We could add a kubectl describe issuer instruction after it has been applied, to verify that cert-manager has connected and authenticated with the TPP server.
kubectl describe issuer
Name: venafi-tpp-issuer
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"cert-manager.io/v1alpha2","kind":"Issuer","metadata":{"annotations":{},"name":"venafi-tpp-issuer","namespace":"default"},"s...
API Version: cert-manager.io/v1alpha3
Kind: Issuer
Metadata:
Creation Timestamp: 2020-03-27T11:47:09Z
Generation: 1
Resource Version: 3837
Self Link: /apis/cert-manager.io/v1alpha3/namespaces/default/issuers/venafi-tpp-issuer
UID: 2b57809a-6c3f-4008-83dd-4e7a86235623
Spec:
Venafi:
Tpp:
Credentials Ref:
Name: tpp-auth-secret
URL: https://uvo12g24lapmqvih1f3.env.cloudshare.com/vedsdk
Zone: Kubernetes
Status:
Conditions:
Last Transition Time: 2020-03-27T11:47:12Z
Message: Venafi issuer started
Reason: Venafi issuer started
Status: True
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Ready 6s cert-manager Verified issuer with Venafi server
We could add a kubectl describe issuer instruction after it has been applied, to verify that cert-manager has connected and authenticated with the TPP server.