Closed marcokuznik closed 1 year ago
Hi @marcokuznik the issue you are describing looks like the same problem that was encountered in https://github.com/cert-manager/aws-privateca-issuer/issues/252 - as part of that we discovered that the annotation you need to use is cert-manager.io/issuer
instead of cert-manager.io/cluster-issuer
e.g.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: pca-cluster-issuer-rsa # bit weird to specify issuer instead of cluster-issuer here
cert-manager.io/issuer-kind: AWSPCAClusterIssuer
cert-manager.io/issuer-group: awspca.cert-manager.io
name: my-ingress-issuer-test
namespace: aws-privateca-issuer
spec:
rules:
- host: example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: 80
tls:
- hosts:
- example.com
secretName: myingress-issuer-cert
Documentation around the use of these annotations correctly can be found at https://cert-manager.io/docs/usage/ingress/ including details around the intended use cases for cert-manager.io/issuer
vscert-manager.io/cluster-issuer
.
Kyle
Updated the README to describe this issue and how to resolve it.
Resolving this issue.
Describe why this change is needed
Hello aws-privateca-issier team,
I tried to use aws-privateca-issuer with annotations of ingress resources, but didn't find a documentation how to apply the appotations to issue certificates automatically.
I configured my issuer as follows:
I used following annotations in the ingress ressource: cert-manager.io/cluster-issuer: my-root-ca
But no certificate is issued. When i create the certificatate and ingress ressources manually the the cluster gets the tls certificate provisioned by the private acm and everything is fine but with annotations I was not able to issue certificates.
Can you give me advice how to annotate the ingress to issue certificates automatically? Cert-manager annotation documentation has a view references to aws-privateca-issuer, but it is not clear how to use them.
using cert-manager version 1.11.0 and aws-privateca-issuer 1.2.4
Can you provide some documentation or any advices to make this work?
best regards, Marco
Describe solutions and alternatives considered (optional)
No response
Is there anything else you would like to add?
No response