Allow arbitrary secret names for certificates

Question

Allow arbitrary secret names for certificates

gerred opened this issue 8 years ago · 6 comments

https://github.com/PalmStoneGames/kube-cert-manager is opinionated in its secret name creation with its TPR, as is Deis in secret name usage for certificates. (append with -cert).

We should support any arbitrary secret name to make compatibility with other community tools easier.

Answer 1 · 2016-10-06T16:28:15.000Z

This seems like a good idea.

If I can propose how we'd do this...

My thought is that the annotations on a routable service could reference a secret by name, and the router would use that, if specified. (This would work nicely for people using router without Workflow.) Otherwise, the router would look for the secret using the same naming convention as it does today.

@gerred how does that compare to your own thoughts on this?

Answer 2 · 2016-10-06T16:30:58.000Z

@krancour that looks great 👍 I was trying to sort out how to make our convention backwards portable, and I think that does it. I'll try to whip up a PR today.

Would this be under the same annotation key you think?

Answer 3 · 2016-10-06T16:55:43.000Z

Would this be under the same annotation key you think?

Not sure what you mean.

I'm imagining a new annotation on a routable service. The value of that annotation, if present, just references the secret by name.

Answer 4 · 2016-10-06T16:56:53.000Z

We're on the same page then. I wasn't sure if we were talking about having logic to try to "guess" based on the existing annotation.

Answer 5 · 2016-10-06T16:57:19.000Z

Nope. No guessing.

Answer 6 · 2018-03-13T19:09:48.000Z

This issue was moved to teamhephy/router#18