"Securing Ingresses with Venafi" tutorial contains link to missing manifest

cert-manager / website

Source code for the cert-manager.io website, including project documentation

https://cert-manager.io

Apache License 2.0

53 stars 332 forks source link

"Securing Ingresses with Venafi" tutorial contains link to missing manifest #1063

Open amcginlay opened 2 years ago

amcginlay commented 2 years ago

See here.

The currently documented manifests in the cert-manager tutorial have been removed from the ingress-nginx repo so the instructions are broken. (e.g. https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/service-nlb.yaml)

The official docs suggest that the way to install an NLB based ingress-nginx on AWS is with kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/deploy.yaml

I've tested this and it appears to work as expected.

NOTE there is currently no helm based equivalent so kubectl apply is still the way to go.

amcginlay commented 2 years ago

Also, in venafi-issuer.yaml the attribute spec.venafi.cloud.url is no longer required and its inclusion as specified causes a failure. This documentation has it correct.

amcginlay commented 2 years ago

Also, the certificate manifest needs a commonName so, for example:

...
spec:
  secretName: demo-jetstack-mcginlay.net-tls
  dnsNames:
  - demo.jetstack.mcginlay.net
  commonName: demo.jetstack.mcginlay.net
...

amcginlay commented 2 years ago

May I also suggest we rename this tutorial from "Securing Ingresses with Venafi" to "EKS + Ingress + Venafi" so it matches the pattern established by "GKE + Ingress + Let's Encrypt".

Finally, this tutorial should be linked from the Getting Started page, making sure to use appropriate iconography. One could argue that the link to the Securing NGINX-ingress tutorial should be removed to emphasize the public cloud use cases.