Proposal
In version 2.9.0, cert-manager functionality was added. The functionality reads as follows (copied from documentation:
- If you created custom certificate Secrets and referenced them in the cluster spec, the Operator uses them for TLS.
- If custom Secrets are not specified but cert-manager is installed, the Operator generates certificates and issuer and delegates certificate lifecycle management to cert-manager.
- If neither condition is met, the Operator generates the necessary certificates and Secrets itself.
Please consider adding a configuration value that can disable cert-manager certificate generation. I.e. the new decision tree would be instead of:
2. If custom Secrets are not specified but cert-manager is installed, the Operator generates certificates and issuer and delegates certificate lifecycle management to cert-manager.
this:
. If custom Secrets are not specified and cert-manager is installed and cert-manager-override CR option is not set to true, , the Operator generates certificates and issuer and delegates certificate lifecycle management to cert-manager.
Use-Case
While the current approach is a best practice we expect that there will be instances especially in test environments, where cert-manager is installed but people might not want, or can use it (e.g. belonging to a different team) In this case we are making software usage harder since instead of starting with the simplest possible case (opertor generarted) and then adding sophisticated ones, we consider the sophisticated case (cert-manager) the default if present. Summarizing cert-manager API present does not necessarily mean this is configured or used as well.
Is this a feature you are interested in implementing yourself?
No
Anything else?
No response
Proposal
In version 2.9.0, cert-manager functionality was added. The functionality reads as follows (copied from documentation:
Please consider adding a configuration value that can disable cert-manager certificate generation. I.e. the new decision tree would be instead of:
2. If custom Secrets are not specified but cert-manager is installed, the Operator generates certificates and issuer and delegates certificate lifecycle management to cert-manager.
this:
. If custom Secrets are not specified and cert-manager is installed and cert-manager-override CR option is not set to true, , the Operator generates certificates and issuer and delegates certificate lifecycle management to cert-manager.
Use-Case
While the current approach is a best practice we expect that there will be instances especially in test environments, where cert-manager is installed but people might not want, or can use it (e.g. belonging to a different team) In this case we are making software usage harder since instead of starting with the simplest possible case (opertor generarted) and then adding sophisticated ones, we consider the sophisticated case (cert-manager) the default if present. Summarizing cert-manager API present does not necessarily mean this is configured or used as well.
Is this a feature you are interested in implementing yourself?
No
Anything else?
No response