Skip to content

[VC-52277] Add cert-manager gatherers to discovery-agent#799

Closed
George-Yanev wants to merge 1 commit intomasterfrom
VC-52277-ngts-cert-manager-gatherers
Closed

[VC-52277] Add cert-manager gatherers to discovery-agent#799
George-Yanev wants to merge 1 commit intomasterfrom
VC-52277-ngts-cert-manager-gatherers

Conversation

@George-Yanev
Copy link
Copy Markdown

@George-Yanev George-Yanev commented May 5, 2026

Purpose

Without k8s/certificates, k8s/issuers and k8s/clusterissuers the TLSPK backend cannot determine cert-manager lifecycle for discovered certificates, causing all certs to show as NOT_MANAGED in the clusters page.

VC-52277: add cert-manager gatherers to discovery-agent
6af5930 
Without k8s/certificates, k8s/issuers and k8s/clusterissuers the TLSPK
backend cannot determine cert-manager lifecycle for discovered certificates,
causing all certs to show as NOT_MANAGED in the clusters page.
@George-Yanev George-Yanev self-assigned this May 5, 2026
George-Yanev
George-Yanev commented May 5, 2026
View reviewed changes
Comment thread deploy/charts/discovery-agent/templates/configmap.yaml
resource-type:
version: v1
resource: pods
- kind: k8s-dynamic
Copy link
Copy Markdown
Author

@George-Yanev George-Yanev May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

notes: I'm not sure if those should be in the default for all use cases as we need that for NGTS

Copy link
Copy Markdown
Contributor

@SgtCoDFish SgtCoDFish May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I created a list of gatherers which are present in the old chart but aren't in the new chart:

