Skip to content

Documentation related to the ACMEHTTP01IngressPathTypeExact feature #7809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 17, 2025
Merged

Documentation related to the ACMEHTTP01IngressPathTypeExact feature #7809

merged 4 commits into from
Jun 17, 2025

Conversation

wallrj
Copy link
Member

@wallrj wallrj commented Jun 17, 2025

Some follow up work for #7795

  • Fix a typo in the feature gate comments
  • Explain why we disable the strict-validate-path feature in ingress-nginx
  • Add the new feature gates to the existing list in the Helm values file.

/kind cleanup

NONE

@wallrj-cyberark
Fix typo
172d4ad 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Explain why we disable strict-validate-path in ingress-nginx
572d2fb 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@cert-manager-prow cert-manager-prow bot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. release-note-none Denotes a PR that doesn't merit a release note. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. area/deploy Indicates a PR modifies deployment configuration size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 17, 2025
@wallrj wallrj changed the title Feature gate acme ingress implementationspecific 2 Documentation related to the ACMEHTTP01IngressPathTypeExact feature Jun 17, 2025
wallrj
wallrj commented Jun 17, 2025
View reviewed changes
deploy/charts/cert-manager/values.yaml
@@ -251,6 +251,8 @@ enableCertificateOwnerRef: false
# UseCertificateRequestBasicConstraints: false # ALPHA - default=false
# UseDomainQualifiedFinalizer: true # GA - default=true
# ValidateCAA: false # ALPHA - default=false
# DefaultPrivateKeyRotationPolicyAlways: true # BETA - default=true
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forgot to do this in #7723

@wallrj wallrj requested a review from Copilot June 17, 2025 09:33
Copilot
Copilot AI reviewed Jun 17, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds documentation and configuration updates related to the new ACMEHTTP01IngressPathTypeExact feature gate and fixes a typo in the feature comment.

  • Clarify in make/e2e-setup.mk why strict path validation is disabled for ACME HTTP01 requests
  • Correct a backtick typo in the feature description in features.go
  • Add the new feature gates to the Helm values, schema, and README files

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
make/e2e-setup.mk Added comment explaining disabling of strict-validate-path-type to allow ACME HTTP01 paths
internal/controller/feature/features.go Fixed extra backtick typo in the pathType comment
deploy/charts/cert-manager/values.yaml Inserted DefaultPrivateKeyRotationPolicyAlways and ACMEHTTP01IngressPathTypeExact gates
deploy/charts/cert-manager/values.schema.json Updated the example config description to include the new feature gates
deploy/charts/cert-manager/README.template.md Added new feature gates to the sample configuration
Comments suppressed due to low confidence (1)

deploy/charts/cert-manager/values.schema.json:582

  • [nitpick] The comment references feature gates as of v1.18.0, but ACMEHTTP01IngressPathTypeExact was introduced in v1.18.1. Consider updating this version for accuracy.
# Feature gates as of v1.18.0. Listed with their default values.

@wallrj-cyberark
Update feature gate documentation in the Helm chart
0c4243f 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
make generate
5e05306 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj wallrj force-pushed the feature-gate-acme-ingress-implementationspecific-2 branch from 71cd6d2 to 5e05306 Compare June 17, 2025 10:20
@wallrj wallrj requested a review from maelvls June 17, 2025 10:41
@wallrj
Copy link
Member Author

wallrj commented Jun 17, 2025

/cherry-pick release-1.18

@cert-manager-bot
Copy link
Contributor

@wallrj: once the present PR merges, I will cherry-pick it on top of release-1.18 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@maelvls
Copy link
Member

maelvls commented Jun 17, 2025

/lgtm

@cert-manager-prow cert-manager-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jun 17, 2025
@wallrj
Copy link
Member Author

wallrj commented Jun 17, 2025

/approve

@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 17, 2025
@cert-manager-prow cert-manager-prow bot merged commit a023b2a into cert-manager:master Jun 17, 2025
6 checks passed
@cert-manager-bot
Copy link
Contributor

@wallrj: new pull request created: #7811

In response to this:

/cherry-pick release-1.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@cert-manager-bot cert-manager-bot mentioned this pull request Jun 17, 2025
Merged
@wallrj wallrj deleted the feature-gate-acme-ingress-implementationspecific-2 branch June 17, 2025 14:38
@wallrj wallrj mentioned this pull request Jun 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@maelvls maelvls Awaiting requested review from maelvls

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/deploy Indicates a PR modifies deployment configuration dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@wallrj @cert-manager-bot @maelvls @wallrj-cyberark