-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/ #1075
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: Richard Wall <[email protected]>
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wallrj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
✅ Deploy Preview for cert-manager-website ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
content/docs/configuration/issuer-and-clusterissuer-resources/README.md
Outdated
Show resolved
Hide resolved
Signed-off-by: Richard Wall <[email protected]>
Signed-off-by: Richard Wall <[email protected]>
Signed-off-by: Richard Wall <[email protected]>
|
||
After installing cert-manager you will find that some new resource types have been added to the Kubernetes API server | ||
such as `Issuer`, `ClusterIssuer`, and `Certificate`. | ||
They all have `metadata`, `spec` and `status` fields, just like other Kubernetes resources. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They all have `metadata`, `spec` and `status` fields, just like other Kubernetes resources. | |
They each have `metadata`, `spec` and `status` fields, just like other Kubernetes resources. |
After installing cert-manager you will find that some new resource types have been added to the Kubernetes API server | ||
such as `Issuer`, `ClusterIssuer`, and `Certificate`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After installing cert-manager you will find that some new resource types have been added to the Kubernetes API server | |
such as `Issuer`, `ClusterIssuer`, and `Certificate`. | |
After installing cert-manager you will find see new resource types have been added to the Kubernetes API server | |
including `Issuer`, `ClusterIssuer`, and `Certificate`. |
I believe that cert-manager also adds Orders and Challenges.
Whenever you create or update one of these resources cert-manager will react; | ||
it will do some work and it will update the status with information about what it has done. | ||
|
||
Here is an overview of each of these resources explaining when you should create them and what cert-manager will do in each case. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is an overview of each of these resources explaining when you should create them and what cert-manager will do in each case. | |
Here is an overview of each of these resources explaining when you should create them and what cert-manager will do for each resource type. |
Resource Namespace`. By default, this namespace is `cert-manager` however it can be | ||
changed via a flag on the cert-manager-controller component: | ||
Next you'll probably want to create a Certificate. | ||
This resource represents a desired X.509 certificate which will be signed and renewed before it expires. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This resource represents a desired X.509 certificate which will be signed and renewed before it expires. | |
This resource represents a desired X.509 certificate which cert-manager will try to get signed and renewed before it expires. |
changed via a flag on the cert-manager-controller component: | ||
Next you'll probably want to create a Certificate. | ||
This resource represents a desired X.509 certificate which will be signed and renewed before it expires. | ||
The private key and signed certificate will be stored in a Secret which you can then mount in to a Pod or use in an Ingress resource. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The private key and signed certificate will be stored in a Secret which you can then mount in to a Pod or use in an Ingress resource. | |
The private key and signed certificate will be stored in a Secret which you can then mount into a Pod or use in an Ingress resource. |
--- | ||
|
||
Learn about Certificate resources which represent a desired X.509 certificates which will be signed and renewed before they expire. | ||
The private key and signed certificate will be stored in a Secret which you can then mount in to a Pod or use in an Ingress resource. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The private key and signed certificate will be stored in a Secret which you can then mount in to a Pod or use in an Ingress resource. | |
The private key and signed certificate will be stored in a Secret which you can then mount into a Pod or use in an Ingress resource. |
In cert-manager, the [`Certificate`](../concepts/certificate.md) resource | ||
represents a human readable definition of a certificate request that is to be | ||
honored by an issuer which is to be kept up-to-date. This is the usual way that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In cert-manager, the [`Certificate`](../concepts/certificate.md) resource | |
represents a human readable definition of a certificate request that is to be | |
honored by an issuer which is to be kept up-to-date. This is the usual way that | |
In cert-manager, the [`Certificate`](../concepts/certificate.md) resource | |
represents a human readable definition of a certificate request that is to be | |
honored by an issuer and which cert-manager will try to keep up-to-date. This is the usual way that |
@@ -180,43 +180,31 @@ | |||
"title": "Introduction", | |||
"path": "/docs/configuration/README.md" | |||
}, | |||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{ | |
{ |
] | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The whitespace here looks suspicious
@wallrj: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wallrj I think "Issuers" should be a top level menu item.
The layout could look like this:
- Issuers
- Introduction
- Full list
- In-tree issuer config
- ACME
- SelfSigned
- CA
- Vault
- Venafi
- External issuer config
- Requesting Certificates
- Introduction
- Certificate [cert-manager.io/v1]
- Ingress [networking.k8s.io/v1]
- GatewayAPI [gateway.networking.k8s.io/v1beta1]
- CertificateSigningRequest [certificates.k8s.io/v1]
- Istio Service Mesh
- CSI Driver
- CSI Driver SPIFFE
This has been solved in an alternative way. TODO: recover the changes made in the following files & apply them to the new website structure (if possible)
|
Preview: https://deploy-preview-1075--cert-manager-website.netlify.app/
Part of the #1048 where we presented an improved overall navigation structure for the site.
configuration/issuer-and-clusterissuer-resources/
homepage, because the side menu is not always expanded when you visit that page./cc @maelvls @mehak151 (and @jsoref ...if you have time)