Closed avekrivoy closed 2 years ago
StefanAbl
commented
2 years ago I have a ClusterIssuer with a similar configuration as you running fine. I believe the problem is that addHost is set to false. I did some modifications to the code to make the option addHost: false work.
For debugging you could also try with addHost set to true.
avekrivoy
commented
2 years ago Thanks for the answer! I just managed to get it working by adding addService: false. Anyways, I’m creating those entries on the IPA side along with the A-record
avekrivoy
commented
2 years ago Here's how I got my ingress working with ClusterIssuer
Created A-record and service via FreeIPA cli tool:
ipa dnsrecord-add my.infra host --a-rec 192.168.1.4
ipa service-add HTTP/host.my.infra --force --skip-host-checkDefined cluster issuer:
apiVersion: certmanager.freeipa.org/v1beta1
kind: ClusterIssuer
metadata:
name: freeipa-clusterissuer
spec:
host: auth.my.infra
user:
namespace: freeipa-issuer-system
name: freeipa-auth
key: user
password:
namespace: freeipa-issuer-system
name: freeipa-auth
key: password
serviceName: HTTP
addHost: false
addService: false
addPrincipal: true
ca: ipa
insecure: trueIngress annotations
cert-manager.io/issuer: freeipa-clusterissuer
cert-manager.io/issuer-group: certmanager.freeipa.org
cert-manager.io/common-name: host.my.infra
cert-manager.io/issuer-kind: ClusterIssuerI had troubles with specifying correct cluster issuer, because cert-manager.io/cluster-issuer and cert-manager.io/issuer-group are incompatible. But I assume this is CertManager's behavior. So, maybe someone will find this note helpful
Can't get freeipa-issuer working with ClusterIssuer I'm getting
Seems like ClusterIssuer is missing
ignoreError: trueoptionIngress annotations:
What am I doing wrong here? Is ClusterIssuer supported?