-
Notifications
You must be signed in to change notification settings - Fork 2.1k
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cert-manager certificate always update when "helm install" command is executed. #4068
Comments
Hi, thanks for the issue!
Do you mean the X.509 certificate stored in the |
Hi @irbekrm, yes I'm using X.509 certificate. I don't know the cause of this behavior, secret is mounted inside the pod. I have Mongo stafefullset with TLS and the other pods that uses certificates also. I generated two certificates.
Both have the same issuer. To solve this I have to restart my Statefullset and my Pod. |
Thanks for the extra info! We should look into this, but at the moment I don't really know how to reproduce it- if you have any ideas that would be very helpful. |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I had a similar issue, not using helm but the ansible k8s module, which always reported a “changed” state. For me the solution was to specify spec:
duration: 2880h0m0s # 120d
renewBefore: 2160h0m0s # 90d |
I already searched in cert-manager docs about this behavior but I not found. I have cert-manager chart in my personal kubernetes configuration repository. The chart version is v1.3.0 and this version is running on my kubernetes cluster.
Bug description:
I have a pipeline integration in this repository and when some configuration is changed all the charts are applied again (including cert-manager chart). When the chart is applied again it updates the certificate (not renew) and the services that uses this certificate stop working.
My current certificate YAML template:
Expected behaviour:
Should not update the certificate when run "helm install" command.
Steps to reproduce the bug:
1- Create a certificate using Helm
2- Run "helm install" command again
Anything else we need to know?:
A provisory solution is rollback restart the services that uses the certificate.
Environment details::
/kind bug
The text was updated successfully, but these errors were encountered: