Skip to content

MINOR: Generate-certificates and ca-sign-file options support #744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 4, 2025
Merged

MINOR: Generate-certificates and ca-sign-file options support #744

merged 1 commit into from
Dec 4, 2025

Conversation

@pbromber
Copy link
Contributor

@pbromber pbromber commented Nov 10, 2025

This pull request introduces generate-certificates-signer annotation, enabling kubernetes-ingress to automatically generate TLS certificates signed by a provided CA secret for incoming connections. This utilises generate-certificates and ca-sign-file haproxy bind options

@pbromber pbromber mentioned this pull request Nov 10, 2025
Open
@pbromber pbromber force-pushed the generate_certificates_signer branch from 1c93947 to aa18dd9 Compare November 17, 2025 13:19
@pbromber pbromber changed the title Generate-certificates and ca-sign-file options support FEATURE: Generate-certificates and ca-sign-file options support Nov 17, 2025
@pbromber pbromber force-pushed the generate_certificates_signer branch from aa18dd9 to 7be8976 Compare November 17, 2025 13:29
@oktalz oktalz added the enhancement New feature or request label Nov 27, 2025
@pbromber pbromber force-pushed the generate_certificates_signer branch from 7be8976 to 0ccc17f Compare November 27, 2025 22:13
@pbromber pbromber changed the title FEATURE: Generate-certificates and ca-sign-file options support MINOR: Generate-certificates and ca-sign-file options support Nov 27, 2025
@pbromber pbromber force-pushed the generate_certificates_signer branch from 0ccc17f to 0011cf4 Compare November 27, 2025 22:32
oktalz
oktalz reviewed Dec 1, 2025
View reviewed changes
documentation/doc.yaml Outdated
- Name of Kubernetes secret in format namespace/secret-name
applies_to:
- configmap
version_min: "1.11"
Copy link
Member

@oktalz oktalz Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you put

version_min: "3.2"

to be more accurate (this will end up in next version that should be released soon)

Copy link
Contributor Author

@pbromber pbromber Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. Already changed this.

@pbromber
MINOR: Add generate-certificates-signer option
8dc6f1b 
generate-certificates-signer option is used to configure haproxy
generate-certificates and ca-sign-file bind options in ssl frontend.
@pbromber pbromber force-pushed the generate_certificates_signer branch from 0011cf4 to 8dc6f1b Compare December 2, 2025 13:19
@oktalz
Copy link
Member

oktalz commented Dec 4, 2025

internal testing was green, one day I should take a look more closely why tests randomly fails on github.
anyways, thx for this!

@oktalz oktalz merged commit d8adc57 into haproxytech:master Dec 4, 2025
12 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oktalz oktalz oktalz left review comments

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pbromber @oktalz