Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Securing Ingresses with Venafi" tutorial contains link to missing manifest #1063

Open
amcginlay opened this issue Aug 25, 2022 · 3 comments
Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@amcginlay
Copy link

amcginlay commented Aug 25, 2022

See here.

The currently documented manifests in the cert-manager tutorial have been removed from the ingress-nginx repo so the instructions are broken. (e.g. https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/service-nlb.yaml)

The official docs suggest that the way to install an NLB based ingress-nginx on AWS is with kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/aws/deploy.yaml

I've tested this and it appears to work as expected.

NOTE there is currently no helm based equivalent so kubectl apply is still the way to go.

@amcginlay
Copy link
Author

Also, in venafi-issuer.yaml the attribute spec.venafi.cloud.url is no longer required and its inclusion as specified causes a failure.
This documentation has it correct.

@amcginlay
Copy link
Author

amcginlay commented Aug 31, 2022

Also, the certificate manifest needs a commonName so, for example:

...
spec:
  secretName: demo-jetstack-mcginlay.net-tls
  dnsNames:
  - demo.jetstack.mcginlay.net
  commonName: demo.jetstack.mcginlay.net
...

@amcginlay
Copy link
Author

May I also suggest we rename this tutorial from "Securing Ingresses with Venafi" to "EKS + Ingress + Venafi" so it matches the pattern established by "GKE + Ingress + Let's Encrypt".

Finally, this tutorial should be linked from the Getting Started page, making sure to use appropriate iconography. One could argue that the link to the Securing NGINX-ingress tutorial should be removed to emphasize the public cloud use cases.

@inteon inteon added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Development

No branches or pull requests

2 participants