @@ See `--feature-gates` flags on cert-manager controller and webhook to enable any ### Beta -There are currently no beta feature gates +These features are enabled by default. See `--feature-gates` flags on cert-manager controller and webhook to disable any of these features. + +- `StableCertificateRequestName`. Alpha in v1.10 and Beta in v1.13. Enables generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487) + +- `SecretsFilteredCaching`. Alpha in v1.12 and Beta in v1.13. Reduces controller's memory consumption by filtering which Secrets are cached in full using `controller.cert-manager.io/fao` label. By default all Certificate Secrets are labelled with `controller.cert-manager.io/fao` label. Users can also label other Secrets, such as issuer credentials Secrets that they know cert-manager will need access to to speed up issuance. See [`20221205-memory-management.md`](https://github.com/cert-manager/cert-manager/blob/master/design/20221205-memory-management.md) + +- `DisallowInsecureCSRUsageDefinition`. Beta in v1.13. Prevents the webhook from allowing CertificateRequest's usages to be only defined in the CSR, while leaving the usages field empty. diff --git a/content/v1.13-docs/installation/featureflags.md b/content/v1.13-docs/installation/featureflags.md index 65ce69a0276..e84ea507814 100644 --- a/content/v1.13-docs/installation/featureflags.md +++ b/content/v1.13-docs/installation/featureflags.md @@ -60,8 +60,6 @@ See `--feature-gates` flags on cert-manager controller and webhook to enable any - `ServerSideApply`. Added in cert-manager 1.8.0. If this feature is enabled, cert-manager uses [Server side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) when creating or updating API resources. This will speed cert-manager operations and prevent the resource version conflict errors. See [release notes](../release-notes/release-notes-1.8.md#server-side-apply) -- `StableCertificateRequestName`. Added in cert-manager 1.10.0. Will enable generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487) - - `UseCertificateRequestBasicConstraints`. Added in cert-manager 1.12.0. Makes cert-manager add a basic constraints section to certificate signing requests with the CA constraint set to the correct value. See [`cert-manager#5552`](https://github.com/cert-manager/cert-manager/pull/5552) - `ValidateCAA`. Added in cert-manager 0.7.2. CAA checking when issuing a certificate. @@ -69,4 +67,10 @@ See `--feature-gates` flags on cert-manager controller and webhook to enable any ### Beta -There are currently no beta feature gates +These features are enabled by default. See `--feature-gates` flags on cert-manager controller and webhook to disable any of these features. + +- `StableCertificateRequestName`. Alpha in v1.10 and Beta in v1.13. Enables generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487) + +- `SecretsFilteredCaching`. Alpha in v1.12 and Beta in v1.13. Reduces controller's memory consumption by filtering which Secrets are cached in full using `controller.cert-manager.io/fao` label. By default all Certificate Secrets are labelled with `controller.cert-manager.io/fao` label. Users can also label other Secrets, such as issuer credentials Secrets that they know cert-manager will need access to to speed up issuance. See [`20221205-memory-management.md`](https://github.com/cert-manager/cert-manager/blob/master/design/20221205-memory-management.md) + +- `DisallowInsecureCSRUsageDefinition`. Beta in v1.13. Prevents the webhook from allowing CertificateRequest's usages to be only defined in the CSR, while leaving the usages field empty.