Comments (6)
@GStones one of your attribute keys has a misspelling:
csi:cert-manager.io/issuer-group
to csi.cert-manager.io/issuer-group
from csi-driver.
You must also set the 'issuer-group' annotation to the API group of your issuer type so the driver can look up the resource properly 😊
from csi-driver.
I have the same using adcs issuer
https://djkormo.github.io/adcs-issuer/
volumes:
- name: tls
csi:
driver: csi.cert-manager.io
readOnly: true
volumeAttributes:
csi.cert-manager.io/issuer-name: adcs-sim-adcsclusterissuer
csi.cert-manager.io/issuer-kind: ClusterAdcsIssuer
csi.cert-manager.io/dns-names: ${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local
csi.cert-manager.io/uri-sans: "spiffe://cluster.local/ns/${POD_NAMESPACE}/pod/${POD_NAME}/${POD_UID}"
csi.cert-manager.io/common-name: "${SERVICE_ACCOUNT_NAME}.${POD_NAMESPACE}"
Events:
8s Normal cert-manager.io certificaterequest/adcs-sim-cert-4952p Certificate request has been approved by cert-manager.io
2s Warning FailedMount pod/csi-driver-app-pod MountVolume.SetUp failed for volume "tls" : rpc error: code = Unknown desc = submitting request: admission webhook "webhook.cert-manager.io"
denied the request: spec.issuerRef.kind: Invalid value: "ClusterAdcsIssuer": must be one of Issuer or ClusterIssuer
from csi-driver.
After adding missing annotations
volumes:
- name: tls
csi:
driver: csi.cert-manager.io
readOnly: true
volumeAttributes:
csi.cert-manager.io/issuer-name: adcs-sim-adcsclusterissuer
csi.cert-manager.io/issuer-kind: ClusterAdcsIssuer
csi.cert-manager.io/issuer-group: adcs.certmanager.csf.nokia.com
csi.cert-manager.io/dns-names: ${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local
csi.cert-manager.io/uri-sans: "spiffe://cluster.local/ns/${POD_NAMESPACE}/pod/${POD_NAME}/${POD_UID}"
csi.cert-manager.io/common-name: "${SERVICE_ACCOUNT_NAME}.${POD_NAMESPACE}"
I can see files inside my pod
/tls # ls -la total 4 dr-xr-x--- 3 root root 140 Feb 16 08:55 . drwxr-xr-x 1 root root 4096 Feb 16 08:55 .. drwxr-xr-x 2 root root 100 Feb 16 08:55 ..2024_02_16_08_55_39.1114861249 lrwxrwxrwx 1 root root 32 Feb 16 08:55 ..data -> ..2024_02_16_08_55_39.1114861249 lrwxrwxrwx 1 root root 13 Feb 16 08:55 ca.crt -> ..data/ca.crt lrwxrwxrwx 1 root root 14 Feb 16 08:55 tls.crt -> ..data/tls.crt lrwxrwxrwx 1 root root 14 Feb 16 08:55 tls.key -> ..data/tls.key
from csi-driver.
@munnerz I deploy this config and still has error:
Warning FailedMount 1s (x3 over 4s) kubelet MountVolume.SetUp failed for volume "tls" : rpc error: code = Unknown desc = submitting request: admission webhook "webhook.cert-manager.io" denied the request: spec.issuerRef.kind: Invalid value: "AWSPCAClusterIssuer": must be one of Issuer or ClusterIssuer
volumes:
- name: tls
csi:
readOnly: true
driver: csi.cert-manager.io
volumeAttributes:
csi.cert-manager.io/issuer-name: "rumble-root-ca"
csi.cert-manager.io/dns-names: ${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local
csi.cert-manager.io/issuer-kind: "AWSPCAClusterIssuer"
csi:cert-manager.io/issuer-group: "awspca.cert-manager.io"
csi.cert-manager.io/common-name: "${SERVICE_ACCOUNT_NAME}.${POD_NAMESPACE}"
from csi-driver.
Many thanks!
from csi-driver.
Related Issues (20)
- Receiving timeout error on Pod HOT 2
- Support all subject attributes
- JKS support HOT 1
- [deleted]
- Unable to get CSINode registered properly in k3s HOT 1
- Volume empty HOT 2
- SubPath support is broken or missing
- Update images to not utilize k8s.gcr.io HOT 2
- Push new tag for chart fixes HOT 1
- Release Helm Chart v0.5.1 / v0.6.0 HOT 4
- Add explicit namespace to all namespaced resources in Helm chart HOT 1
- E2E Test Cleanup HOT 1
- Feature Request: Add volumeAttributes to the generated CertificateRequest HOT 1
- Feature Request: Plase support setting the owner, group and permissions of TLS volume HOT 1
- rpc error: code = Unknown desc = mkdir /mnt: read-only file system HOT 3
- Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver
- Broken comma-separated splitting logic
- Certificate renewal doesn't change file 'modified date'
- Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csi-driver.