docs(platform-stack): add trust-manager card#550
docs(platform-stack): add trust-manager card#550Aleksei Sviridkin (lexfrei) wants to merge 1 commit into
Conversation
✅ Deploy Preview for cozystack ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR adds a single documentation entry for the ChangesPlatform Stack Documentation Update
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
| {{< oss-card name="Flux" logo="fluxcd" license="Apache-2.0; AGPL-3.0" source="https://github.com/fluxcd/flux2/blob/main/LICENSE" description="GitOps engine reconciling cluster state from Helm releases and Kustomizations. ControlPlane Flux Operator is AGPL-3.0; upstream controllers are Apache-2.0." >}} | ||
| {{< oss-card name="Aenix etcd Operator" logo="etcd" license="Apache-2.0" source="https://github.com/aenix-io/etcd-operator/blob/main/LICENSE" description="Manages dedicated etcd clusters for tenant Kubernetes control planes. Handles member lifecycle, scaling, and backup-restore as Kubernetes reconciliation loops." >}} | ||
| {{< oss-card name="cert-manager" logo="cert-manager" license="Apache-2.0" source="https://github.com/cert-manager/cert-manager/blob/master/LICENSE" description="Automates TLS certificate issuance, renewal, and rotation. Integrates with ACME, internal PKI (OpenBao), and self-signed issuers." >}} | ||
| {{< oss-card name="trust-manager" logo="cert-manager" license="Apache-2.0" source="https://github.com/cert-manager/trust-manager/blob/main/LICENSE" description="Distributes CA bundles into Kubernetes namespaces via the cluster-scoped Bundle CRD. Co-located with cert-manager so TLS-bearing charts can project release-issued CAs into release-namespace ConfigMaps without cross-namespace RBAC." >}} |
There was a problem hiding this comment.
To improve readability and use standard terminology, consider changing "release-namespace" to "release namespace" and adding "requiring" before "cross-namespace RBAC" to make the description grammatically complete and clearer.
| {{< oss-card name="trust-manager" logo="cert-manager" license="Apache-2.0" source="https://github.com/cert-manager/trust-manager/blob/main/LICENSE" description="Distributes CA bundles into Kubernetes namespaces via the cluster-scoped Bundle CRD. Co-located with cert-manager so TLS-bearing charts can project release-issued CAs into release-namespace ConfigMaps without cross-namespace RBAC." >}} | |
| {{< oss-card name="trust-manager" logo="cert-manager" license="Apache-2.0" source="https://github.com/cert-manager/trust-manager/blob/main/LICENSE" description="Distributes CA bundles into Kubernetes namespaces via the cluster-scoped Bundle CRD. Co-located with cert-manager so TLS-bearing charts can project release-issued CAs into release namespace ConfigMaps without requiring cross-namespace RBAC." >}} |
There was a problem hiding this comment.
Addressed in da1f898 — applied both suggestions: release-namespace → release namespace, and inserted requiring before cross-namespace RBAC.
Aleksei Sviridkin (lexfrei)
requested review from
Andrei Kvapil (kvaps) and
Timofei Larkin (lllamnyp)
as code owners
Documents the new trust-manager system component shipping in the upstream platform package. Reuses the cert-manager logo (no separate brand asset upstream); we can swap in a dedicated SVG later if upstream publishes one. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
Aleksei Sviridkin (lexfrei)
force-pushed
the
feat/trust-manager-docs
branch
from
4f671de to
da1f898
Compare
Arsolitt (Arsolitt)
left a comment
Arsolitt (Arsolitt)
left a comment
There was a problem hiding this comment.
LGTM — single oss-card for trust-manager, all upstream facts verified, builds clean.
Business context: documents trust-manager as a cozystack platform component (companion to the code change shipping trust-manager v0.22.1 co-located with cert-manager).
Verified:
- License Apache-2.0 and source URL branch (
main, notmaster) match the upstream cert-manager/trust-manager repo. - "cluster-scoped Bundle CRD" matches the upstream CRD definition (
scope: Cluster). - Logo reuse (
cert-manager.svg) resolves to an existing asset; the shortcode falls back to an initials badge if the file is missing. - The architectural description (co-location, CA projection into release-namespace ConfigMaps without cross-namespace RBAC) matches the companion code change.
- Shortcode signature matches the neighboring oss-card entries; deploy preview builds.
No blockers, no follow-ups.
Timofei Larkin (lllamnyp)
left a comment
Timofei Larkin (lllamnyp)
left a comment
There was a problem hiding this comment.
This cannot go live until the issues with cozystack/cozystack#2744 are resolved.
3 participants
What this PR does
Documents trust-manager as a cozystack platform component. Adds one
oss-cardto the "GitOps and platform automation" section ofcontent/en/docs/next/guides/platform-stack/_index.md, immediately next to cert-manager.Companion to the code PR cozystack/cozystack#2744 which ships trust-manager v0.22.1 as a system package installed into
cozy-cert-manageralongside cert-manager. The card describes what trust-manager does (distributes CA bundles into namespaces via the cluster-scoped Bundle CRD) and the cozystack-specific architectural choice (co-located with cert-manager so TLS-bearing charts can project release-issued CAs into release-namespace ConfigMaps without consumer-side cross-namespace RBAC).Why a single card and not a dedicated page
The platform-stack page is the canonical place where every cozystack-shipped open-source component gets a one-card summary with license + source link. cert-manager itself, External Secrets Operator, Velero — none has a dedicated component page; the operator-facing docs about cert-manager / trust-manager usage live in TLS-and-secrets guides that don't exist yet. When a guide eventually exists, that's where deeper trust-manager content (Bundle examples, namespaceSelector patterns, troubleshooting) belongs — out of scope here.
Notes on the card
cert-manager.svg(trust-manager is part of the cert-manager project family; no separate brand asset upstream). A dedicated SVG can be added later if upstream publishes one.cert-manager/trust-manager/blob/main/LICENSE(default branch ismain, notmaster).content/en/docs/next/(per CLAUDE.md guidance for unreleased features); will materialize asvX.Y/when next is promoted.Verification
cert-manager/trust-managerv0.22.1.oss-cardentries in the same section.Release note
Summary by CodeRabbit
trust-managerto the Cozystack platform stack documentation in the GitOps and platform automation section, including license information, upstream source link, and description of CA bundle distribution capabilities.