-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tooling to set up cert-manager with external dependencies #4855
Comments
Hi @irbekrm , I have used |
Hi @lonelyCZ Thanks for your interest in working on this as GSoC project, glad to hear you've used cert-manager already!
The first thing to do would be to familiarize yourself with the GSoC timeline and contributor docs (that you may have already done) I'd recommend that you get involved with the cert-manager community, say hi on Slack and see if you have a chance to join some of our meetings, see the details for how to join in our contributing docs We usually recommend that folks who are interested in applying to our GSoC project also try to work with cert-manager a bit, picking up a good first issue or finding some other way how to contribute is a great way to get started and helps you to understand if the project is suits your interests and helps us to see whether we work well together :). Again, do reach out to us on Slack if you want to contribute and have questions about how to get started! In terms of deadlines, I understand that 19th of April is the deadline for submitting the proposal. Does this make sense? |
Thanks for your reply. :) @irbekrm I will familiarize the community as soon as possible, and actively participate in the draft proposal. Looking forward to work with community members. |
I understand the purpose of this feature is easily to recreate the installation of
|
Whatever installation mechanism you choose, it should be able to deploy different combinations of cert-manager + some external tools, i.e cert-manager + Vault, cert-manager + some ingress implementation etc.
This will really depend on what installation mechanism you choose and how much abstraction you build on top. For example, you could have chosen to implement this as a Go CLI and pass each configuration option as a CLI flag and then in your code translate those into the format suitable to configure each dependency. Or you can have configuration templates for each dependency as you say, they are all valid options and each has its pros and cons. |
Thank you! :)
Yes, I consider their pros and cons as follows
I tend to option 2 or option 3 because developing a command-line tool can be complex and difficult to maintain, especially considering that it can install multiple dependencies. What do you think, or what do you think of Terraform and how many members use this tool?@irbekrm I think the implementation ideas of scheme 2 and 3 are similar. |
Hi @lonelyCZ
Good work on considering those, I think you can even include that in the proposal as I think it's always valuable to show that you've considered alternatives 👍🏼 I don't want to influence which option you choose in the proposal 😄 The point of the proposal is for you to choose an implementation mechanism that you think is best and describe how you will solve the problem with it. Some thoughts though
I think if the solution was a CLI, it should be built in such a way that there is some sort of 'framework' that makes adding a new extension easy, i.e adding a new extension should not require touching too many unrelated parts of code (redevelopment). I would argue that having to compile it (most likely this would mean making a new release for the tool) is not a big problem. There could be other maintentance related cons though and agree that it might be more complex than just scripts.
I think all of us are familiar with Terraform |
Thanks for your response @irbekrm I will write a proposal as soon as possible, including all of my consideration. |
Thanks @lonelyCZ Good luck with the proposal! To add, the actual GSoC work includes working on a design doc and discussing it with the cert-manager team, so the actual implementation might differ from what you will describe in the proposal. I'd just encourage you to choose the implementation mechanism you think is best suited and describe that. |
Hi, @irbekrm , I have submited a proposal, there is a replica at https://docs.google.com/document/d/1wZ5ia0j4-5UVWN24xgj25UaYffPaTlBtpmerr5Uw8Io/edit#, looking forward to your comments, thanks :) If possible, I would like to discuss the feasibility of the proposal with the community to determine the final practical proposal. |
Thanks @lonelyCZ! I will take a look now.
Once a student gets accepted, there will be a period of time to discuss the final design with the whole team following the same process as we usually do when discussing a design document, so you should not worry about smaller details at this stage I think (The alternative would have been to have the whole of the team involved in working with each candidate on their proposal, which would not be feasible). |
Yes, thanks for your reply. @irbekrm During this period, I will try my best to implement some demos to verify the feasibility of the proposal.
Regardless of the results, we hope to complete the project in a better way and bring more convenience to the community. |
Thanks for you comments @irbekrm , I will improve it as soon as possible. |
/priority important-soon Assigned during triage party. Seems like this will be embarked on during the next few months of GSoC. |
/priority important-soon |
Hi, @irbekrm. I'm excited to tell you that I have implemented an easy demo that can deploy and setup It currently supports the deployment of |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is your feature request related to a problem? Please describe.
Currently when trying to reproduce a bug/verify a bugfix or work on a feature that requires deployment and configuration of an external dependency with cert-manager, a lot of engineer's time is spent figuring out how to set up the external dependency to work with cert-manager. And even if one of the maintainers has knowledge how to configure a particular dependency, this knowledge is not shared with the rest of the maintainers or community.
Describe the solution you'd like
There should be some means how to easily install and cross-configure cert-manager and related external dependencies ( i.e Ingress/Gateway API implementations, Vault etc) and associated cert-manager resources for common scenarios. An example scenario would be to deploy Vault, setup Vault's PKI Secrets Engine, configure auth and create a cert-manager [Cluster]Issuer that works with the configured Vault PKI.
It should be straightforward to change the configuration of any of the tools and resources.
It should be straightforward to update the scripts/tool to allow deploying a new tool.
Describe alternatives you've considered
We have some dependency configuration scripts for e2e tests here. However, arguably, these are too complex to be easily usable/understandable.
Additional context
The more concrete implementation design is still in progress.
Here is the initial design doc https://docs.google.com/document/d/10mm10rmQudssTY71Ou2oqvGDtz70VzosGuKy90Is9-g/edit?usp=sharing
Environment details (remove if not applicable):
/kind feature
The text was updated successfully, but these errors were encountered: