Add new annotation to disable external-domain-tls

knative · Sep 19, 2023 · 31f2376 · 31f2376
1 parent 06ba58e
commit 31f2376
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 This repository contains the Knative Ingress and Certificate CRDs, as well as
 their conformance tests. These are our extension points to plugin different
 Ingress plugins (Ambassador, Contour, Gloo, Istio, Kong and Kourier), as well as
-different AutoTLS plugins (CertManager and Knative's own HTTP01 challenge
+different ExternalDomainTLS plugins (CertManager and Knative's own HTTP01 challenge
 solver).
 
 # Knative Ingress aka KIngress

diff --git a/pkg/apis/networking/metadata_validation.go b/pkg/apis/networking/metadata_validation.go
@@ -29,6 +29,7 @@ var (
 		IngressClassAnnotationKey,
 		CertificateClassAnnotationKey,
 		DisableAutoTLSAnnotationKey,
+		DisableExternalDomainTLSKey,
 		HTTPOptionAnnotationKey,
 
 		IngressClassAnnotationAltKey,

diff --git a/pkg/apis/networking/metadata_validation_test.go b/pkg/apis/networking/metadata_validation_test.go
@@ -44,6 +44,11 @@ func TestValidateObjectMetadata(t *testing.T) {
 			DisableAutoTLSAnnotationKey:    "true",
 			DisableAutoTLSAnnotationAltKey: "true",
 		},
+	}, {
+		name: "valid disable external-domain-tls annotation key",
+		annotations: map[string]string{
+			DisableExternalDomainTLSKey: "true",
+		},
 	}, {
 		name: "valid certificate class annotation key",
 		annotations: map[string]string{

diff --git a/pkg/apis/networking/register.go b/pkg/apis/networking/register.go
@@ -70,11 +70,17 @@ const (
 
 	// DisableAutoTLSAnnotationKey is the annotation key attached to a Knative Service/DomainMapping
 	// to indicate that AutoTLS should not be enabled for it.
+	// Deprecated: use DisableExternalDomainTLSKey instead.
 	DisableAutoTLSAnnotationKey = PublicGroupName + "/disableAutoTLS"
 
 	// DisableAutoTLSAnnotationAltKey is an alternative casing to DisableAutoTLSAnnotationKey
+	// Deprecated: use DisableExternalDomainTLSKey instead.
 	DisableAutoTLSAnnotationAltKey = PublicGroupName + "/disable-auto-tls"
 
+	// DisableExternalDomainTLSKey is the annotation key attached to a Knative Service/DomainMapping
+	// to indicate that external-domain-tls should not be enabled for it.
+	DisableExternalDomainTLSKey = PublicGroupName + "/disable-external-domain-tls"
+
 	// HTTPOptionAnnotationKey is the annotation key attached to a Knative Service/DomainMapping
 	// to indicate the HTTP option of it.
 	HTTPOptionAnnotationKey = PublicGroupName + "/httpOption"
@@ -130,9 +136,21 @@ var (
 		CertificateClassAnnotationAltKey,
 	}
 
+	// Deprecated: use DisableExternalDomainTLSAnnotation instead.
 	DisableAutoTLSAnnotation = kmap.KeyPriority{
 		DisableAutoTLSAnnotationKey,
 		DisableAutoTLSAnnotationAltKey,
+
+		// backward compatibility
+		DisableExternalDomainTLSKey,
+	}
+
+	DisableExternalDomainTLSAnnotation = kmap.KeyPriority{
+		// backward compatibility
+		DisableAutoTLSAnnotationKey,
+		DisableAutoTLSAnnotationAltKey,
+
+		DisableExternalDomainTLSKey,
 	}
 
 	HTTPProtocolAnnotation = kmap.KeyPriority{
@@ -153,6 +171,11 @@ func GetHTTPProtocol(annotations map[string]string) (val string) {
 	return HTTPProtocolAnnotation.Value(annotations)
 }
 
+// Deprecated: use GetDisableExternalDomainTLS instead.
 func GetDisableAutoTLS(annotations map[string]string) (val string) {
 	return DisableAutoTLSAnnotation.Value(annotations)
 }
+
+func GetDisableExternalDomainTLS(annotations map[string]string) (val string) {
+	return DisableExternalDomainTLSAnnotation.Value(annotations)
+}