Closed clintyoshimura closed 2 years ago
cf-gitbot
commented
2 years ago We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.
The labels on this github issue will be updated when the story is started.
clintyoshimura
commented
2 years ago It seems we already have a document for rotating certificates so we didn't add a Cert Manager section to the install.md. If we want to do this we can add it to certificate-rotation.md.
emalm
commented
2 years ago @clintyoshimura @tcdowney what do you think about replacing the instructions for generating self-signed certs locally with openssl and then creating the secret to house them with instructions to use cert-manager to issue self-signed certs? The operator will already have cert-manager installed as a prerequisite, and that seems like a better starting point for them to use a real issuer such as Let's Encrypt for their certs.
clintyoshimura
commented
2 years ago @clintyoshimura @tcdowney what do you think about replacing the instructions for generating self-signed certs locally with
openssland then creating the secret to house them with instructions to use cert-manager to issue self-signed certs? The operator will already have cert-manager installed as a prerequisite, and that seems like a better starting point for them to use a real issuer such as Let's Encrypt for their certs.
We decided to add 3 subsections. If you have an existing cert, if you want to create a new secret using cert-manager, and if you want to manually generate certs (This is the option that's already there).
tcdowney
commented
2 years ago @emalm we discussed this and felt it was worth keeping the instructions around manually generating certs for the time being -- at least while we're still in beta. The options for providing an existing cert / using Lets Encrypt come first though.
Co-authored-by: Andrew Costa ancosta@vmware.com