- This PR adds two fields to CertificateSpec:
- `keyAlgorithm`, denotes which algorithm to use when generating
a private key. Can be either `rsa` or `ecdsa`. When not set, the
default algorithm used `rsa`.
- `keySize`, denotes the key size of the private key being generated.
For `rsa`, minimum key size is 2048 and maximum is 8192.
For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
See https://golang.org/pkg/crypto/elliptic
- `keySize` can be set without being explicit about `keyAlgorithm`.
- If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
be used as the key algorithm.
- `keyAlgorithm` can be set without being explicit about `keySize`.
- If `keyAlgorithm` is specified and `keySize` is not provided, key size
key size of `256` will be used for `ecdsa` key algorithm and
key size of `2048` will be used for `rsa` key algorithm.
- helper functions in `pki` package now return crypto.PrivateKey
After testing the suggested policy both with the AWS policy simulator and by using it with cert-manager I have found that the ARN prefix in the resources included in the statement cause the provider to fail with an access denied error. This new policy is equivalent and valid according to the AWS policy simulator.
Add annotation to the ingress-shim documentation
Remove debug output.
Update documentation errors.
Implement suggestions of using edit-in-place annotation to control behaviour.
Fix reference to editInPlaceAnnotation
Remove the presence of editInPlaceAnnotation from returning true to shouldSync() and relevant test.
Update comment reference to correct annotation name.
Remove tests that relied on annotation impacting result from shouldSync()
Only edit in-place when explicitly requested to do so.
Don't return error if unable to determine Ingress class, continue without setting either ingress or ingressClass.
Update annotation to certmanager.k8s.io/acme-http01-edit-in-place in order to make use case more obvious and have consistent naming.
Update docs to reflect possible values more accurately
