Skip to content

Allowing 'default issuers' to be specified per-namespace with a mutating webhook #97

New issue
New issue
Closed
Closed
Allowing 'default issuers' to be specified per-namespace with a mutating webhook#97
Labels
area/apiIndicates a PR directly modifies the 'pkg/apis' directorykind/featureCategorizes issue or PR as related to a new feature.lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.priority/awaiting-more-evidenceLowest priority. Possibly useful, but not yet enough support to actually get it done.
@munnerz

Description

@munnerz
munnerz
opened on Sep 19, 2017

Following on from discussion in #51, we should explore the possibility of supporting a default Issuer.

We should look to follow a similar pattern as used for StorageClass, namely:

  • A default Issuer can be set by putting a certmanager.k8s.io/is-default annotation on an Issuer.
  • If a Certificate is created without the Issuer field set, the default Issuer should be chosen and set by the Initializer.
    • If there is no default issuer set, do nothing
    • If there is one default issuer set, set the Issuer field to the name of this Issuer
    • If there is more than one default issuer set, reject the request and log an error on the Issuer

This issue does not deal with default Issuer configuration (e.g. automatically selecting a challenge mechanism to use with the ACME issuer).

/cc @mikebryant

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/apiIndicates a PR directly modifies the 'pkg/apis' directorykind/featureCategorizes issue or PR as related to a new feature.lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.priority/awaiting-more-evidenceLowest priority. Possibly useful, but not yet enough support to actually get it done.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions