-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Create a CertificatePreset resource type to allow configurable defaulting #2239
Description
Is your feature request related to a problem? Please describe.
As a user of cert-manager, I often want to have multiple certificates all with a similar set of configuration, or alternatively just want to set some 'sane defaults'.
A similar requirement exists in Kubernetes, and it is serviced by the PodPreset resource, which allows setting some default values for pods that are created.
Having some way to do this with Certificates would be useful for users (see #1452, #2012, #1298, #97).
Describe the solution you'd like
Some form of similar CertificatePreset resource... it could look like this:
apiVersion: admission.cert-manager.io/v1alpha1
kind: CertificatePreset
metadata:
name: devops
spec:
selector:
matchLabels:
certificate-class: prod-edge
organization:
- Jetstack
keySize: 2048
keyAlgorithm: RSA
issuerRef:
name: letsencrypt-prodThe exact mechanics need to be discussed, but this could be applied at the time the Certificate resource is created, and would not be automatically reconciled if the Preset was updated (i.e. by a controller).
This would involve changes to our mutating webhook component 😄
Describe alternatives you've considered
We could alternatively create a controller to apply these presets - this may be something we want to do in future, however initially just doing it at the time of admittance seems acceptable.
/area api
/help-wanted
/kind feature
/priority important-longterm