New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support configuration via operator subscription #4410
Comments
I, too, have this issue. I'm running on AWS with same versions as above, and I installed by OperatorHub. In my own troubleshooting I only got as far as determining that the Challenge is stuck in pending because it's "Waiting for dns-01 challenge propagation". It's querying a nameserver that's in my private zone, not the public one. The actual acme TXT record is publicly available. It seems like if cert-manager skipped the propagation check, the challenge would be satisfied and the acme cert would be issued. So it's just that propagation check that's holding things up. @jawnsy added a lot of detail I wasn't aware of. Thank you, sir! |
Setting Nameservers for DNS01 Self Check is still not possible when installing cert-manager from built in OperatorHub in OpenShift. Environment details
|
I believe that this issue is related: cert-manager/cert-manager-olm#22 |
Here is my current workaround in GCP: https://gist.github.com/bdurrow/e90bf7949b56476d955f489a0ef605fb |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
/remove-lifecycle rotten |
I've attempted to document the configuration options available to users of the existing OLM package: Please review and comment. |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/reopen |
@wallrj: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This came up again on Slack: https://kubernetes.slack.com/archives/C4NV3DWUC/p1698923865622489 |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is your feature request related to a problem? Please describe.
The OpenShift installer configures split-horizon DNS with internal (private) and external (public) parts. After configuring the DNS01 challenge, cert-manager checks the default DNS to wait for the record to propagate, which happens to be the internal DNS, and the DNS is never resolvable, since cert-manager added the entry to the external (public) DNS records.
cert-manager added a command-line option the DNS server to use for this check, but this can only be set from Helm, and not the Operator Subscription that installs cert-manager.
Describe the solution you'd like
It appears that the operator framework provides a facility for passing configuration settings to operators, so it would be nice if the DNS server list could be set there.
Describe alternatives you've considered
Additional context
Environment details (remove if not applicable):
/kind feature
The text was updated successfully, but these errors were encountered: