You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I installed approver-policy 0.4.2 with cert-manager 1.10.0 and when issuing a certificate, it creates the CertficateRequest but then get stuck without any status (whole status section missing). I can see that it was approved by the policy in the events of the CR, but the status section is missing. Looks like approver-policy is not setting the status once approved ? Find below some details.
$> kubectl describe cr Istio-ca-lzjr8
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Approved 2m36s (x17 over 8m4s) policy.cert-manager.io Approved by CertificateRequestPolicy: "my-root"
$> kubectl get cr Istio-ca-lzjr8
NAMESPACE NAME APPROVED DENIED READY ISSUER REQUESTOR AGE
istio-system istio-ca-lzjr8 root system:serviceaccount:cert-manager:cert-manager 9m7s
Here is the content of my policy (which works fine. I can see in the events that depending on the certificate spec, the CR gets approved or not depending on wether it complies with the CertificateRequestPolicy).
Looks like the sa to be given the permission to approve signers for external issuer (here KMSIssuer) must be the cert-manager-approver-policy sa not the cert-manager sa. Working now, closing the issue.
I installed approver-policy 0.4.2 with cert-manager 1.10.0 and when issuing a certificate, it creates the CertficateRequest but then get stuck without any status (whole status section missing). I can see that it was approved by the policy in the events of the CR, but the status section is missing. Looks like approver-policy is not setting the status once approved ? Find below some details.
Here is the content of my policy (which works fine. I can see in the events that depending on the certificate spec, the CR gets approved or not depending on wether it complies with the CertificateRequestPolicy).
The text was updated successfully, but these errors were encountered: