Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IngressRoute support for cert-manager #509

Closed
rosskukulinski opened this issue Jul 5, 2018 · 9 comments
Closed

IngressRoute support for cert-manager #509

rosskukulinski opened this issue Jul 5, 2018 · 9 comments
Assignees
Labels
Epic kind/feature Categorizes issue or PR as related to a new feature.
Milestone

Comments

@rosskukulinski
Copy link
Contributor

Contour currently supports getting TLS certificates via cert-manager using HTTP-01 validation through standard Ingress annotations.

Cert-manager does not work with IngressRoute objects which means that Contour users taking advantage of the new IngressRoute CRD will not be able to use Let's Encrypt certificates from Cert-Manager. The Istio community has a similar problem with their Gateway API

We spoke with @munnerz from the cert-manager project this morning and they're working on moving the HTTP-01 validation to a new CRD schema that could allow for a plugin-like model (or API-driven).

@rosskukulinski
Copy link
Contributor Author

This is a pretty frequent request - I'm proposing this for 0.7.0

@davecheney davecheney modified the milestones: 0.7.0, 0.9.0 Oct 23, 2018
@remmeier
Copy link

I guess this ticket is also necessary to make TCP proxying work together with cert-manager?

@davecheney
Copy link
Contributor

@remmeier this ticket is to ensure that cert-manager, specifically the ingress-shim process, can work with contour in the absence of k8s ingress records, that is, the installation is only using ingressroute.

If you have a question about using cert-manager and tcp proxying, please raise a new ticket.

@remmeier
Copy link

I was investigating contour, tcp and cert-manager and my understanding of this ticket is that this combination is currently not support to do that due to limitations of the ingress resource (just HTTP). But resolving this ticket will do that as TCP proxying is a feature of the IngressRoute? If there is something I missed, I can create another ticket.

@davecheney
Copy link
Contributor

@remmeier this ticket is to ensure that cert-manager, specifically the ingress-shim process. TCP proxying is #787

@davecheney davecheney modified the milestones: 0.9.0, 0.10.0 Jan 23, 2019
@danpe
Copy link

danpe commented Jan 30, 2019

Is there an expected release date for that ticket? or for 0.10.0 in general? ☺️

@davecheney davecheney modified the milestones: 0.10.0, 0.11.0 Feb 5, 2019
@davecheney davecheney self-assigned this Feb 18, 2019
@davecheney davecheney modified the milestones: 0.11.0, 0.12.0 Apr 8, 2019
@davecheney davecheney added this to the 0.15.0 milestone Jun 18, 2019
@davecheney davecheney modified the milestones: 0.15.0, 1.0.0 Aug 19, 2019
@davecheney
Copy link
Contributor

Moving the epic to Contour 1.0, implementation issues will be addressed in beta1 and rc1

@davecheney davecheney modified the milestones: 1.0.0, 1.0.0-rc.1 Sep 10, 2019
@davecheney
Copy link
Contributor

Duplicate of #950 (that's where the work will be done)

@jpeach
Copy link
Contributor

jpeach commented Oct 18, 2019

@davecheney This issue is referenced by the docs. Can we keep it open to track fullcert-manager support, since that might involve more issues than only #950?

sunjayBhatia added a commit that referenced this issue Jan 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Epic kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

5 participants