James Peach

xref #2187 Given the wide variety of ways to configure and issue TLS certificates, integrating this into Contour is a fraught endeavor. Maybe a collaborating operator, but simply adding the...

> In my experience creating Certificate objects for the domain names directly is a good way forward as you don't necessarily want a separate TLS certificate for every domain name,...

Note that regex matching will not work with prefix rewrite, since Envoy regards them as disjoint configurations :(

FYI, we organized the filter chains differently in 1.4 to enforce SNI binding semantics. This strongly binds a SNI server name to the corresponding routes, but I expect that this...

@tthebst I'd prefer to not take a dependency on yq. Maybe we can whack this with sed?

Yeh, in the absence of something like #2088 that's the best we can do I think.

> Yeh, in the absence of something like #2088 that's the best we can do I think. One thing to try is to set the version to `master` on the...

I think that selection makes the most sense, "name" and "version" are the most useful, "part-of" could be a useful, but not so sure about it.

If we had kustomize, we could make it work https://github.com/projectcontour/contour/issues/2088

> @jpeach @youngnick So I think the easiest way to label everything is `kubectl label`. @tthebst Does kubectl need a running cluster to label the objects?