-
Notifications
You must be signed in to change notification settings - Fork 138
Closed
Labels
communityenhancementNew feature or requestNew feature or requestrefinedRequirements are refined and the issue is ready to be implemented.Requirements are refined and the issue is ready to be implemented.size/mediumEstimated to be completed within a weekEstimated to be completed within a week
Milestone
Description
Is your enhancement request related to a problem? Please describe.
When running CockroachDB in secure mode with Cert-Manager acting as CA. This will produce a CA in a secret instead of in the currently supported ConfigMap. I don't see anything in the API that would prevent the certificate ref being a secret.
What would you like to be added:
The option to provide a secret ref in the spec.validation. caCertificateRefs[*].kind
Why this is needed:
For supporting different ways of storing CAs.
Additional context
This is the status of the create BackendTLSPolicy
when created referencing a Secret instead of a ConfigMap
apiVersion: gateway.networking.k8s.io/v1alpha3
kind: BackendTLSPolicy
metadata:
creationTimestamp: "2024-09-30T22:32:27Z"
generation: 1
labels:
kustomize.toolkit.fluxcd.io/name: tools-controllers
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: cockroach-tls
namespace: cockroach
resourceVersion: "3860621"
uid: 84a3e868-9dfc-4bdd-8938-492e88877254
spec:
targetRefs:
- group: ""
kind: Service
name: cockroach-cockroachdb-public
validation:
caCertificateRefs:
- group: ""
kind: Secret
name: cockroach-ca
hostname: cockroach-cockroachdb-public.cockroach
status:
ancestors:
- ancestorRef:
group: gateway.networking.k8s.io
kind: Gateway
name: shared-gateway
namespace: nginx-gateway
conditions:
- lastTransitionTime: "2024-09-30T22:40:28Z"
message: 'invalid CACertificateRef: tls.cacertrefs[0[].kind: Unsupported value:
"Secret": supported values: "ConfigMap"'
observedGeneration: 1
reason: Invalid
status: "False"
type: Accepted
controllerName: gateway.nginx.org/nginx-gateway-controller
Versions
nginx-gateway-fabric version: v1.4.0
api-gw-crd bundle version: v1.1.0
api-gw-crd channel: experimental
k8s revision: v1.31.1
Metadata
Metadata
Assignees
Labels
communityenhancementNew feature or requestNew feature or requestrefinedRequirements are refined and the issue is ready to be implemented.Requirements are refined and the issue is ready to be implemented.size/mediumEstimated to be completed within a weekEstimated to be completed within a week
Type
Projects
Status
✅ Done