-
Notifications
You must be signed in to change notification settings - Fork 686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IngressRoute support for cert-manager #509
Comments
This is a pretty frequent request - I'm proposing this for 0.7.0 |
I guess this ticket is also necessary to make TCP proxying work together with cert-manager? |
@remmeier this ticket is to ensure that cert-manager, specifically the ingress-shim process, can work with contour in the absence of k8s ingress records, that is, the installation is only using ingressroute. If you have a question about using cert-manager and tcp proxying, please raise a new ticket. |
I was investigating contour, tcp and cert-manager and my understanding of this ticket is that this combination is currently not support to do that due to limitations of the ingress resource (just HTTP). But resolving this ticket will do that as TCP proxying is a feature of the IngressRoute? If there is something I missed, I can create another ticket. |
Is there an expected release date for that ticket? or for 0.10.0 in general? |
Moving the epic to Contour 1.0, implementation issues will be addressed in beta1 and rc1 |
Duplicate of #950 (that's where the work will be done) |
@davecheney This issue is referenced by the docs. Can we keep it open to track full |
See release notes: https://go.dev/doc/devel/release#go1.18.minor Signed-off-by: Sunjay Bhatia <[email protected]>
Contour currently supports getting TLS certificates via cert-manager using HTTP-01 validation through standard Ingress annotations.
Cert-manager does not work with IngressRoute objects which means that Contour users taking advantage of the new IngressRoute CRD will not be able to use Let's Encrypt certificates from Cert-Manager. The Istio community has a similar problem with their Gateway API
We spoke with @munnerz from the cert-manager project this morning and they're working on moving the HTTP-01 validation to a new CRD schema that could allow for a plugin-like model (or API-driven).
The text was updated successfully, but these errors were encountered: