ctrought
commented
2 years ago Did you check the logs of the controllers (both cert-manager and adcs) to see if there were any obvious errors?
Open BatmaniNRobin opened 3 years ago
ctrought
commented
2 years ago Did you check the logs of the controllers (both cert-manager and adcs) to see if there were any obvious errors?
Downloaded and installed adcs issuer according to documentation, as well as extra documentation found at this github fork. When certificates are created / kube applied, the certificate generates a certificate request with a matching adcsrequest identical to that of the certificate request as expected. However, beyond this point, there is no sign of forward progress being made. Actions have been taking to debug this via use of an actual ADCS instance, the simulator hosted locally as well as varying control managers, images and API Versions to no avail. It does not appear that any connection is being attempted by the issuer itself. Furthermore, the simulator does not receive any attempts at a connection either as it remains idle at
cd test/adcs-sim && go run main.go -dns example.com && cd - Startign with id = 0as expected with no connection attempts at all.The environment is an on-prem single node Kubernetes cluster using rancher and traefik for ingress that is attempting to connect to an intermediary ADCS node. We believe that the caBundle as well as the NTLM authentication is correct when configuring the issuer, however even if this were incorrect it would be expected that the logs within ADCS would indicate rejections yet the node is not receiving any connection attempts at all. Upon executing
kubectl describe certificaterequest <cr_name>within events it simply indicates that it is waiting and "processing ADCS request".@JoshVanL @ctrought