Add CR annotations are optional and Certificate controller add them

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
cgroschupp · Aug 2, 2019 · 01b5072 · 01b5072
1 parent 21c237a
commit 01b5072
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/design/20190708.certificate-request-crd.md b/design/20190708.certificate-request-crd.md
@@ -210,12 +210,17 @@ internally in the controller.
 In order for `CertificateRequest` controllers to resolve requests, extra
 information may be needed that is not present in the API Spec. To pass on this
 information, a set of one or more annotations should be defined, with reliable
-value pairs. These are;
+value pairs. These annotations should be considered optional. Any
+`CertificiateRequest` controller that rely on these to function should fallback
+gracefully or be marked as failed in the event a required annotation is missing.
+The currently defined annotations are:
 
 - `certmanager.k8s.io/private-key-secret-name`: The name of the secret, in the
   same namespace as the `CertificateRequest`, that stores the private key which
   was used to sign the x509 certificate signing request. This is required by the
- `SelfSigning` issuer to sign its own certificate.
+ `SelfSigning` issuer to sign its own certificate. Currently the `Certificate`
+  controller adds this annotation to all `CertificateRequest` resources it
+  creates with the defined `SecretName` in the Spec of the `Certificate`.
 
 ### Test Plan