data-gatherers:
  # gather k8s apiserver version information
  - kind: "k8s-discovery"
    name: "k8s-discovery"
  - kind: "k8s-dynamic"
    name: "k8s/namespaces"
    config:
      resource-type:
        resource: namespaces
        version: v1
  # gather services for pod readiness probe rules
  - kind: "k8s-dynamic"
    name: "k8s/services"
    config:
      resource-type:
        resource: services
        version: v1
  - kind: "k8s-dynamic"
    name: "k8s/ingresses"
    config:
      resource-type:
        group: networking.k8s.io
        version: v1
        resource: ingresses
  - kind: "k8s-dynamic"
    name: "k8s/certificates"
    config:
      resource-type:
        group: cert-manager.io
        version: v1
        resource: certificates
  - kind: "k8s-dynamic"
    name: "k8s/certificaterequests"
    config:
      resource-type:
        group: cert-manager.io
        version: v1
        resource: certificaterequests
  - kind: "k8s-dynamic"
    name: "k8s/issuers"
    config:
      resource-type:
        group: cert-manager.io
        version: v1
        resource: issuers
  - kind: "k8s-dynamic"
    name: "k8s/clusterissuers"
    config:
      resource-type:
        group: cert-manager.io
        version: v1
        resource: clusterissuers
  - kind: "k8s-dynamic"
    name: "k8s/googlecasissuers"
    config:
      resource-type:
        group: cas-issuer.jetstack.io
        version: v1beta1
        resource: googlecasissuers
  - kind: "k8s-dynamic"
    name: "k8s/googlecasclusterissuers"
    config:
      resource-type:
        group: cas-issuer.jetstack.io
        version: v1beta1
        resource: googlecasclusterissuers
  - kind: "k8s-dynamic"
    name: "k8s/awspcaissuer"
    config:
      resource-type:
        group: awspca.cert-manager.io
        version: v1beta1
        resource: awspcaissuers
  - kind: "k8s-dynamic"
    name: "k8s/awspcaclusterissuers"
    config:
      resource-type:
        group: awspca.cert-manager.io
        version: v1beta1
        resource: awspcaclusterissuers
  - kind: "k8s-dynamic"
    name: "k8s/mutatingwebhookconfigurations"
    config:
      resource-type:
        group: admissionregistration.k8s.io
        version: v1
        resource: mutatingwebhookconfigurations
  - kind: "k8s-dynamic"
    name: "k8s/validatingwebhookconfigurations"
    config:
      resource-type:
        group: admissionregistration.k8s.io
        version: v1
        resource: validatingwebhookconfigurations
  - kind: "k8s-dynamic"
    name: "k8s/gateways"
    config:
      resource-type:
        group: networking.istio.io
        version: v1alpha3
        resource: gateways
  - kind: "k8s-dynamic"
    name: "k8s/virtualservices"
    config:
      resource-type:
        group: networking.istio.io
        version: v1alpha3
        resource: virtualservices
  - kind: "k8s-dynamic"
    name: "k8s/routes"
    config:
      resource-type:
        version: v1
        group: route.openshift.io
        resource: routes
  - kind: "k8s-dynamic"
    name: "k8s/venaficonnections"
    config:
      resource-type:
        group: jetstack.io
        version: v1alpha1
        resource: venaficonnections
  - kind: "k8s-dynamic"
    name: "k8s/venaficlusterissuers"
    config:
      resource-type:
        group: jetstack.io
        version: v1alpha1
        resource: venaficlusterissuers
  - kind: "k8s-dynamic"
    name: "k8s/venafiissuers"
    config:
      resource-type:
        group: jetstack.io
        version: v1alpha1
        resource: venafiissuers
  - kind: "k8s-dynamic"
    name: "k8s/fireflyissuers"
    config:
      resource-type:
        group: firefly.venafi.com
        version: v1
        resource: issuers
  - kind: "k8s-dynamic"
    name: "k8s/stepissuers"
    config:
      resource-type:
        group: certmanager.step.sm
        version: v1beta1
        resource: stepissuers
  - kind: "k8s-dynamic"
    name: "k8s/stepclusterissuers"
    config:
      resource-type:
        group: certmanager.step.sm
        version: v1beta1
        resource: stepclusterissuers
  - kind: "k8s-dynamic"
    name: "k8s/originissuers"
    config:
      resource-type:
        group: cert-manager.k8s.cloudflare.com
        version: v1
        resource: originissuers
  - kind: "k8s-dynamic"
    name: "k8s/clusteroriginissuers"
    config:
      resource-type:
        group: cert-manager.k8s.cloudflare.com
        version: v1
        resource: clusteroriginissuers
  - kind: "k8s-dynamic"
    name: "k8s/freeipaissuers"
    config:
      resource-type:
        group: certmanager.freeipa.org
        version: v1beta1
        resource: issuers
  - kind: "k8s-dynamic"
    name: "k8s/freeipaclusterissuers"
    config:
      resource-type:
        group: certmanager.freeipa.org
        version: v1beta1
        resource: clusterissuers
  - kind: "k8s-dynamic"
    name: "k8s/ejbcaissuers"
    config:
      resource-type:
        group: ejbca-issuer.keyfactor.com
        version: v1alpha1
        resource: issuers
  - kind: "k8s-dynamic"
    name: "k8s/ejbcaclusterissuers"
    config:
      resource-type:
        group: ejbca-issuer.keyfactor.com
        version: v1alpha1
        resource: clusterissuers

Maybe we should just copy them all?

Copy link
Copy Markdown
Contributor

@SgtCoDFish SgtCoDFish May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've copied them all in #800

@George-Yanev George-Yanev requested review from SgtCoDFish and maelvls May 5, 2026 13:12
@SgtCoDFish SgtCoDFish mentioned this pull request May 6, 2026
Merged
@SgtCoDFish
Copy link
Copy Markdown
Contributor

SgtCoDFish commented May 6, 2026

Replaced by #800 !

@SgtCoDFish SgtCoDFish closed this May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SgtCoDFish SgtCoDFish Awaiting requested review from SgtCoDFish

@maelvls maelvls Awaiting requested review from maelvls

Assignees

@George-Yanev George-Yanev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@George-Yanev @SgtCoDFish