Note that the gateway-shim is only half the work for supporting the
Gateway API in cert-manager. The other half is the HTTP01 solver
support, which is still worked on.
The Gateway API in cert-manager is releases as an experimental feature
and needs to be enabled manually with the following flag:
--controllers=*,gateway-shim
All the annotations supported by ingress-shim are also supported by
gateway-shim, with some exceptions:
"acme.cert-manager.io/http01-ingress-class"
This annotation is not supported on the Gateway resource. Although the
Gateway resource also has a "gatewayClass" field, we will need to add
another field instead of "ingress-class" to avoid confusion with the
ingress-shim.
"acme.cert-manager.io/http01-edit-in-place"
This annotation is not supported because it is specific to some ingress
controllers like ingress-gce.
"kubernetes.io/tls-acme"
This annotation is not supported because it is a behavior inherited from
kube-lego and we chose not to keep this behavior with the Gateway API.
Unlike the ingress-shim, you can reuse the same Secret name in multiple
TLS configurations on the same Gateway resource.
The ingress-shim now shows the exact location of the duplicate
secretName when the user gives the same secretName in two separate TLS
blocks.
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Jake Sanders <i@am.so-aweso.me>
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.
Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.
Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
pkg/ctl/scheme.go:17:1: package comment should be of the form "Package ctl ..."
pkg/issuer/acme/dns/acmedns/acmedns.go:43:2: var accountJson should be accountJSON
pkg/issuer/acme/dns/acmedns/acmedns.go:50:43: func parameter accountJson should be accountJSON
pkg/controller/certificates/trigger/policies/policies.go:57:1: comment on exported type Chain should be of the form "Chain ..." (with optional leading article)
pkg/controller/ingress-shim/sync.go:36:2: package "github.com/jetstack/cert-manager/pkg/logs" is being imported more than once (ST1019)
pkg/controller/ingress-shim/sync.go:37:2: other import of "github.com/jetstack/cert-manager/pkg/logs"
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
fixes the following issues:
pkg/controller/acmeorders/util.go:84:6 deadcode `hashChallenge` is unused
pkg/controller/certificaterequests/approver/approver.go:72:14 staticcheck SA4021: x = append(y) is equivalent to x = y
pkg/controller/certificaterequests/vault/vault_test.go:535:21 errcheck Error return value of `controller.Register` is not checked
pkg/controller/certificates/trigger/policies/policies.go:121:26 gosimple S1039: unnecessary use of fmt.Sprintf
pkg/controller/clusterissuers/sync_test.go:55:12 errcheck Error return value of `c.Register` is not checked
pkg/controller/ingress-shim/sync.go:301:2 gosimple S1005: unnecessary assignment to the blank identifier
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
So that it easier used with the existing test framework and also is more similar to how most other controllers are created
Signed-off-by: irbekrm <irbekrm@gmail.com>
