feat: allow importing certificates from k8s tls secret#104
Conversation
|
Hi @mkl262. Thanks for your PR. I'm waiting for a aws-controllers-k8s member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
| } | ||
| } | ||
|
|
||
| func apiReaderFromReconciler(rr acktypes.Reconciler) (client.Reader, error) { |
There was a problem hiding this comment.
This seems to be an unusual pattern to rely on unsafe package to get the apiReader.
I'm not an expert on ACK repo. I'd defer the final call the ACK maintainers.
michaelhtm
left a comment
There was a problem hiding this comment.
Hey @mkl262
I noticed you did not generate the controller with code-generator. https://aws-controllers-k8s.github.io/docs/contributing/
I mainly see that you made manual changes.
Add support to importing ACM certificates from Kubernetes TLS secrets, which can include certificate chains
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mkl262 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@michaelhtm I uptaded the code and created the following PRs: |
Issue #, if available:
Description of changes:
Adds
importFromto the Certificate CRD so certificates can be imported into ACM from a standard Kubernetes TLS Secret, without specifying individual secret keys.The
importFromis mutually exclusive with certificate request fields (domainName, domainValidationOptions, etc.), exportTo, and opaque secret import fields (certificate, privateKey, certificateChain).if tls secret tls.crt field contains multiple certificates, first certificate is handled as the certificate, and all trailing certificates are handled as CA chain.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.