jonathan-innis
commented
4 hours ago /kind feature
Open jonathan-innis opened 4 hours ago
jonathan-innis
commented
4 hours ago /kind feature
vincepri
commented
3 hours ago This is only true for kubebuilder, but in general you don't need certmanager in controller runtime. As long as you have certificates exposed, you should be good.
Right now, if you want to run a webhook attached to a CRD that you are using with controller-runtime and controller-gen, you have to run cert-manager alongside it. This requires users that are using your component to have to install a separate component alongside yours.
We (
kubernetes-sigs/karpenter) worked around this problem for a bit by using knative's webhook reconciler to avoid the cert-manager dependency. This worked well, but caused other problems due to the dependency closure that knative takes. Ideally, we could implement some kind of self-signed certificate reconciliation mechanism in controller-runtime to reduce this dependency chain.