Commit 3af9c1b
authored
docs(platform): document publishing.certificates wildcard options (#588)
## What this PR does
Document two `publishing.certificates.*` options in the platform-package
value table that were missing from the reference docs.
- `publishing.certificates.wildcard` (new): opt-in shared wildcard
certificate issuance on the default ingress-nginx path. When enabled
with a DNS-01 solver it issues one `*.<root-host>` wildcard for system
services instead of a per-host ACME certificate, avoiding Let's Encrypt
rate limits at scale. Documented with its default (`false`), the dns01 /
gateway-disabled gating, and the coverage / blast-radius caveat.
- `publishing.certificates.wildcardSecretName` (pre-existing, previously
undocumented): operator-provided wildcard TLS Secret that platform
services serve under instead of minting per-host ACME certificates.
Documents the code change in cozystack/cozystack#2988. Part of
cozystack/cozystack#2811.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added documentation for new Platform Package Publishing certificate
configuration options enabling wildcard certificate support with opt-in
capability and custom TLS Secret assignment.
* Documented wildcard certificate behavior, including precedence rules
between configuration options, override conditions, and hostname
coverage considerations for tenant and service host patterns.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->1 file changed
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
66 | 66 | | |
67 | 67 | | |
68 | 68 | | |
| 69 | + | |
| 70 | + | |
69 | 71 | | |
70 | 72 | | |
71 | 73 | | |
| |||
0 commit comments