Skip to content

Commit

Permalink
update feature flags page to reflect changes made in 1.13
Browse files Browse the repository at this point in the history
Signed-off-by: Tim Ramlot <[email protected]>
  • Loading branch information
inteon committed Sep 21, 2023
1 parent 771eaa4 commit 71806e9
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 6 deletions.
1 change: 1 addition & 0 deletions .spelling
Original file line number Diff line number Diff line change
Expand Up @@ -617,6 +617,7 @@ v1.27.1
v0.6.0.
v4.4.1
v1.13.0
v1.13.
liveness
apiservices
arm64
Expand Down
10 changes: 7 additions & 3 deletions content/docs/installation/featureflags.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,17 @@ See `--feature-gates` flags on cert-manager controller and webhook to enable any

- `ServerSideApply`. Added in cert-manager 1.8.0. If this feature is enabled, cert-manager uses [Server side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) when creating or updating API resources. This will speed cert-manager operations and prevent the resource version conflict errors. See [release notes](../release-notes/release-notes-1.8.md#server-side-apply)

- `StableCertificateRequestName`. Added in cert-manager 1.10.0. Will enable generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487)

- `UseCertificateRequestBasicConstraints`. Added in cert-manager 1.12.0. Makes cert-manager add a basic constraints section to certificate signing requests with the CA constraint set to the correct value. See [`cert-manager#5552`](https://github.com/cert-manager/cert-manager/pull/5552)

- `ValidateCAA`. Added in cert-manager 0.7.2. CAA checking when issuing a certificate.


### Beta

There are currently no beta feature gates
These features are enabled by default. See `--feature-gates` flags on cert-manager controller and webhook to disable any of these features.

- `StableCertificateRequestName`. Alpha in v1.10 and Beta in v1.13. Enables generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487)

- `SecretsFilteredCaching`. Alpha in v1.12 and Beta in v1.13. Reduces controller's memory consumption by filtering which Secrets are cached in full using `controller.cert-manager.io/fao` label. By default all Certificate Secrets are labelled with `controller.cert-manager.io/fao` label. Users can also label other Secrets, such as issuer credentials Secrets that they know cert-manager will need access to to speed up issuance. See [`20221205-memory-management.md`](https://github.com/cert-manager/cert-manager/blob/master/design/20221205-memory-management.md)

- `DisallowInsecureCSRUsageDefinition`. Beta in v1.13. Prevents the webhook from allowing CertificateRequest's usages to be only defined in the CSR, while leaving the usages field empty.
10 changes: 7 additions & 3 deletions content/v1.13-docs/installation/featureflags.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,17 @@ See `--feature-gates` flags on cert-manager controller and webhook to enable any

- `ServerSideApply`. Added in cert-manager 1.8.0. If this feature is enabled, cert-manager uses [Server side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) when creating or updating API resources. This will speed cert-manager operations and prevent the resource version conflict errors. See [release notes](../release-notes/release-notes-1.8.md#server-side-apply)

- `StableCertificateRequestName`. Added in cert-manager 1.10.0. Will enable generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487)

- `UseCertificateRequestBasicConstraints`. Added in cert-manager 1.12.0. Makes cert-manager add a basic constraints section to certificate signing requests with the CA constraint set to the correct value. See [`cert-manager#5552`](https://github.com/cert-manager/cert-manager/pull/5552)

- `ValidateCAA`. Added in cert-manager 0.7.2. CAA checking when issuing a certificate.


### Beta

There are currently no beta feature gates
These features are enabled by default. See `--feature-gates` flags on cert-manager controller and webhook to disable any of these features.

- `StableCertificateRequestName`. Alpha in v1.10 and Beta in v1.13. Enables generation of `CertificateRequest` resources with a fixed name. See [`cert-manager#5487`](https://github.com/cert-manager/cert-manager/pull/5487)

- `SecretsFilteredCaching`. Alpha in v1.12 and Beta in v1.13. Reduces controller's memory consumption by filtering which Secrets are cached in full using `controller.cert-manager.io/fao` label. By default all Certificate Secrets are labelled with `controller.cert-manager.io/fao` label. Users can also label other Secrets, such as issuer credentials Secrets that they know cert-manager will need access to to speed up issuance. See [`20221205-memory-management.md`](https://github.com/cert-manager/cert-manager/blob/master/design/20221205-memory-management.md)

- `DisallowInsecureCSRUsageDefinition`. Beta in v1.13. Prevents the webhook from allowing CertificateRequest's usages to be only defined in the CSR, while leaving the usages field empty.

0 comments on commit 71806e9

Please sign in to comment.