New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certmanager: solve CannotRegenerateKey #28787
Conversation
Commit 4b2184a does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
4b2184a
to
9e61689
Compare
Commit 4b2184a does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! Looks good to me!
I had to look it up, but for context, this is what certmanager also recommends: https://cert-manager.io/docs/usage/certificate/
/test |
@universam1 It seems the failed CI test in Gateway API is due your branch lagging behind |
`CertManager` throws a warning with the current Helm chart because the `.spec.privateKey.rotationPolicy` is unset. ``` Type Reason Age From Message ---- ------ ---- ---- ------- Warning CannotRegenerateKey 12m cert-manager-certificates-key-manager User intervention required: existing private key in Secret "hubble-relay-client-certs" does not match requirements on Certificate resource, mismatching fields: [spec.privateKey.algorithm[], but cert-manager cannot create new private key as the Certificate's .spec.privateKey.rotationPolicy is unset or set to Never. To allow cert-manager to create a new private key you can set .spec.privateKey.rotationPolicy to 'Always' (this will result in the private key being regenerated every time a cert is renewed) ``` Signed-off-by: Samuel Lang <gh@lang-sam.de>
9e61689
to
c0d3b1f
Compare
Thanks for the heads up @gandro - rebased on current main |
/test |
CertManager
throws a warning with the current Helm chart because the.spec.privateKey.rotationPolicy
is unset.This will set the field to
Always
which allows rotation in case there is a need for, which can resolve potential issues of an invalid cert.Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.