apiVersion: certmanager.freeipa.org/v1beta1
kind: ClusterIssuer
metadata:
name: ipa-issuer
spec:
host: ipa.example.com
user:
name: freeipa-auth
namespace: freeipa-issuer-system
key: user
password:
name: freeipa-auth
namespace: freeipa-issuer-system
key: password
# Optionals
serviceName: HTTP
addHost: true
addService: true
addPrincipal: true
ca: ipa
# Do not check certificate of IPA server connection
insecure: true # unless you can create your own container and inject IPA server CA as trusted.
# This fixes a bug when adding a service
ignoreError: true
This is the ClusterIssuer
and the cert-manager.io certificate resource:
I am seeing following error:
I debugged the code and found: https://github.com/guilhem/freeipa-issuer/blob/797082b5d5779554c684cdf7c2a8602e05777022/controllers/certificaterequest.go#L92
I changed it to:
cr.Spec.IssuerRef.Kind "ClusterIssuer"
but looks like the there are more changes required for the ClusterIssuer.