-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding custom annotation to cm ingress resources #6903
Comments
Hey I think you can use this flag on the cert-manager-controller, --auto-certificate-annotations strings The annotation consumed by the ingress-shim controller to indicate a ingress is requesting a certificate (default [kubernetes.io/tls-acme]) I found this running the latest image: docker run -ti --rm quay.io/jetstack/cert-manager-controller:v1.14.5 --help I might have missread it, but perhaps give that a go to see if you can add multiple strings to that argument including the additional one you need? --auto-certificate-annotations "kubernetes.io/tls-acme,nginx.ingress.kubernetes.io/enable-global-auth" |
To respond to myself, ingress-nginx have a dedicated option |
Is your feature request related to a problem? Please describe.
All my ingress are protected with an oauth2-proxy.
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#global-auth-url
But ACME challenge must be allowed with a custom annotation:
nginx.ingress.kubernetes.io/enable-global-auth
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#global-external-authentication
Describe the solution you'd like
I should be able, like adding
ClusterIssuer
etc, to add arbitrary annotations to ingress ressources.Describe alternatives you've considered
Using kyverno to patch ing ressource
ClusterPolicy
Additional context
cert-manager/pkg/issuer/acme/http/ingress.go
Line 152 in d073db1
/kind feature
The text was updated successfully, but these errors were encountered: