30f9c123d3
Note that the gateway-shim is only half the work for supporting the Gateway API in cert-manager. The other half is the HTTP01 solver support, which is still worked on. The Gateway API in cert-manager is releases as an experimental feature and needs to be enabled manually with the following flag: --controllers=*,gateway-shim All the annotations supported by ingress-shim are also supported by gateway-shim, with some exceptions: "acme.cert-manager.io/http01-ingress-class" This annotation is not supported on the Gateway resource. Although the Gateway resource also has a "gatewayClass" field, we will need to add another field instead of "ingress-class" to avoid confusion with the ingress-shim. "acme.cert-manager.io/http01-edit-in-place" This annotation is not supported because it is specific to some ingress controllers like ingress-gce. "kubernetes.io/tls-acme" This annotation is not supported because it is a behavior inherited from kube-lego and we chose not to keep this behavior with the Gateway API. Unlike the ingress-shim, you can reuse the same Secret name in multiple TLS configurations on the same Gateway resource. The ingress-shim now shows the exact location of the duplicate secretName when the user gives the same secretName in two separate TLS blocks. Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Jake Sanders <i@am.so-aweso.me> |
||
|---|---|---|
| .. | ||
| charts/cert-manager | ||
| crds | ||
| manifests | ||
| BUILD.bazel | ||
| OWNERS | ||