-
Notifications
You must be signed in to change notification settings - Fork 297
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cert-manager documentation #1317
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to re-structure a bit. I'll do a closer pass on content after that
Install cert-manager. | ||
`Release 1.12.X LTS <https://cert-manager.io/docs/releases/release-notes/release-notes-1.12/>`__ is preferred, but you may install latest. | ||
|
||
The following command installs version 1.12.13 using ``kubectl``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth doing a substitution here in case the version bumps later?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps? Not sure how critical that is to stay up. Mostly we want this lineage. Which particular release within 1.12.x is less important from our perspective.
bcfdde0
to
fa353c6
Compare
|
||
The following graphic depicts how various namespaces make use of either an ``Issuer`` or ``ClusterIssuer`` type. | ||
|
||
- cert-manager is installed in the ``cert-manager`` namespace, which does not have either an ``issuer`` or a ``ClusterIssuer``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm confused by the cert-manager
namespace in the diagram, is minio-operator:issuer
not an issuer
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can address that with other comments on the graphic.
It should not have either an Issuer or ClusterIssuer in that namespace. But it operates separately from the other namespaces.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See suggestion in other thread here
#1317 (comment)
|
||
.. important:: | ||
|
||
Replace the filler strings with values for your tenant: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have a usual term for nonspecific placeholder text?
Or perhaps something like "Replace the placeholder values as described below"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trying an alternative. I think "placeholder text" is probably the clearest expression.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noted a couple typos, plus one thing I didn't understand. Maybe it's me, however.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much improved - feedback given
|
||
The following graphic depicts how various namespaces make use of either an ``Issuer`` or ``ClusterIssuer`` type. | ||
|
||
- cert-manager is installed in the ``cert-manager`` namespace, which does not have either an ``issuer`` or a ``ClusterIssuer``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we still need this if we're dropping a reference to it in the diagram?
Maybe:
The following diagram provides a high level view of the relationship between Cluster Issuers and Issuers in a cert-manager context:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Holding for the new diagram. Will leave unresolved until then.
|
||
.. image:: /images/k8s/cert-manager-cluster.svg | ||
:width: 600px | ||
:alt: A Kubernetes cluster with five namespaces, shown as a box for each namespace in the cluster. The minio-operator namespace contains a "minio-operator: issuer" local issuer. The default namespace contains a "root: ClusterIssuer" cluster issuer. The cert-manager namespace contains a "minio-operator: issuer" local issuer. The remaining two namespaces are individual tenants, "tenant-1" and "tenant-2", each with its own local issuer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to update the alt text
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Waiting for the new diagram first. Then will update.
54925e5
to
bca3274
Compare
This PR is block until we get an updated graphic from the design team. |
Adds cert-manager docs for Kubernetes outputs.
Closes #1245
Partially addresses #1273
Staged: