/approver-policy

approver-policy is a cert-manager approver that allows users to define policies that restrict what certificates can be requested.

Primary LanguageGoApache License 2.0Apache-2.0

cert-manager project logo

approver-policy godoc Go Report Card Artifact Hub govulncheck

approver-policy

approver-policy is a cert-manager approver that is responsible for Approving or Denying CertificateRequests.

approver-policy exposes the CertificateRequestPolicy resource which administrators use to define policy over what, who, and how certificates are signed by cert-manager.


Please follow the documentation at cert-manager.io for installing and using approver-policy.

Makefile modules

This project uses Makefile modules, see the README there for more information. A summary of the available make targets can be found by running make help.

Release Process

There is a semi-automated release process for approver-policy. When you create a Git tag with a tagname that has a v prefix and push it to GitHub. it will trigger the release workflow. This will create and push a Docker image to quay.io/jetstack/cert-manager-approver-policy:${{ github.ref_name }}, create a Helm chart file, and finally create draft GitHub release with the Helm chart file attached and containing a reference to the Docker image.

  1. Create and push a Git tag
export VERSION=v0.5.0-alpha.0
git tag --annotate --message="Release ${VERSION}" "${VERSION}"
git push origin "${VERSION}"
  1. Wait for the release workflow to succeed and if successful, visit the draft release page to download the attached Helm chart attachment.

  2. Create a PR in the jetstack/jetstack-charts repository on GitHub, containing the Helm chart file that is attached to the draft GitHub release. Wait for it to be merged and verify that the Helm chart is available from https://charts.jetstack.io.

  3. Visit the releases page, edit the draft release, click "Generate release notes", and publish the release.