Document the liveness probes in cert-manager components

[wallrj]

Preview: https://deploy-preview-1217--cert-manager-website.netlify.app/docs/installation/best-practice/

Added documentation for the next release to compliment cert-manager/cert-manager#5962

• Report controller-manager as unhealthy if leader election has failed to renew the lease but process is wedged cert-manager#5962

[netlify]

✅ Deploy Preview for cert-manager-website ready!

Name	Link
🔨 Latest commit	7592cc1
🔍 Latest deploy log	https://app.netlify.com/sites/cert-manager-website/deploys/6482e1e20e0c840008691803
😎 Deploy Preview	https://deploy-preview-1217--cert-manager-website.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[wallrj]

/hold until we're sure we want to release this in 1.12

[irbekrm]

Thanks Richard, this makes sense and is a great write-up, thanks for adding all those links.

Could we also mention that we might want to enable the controller liveness probe by default in future if we see that there are actual edge cases (not cert-manager bugs) where this would be useful and can we add a note asking users to report back if they have discovered such?

[irbekrm]

This is interesting, I actually didn't realize that the behaviour was like that. I imagined that if a replica loses leader election (because another replica managed to become a leader) it would just become a standby and keep attempting to become a leader. I think that's how it works in raft.
However I do see that the way we do it is also how c/r does it https://github.com/kubernetes-sigs/controller-runtime/blob/cd65cb25d314f40a329a688f4714fe3282589e97/pkg/manager/internal.go#L646 so perhaps it makes sense to exit with an error because a leader election cannot be lost in a normal flow (there's no way how leadership could shift unless there is a fatal errror). Something to look into for myself 👀

[wallrj]

Could we also mention that we might want to enable the controller liveness probe by default in future if we see that there are actual edge cases (not cert-manager bugs) where this would be useful and can we add a note asking users to report back if they have discovered such?

Done.

[irbekrm]

/lgtm

[irbekrm]

Thank you Richard

/lgtm

[jetstack-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: irbekrm, wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [irbekrm,wallrj]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jetstack-bot]

Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits.

📝 Please follow instructions in the contributing guide to update your commits with the DCO

Full details of the Developer Certificate of Origin can be found at developercertificate.org.

The list of commits missing DCO signoff:

• b8d3012 Merge pull request Updates uninstall doc with backup and restore guide link #1191 from irbekrm/add_b_r_link
• 193b6b2 Merge pull request Helm install: add hint for installCRDs in both cases #1190 from pinguin999/update-helm-docs
• 27feafe Merge pull request Explains what happens if CertificateRequest is denied #1193 from irbekrm/update_approver
• cd7dae0 Merge pull request Remove unused script and references to deleted npm update script #1200 from wallrj/remove-unused-scripts-2
• d4d445f Merge pull request Clarify ingress-shim annotations #1203 from irbekrm/document_ingress_shim_annot
• 16d07eb Merge pull request Docs: Clarify zeroSSL setup instructions #1183 from chen-anders/patch-1
• d36cb3d Merge pull request Installation note about gke autopilot #1205 from sdarwin/docs
• 20113f0 Merge pull request Fix typos / some wording for approver-policy docs #1206 from SgtCoDFish/approver-policy
• 90e870d Merge pull request Faster ./scripts/gendocs/generate script #1201 from maelvls/faster-gendocs
• fa85b61 Merge pull request Update references to ingress objects in the nginx-ingress tutorial #1204 from yardenshoham/update-api
• e4f9df0 Merge pull request Update information related to failed issuances and CertificateRequest info #1195 from irbekrm/update_approver_again
• 870c4ac Merge pull request Updated info about issue-temporary-certificate #1207 from sdarwin/docs2
• a16f574 Merge pull request Go Workspace Documentation #1209 from SgtCoDFish/workspaces
• 6a5d27d Merge pull request release-process: explain how and when to merge master into release-next #1192 from maelvls/release-process-website
• 727aabc Merge pull request We settled on 26 april 2023 for the release of 1.12 #1211 from maelvls/release-date
• 767b0c8 Merge pull request Update release process to reflect autobuild #1210 from SgtCoDFish/autobuild
• d038692 Merge pull request Fix selector.issuerRef example to use map instead of list #1214 from wallrj/217-fix-approver-policy-example
• 5dd8ef7 Merge pull request Publish approver-policy API documentation #1215 from wallrj/approver-policy-api-docs
• 99373ef Merge pull request Wrap the cert-manager re-configuration instructions for easier reading #1216 from wallrj/clearer-cert-manager-reconfiguration-instructions
• 7526fe6 Merge pull request Add note about linux/arm64 support #1218 from SgtCoDFish/linuxarm64
• 4c32c12 Merge pull request Add more meeting info #1219 from SgtCoDFish/standups
• 9af4253 Merge pull request release-1.11: add a section in the release notes #1208 from maelvls/update-release-process
• f3eec86 Merge pull request Add inteon to OWNERS #1223 from cert-manager/add-inteon-owners
• 611f6d9 Merge pull request Fix a typo in usage/certificate docs #1221 from chamankang/fix/typo-usage-certificate
• 229e621 Merge pull request Fix leading whitespaces in YAML code block #1222 from thomasvn/patch-1
• 14717df Merge pull request trust-manager v0.5.0 #1226 from SgtCoDFish/trust-manager-0.5.0
• c033b91 Merge pull request Adds info about cmctl tag #1225 from irbekrm/cmctl_tag
• b6469db Merge pull request Add guidelines for writing release notes #1228 from maelvls/docs-on-release-notes
• df8d4d6 Merge pull request [Release 1.12] Merge release-next into master #1231 from maelvls/merge-release-next
• 063e7fa Merge pull request [Release-1.12] Freeze Docs and Bump Versions #1227 from maelvls/post-release-actions
• e78fc18 Merge pull request Adds a link to example approver-policy plugin implementation #1224 from irbekrm/add_policy_plugin_example
• a3c1c3d Merge pull request fix(supported-releases): fix the year of the 1.12 release date and eol #1237 from rinx-playground/fix-1-12-release-date-on-supported-releases-page
• 7d69f86 Merge pull request fix alt tag issue #1232 from relativelyrehan/fix_alt_tag_image
• 95d45f8 Merge pull request Fix supported-releases.md #1236 from cert-manager/fix-supported-releases
• e5ad315 Merge pull request Fix mistake in EOL year #1238 from cert-manager/fix_wrong_EOL_year
• a777dd6 Merge pull request Explain what FAO stands for #1239 from irbekrm/document_controller_fao_label

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[wallrj]

/unhold

[wallrj]

/override dco

[jetstack-bot]

@wallrj: Overrode contexts on behalf of wallrj: dco

In response to this:

/override dco

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[maelvls]

/lgtm