When I use Istio to install cert-manager (via certmanager.enabled=true in helm) I noticed that cert-manager is deployed with image “quay.io/jetstack/cert-manager-controller:v0.6.2”. The latest version available is v0.8.1. Is there a reason why Istio uses an old version of cert-manager? Is it incompatible with newer versions?
@philrud Do you have any context to share?
@JimmyChen last time the cert-manager version was bumped up ahead of the 1.1 release (0.6.2 was the most recent stable version at the time). Stability was the main focus of Istio 1.2 release, so I would guess there was no strong enough reason to pull in an edge version of cert-manager into 1.2, but we should definitely consider upgrading in 1.3.
@philrud Out of curiousity, what’s the motivation behind packaging cert-manager into the istio releases ? Wouldnt it just be easier to expect the user to set it up similar to how RedisQuotas expect the user to be running their own redis servers ?
I was running into problems getting cert-manager working with let’s encrypt. Once I specified a newer version (v0.8.1) of cert-manager via the helm values file (certmanager:tag), it all started working. I haven’t run into any problems with the newer version of cert-manager with regards to Istio.