GithubHelp home page GithubHelp logo

Comments (6)

JoshVanL avatar JoshVanL commented on July 25, 2024 2

@GStones one of your attribute keys has a misspelling:

csi:cert-manager.io/issuer-group to csi.cert-manager.io/issuer-group

from csi-driver.

munnerz avatar munnerz commented on July 25, 2024 1

You must also set the 'issuer-group' annotation to the API group of your issuer type so the driver can look up the resource properly 😊

from csi-driver.

djkormo avatar djkormo commented on July 25, 2024

I have the same using adcs issuer

https://djkormo.github.io/adcs-issuer/

  volumes:
    - name: tls
      csi:
        driver: csi.cert-manager.io
        readOnly: true
        volumeAttributes:
          csi.cert-manager.io/issuer-name: adcs-sim-adcsclusterissuer
          csi.cert-manager.io/issuer-kind: ClusterAdcsIssuer
          csi.cert-manager.io/dns-names: ${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local
          csi.cert-manager.io/uri-sans: "spiffe://cluster.local/ns/${POD_NAMESPACE}/pod/${POD_NAME}/${POD_UID}"
          csi.cert-manager.io/common-name: "${SERVICE_ACCOUNT_NAME}.${POD_NAMESPACE}"

Events:
8s Normal cert-manager.io certificaterequest/adcs-sim-cert-4952p Certificate request has been approved by cert-manager.io
2s Warning FailedMount pod/csi-driver-app-pod MountVolume.SetUp failed for volume "tls" : rpc error: code = Unknown desc = submitting request: admission webhook "webhook.cert-manager.io"
denied the request: spec.issuerRef.kind: Invalid value: "ClusterAdcsIssuer": must be one of Issuer or ClusterIssuer

from csi-driver.

djkormo avatar djkormo commented on July 25, 2024

After adding missing annotations

  volumes:
    - name: tls
      csi:
        driver: csi.cert-manager.io
        readOnly: true
        volumeAttributes:
          csi.cert-manager.io/issuer-name: adcs-sim-adcsclusterissuer
          csi.cert-manager.io/issuer-kind: ClusterAdcsIssuer
          csi.cert-manager.io/issuer-group: adcs.certmanager.csf.nokia.com
          csi.cert-manager.io/dns-names: ${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local
          csi.cert-manager.io/uri-sans: "spiffe://cluster.local/ns/${POD_NAMESPACE}/pod/${POD_NAME}/${POD_UID}"
          csi.cert-manager.io/common-name: "${SERVICE_ACCOUNT_NAME}.${POD_NAMESPACE}"

I can see files inside my pod

/tls # ls -la
total 4
dr-xr-x---    3 root     root           140 Feb 16 08:55 .
drwxr-xr-x    1 root     root          4096 Feb 16 08:55 ..
drwxr-xr-x    2 root     root           100 Feb 16 08:55 ..2024_02_16_08_55_39.1114861249
lrwxrwxrwx    1 root     root            32 Feb 16 08:55 ..data -> ..2024_02_16_08_55_39.1114861249
lrwxrwxrwx    1 root     root            13 Feb 16 08:55 ca.crt -> ..data/ca.crt
lrwxrwxrwx    1 root     root            14 Feb 16 08:55 tls.crt -> ..data/tls.crt
lrwxrwxrwx    1 root     root            14 Feb 16 08:55 tls.key -> ..data/tls.key

from csi-driver.

GStones avatar GStones commented on July 25, 2024

@munnerz I deploy this config and still has error:

  Warning  FailedMount  1s (x3 over 4s)  kubelet   MountVolume.SetUp failed for volume "tls" : rpc error: code = Unknown desc = submitting request: admission webhook "webhook.cert-manager.io" denied the request: spec.issuerRef.kind: Invalid value: "AWSPCAClusterIssuer": must be one of Issuer or ClusterIssuer  

volumes:
  - name: tls
    csi:
      readOnly: true
      driver: csi.cert-manager.io
      volumeAttributes:
        csi.cert-manager.io/issuer-name: "rumble-root-ca"
        csi.cert-manager.io/dns-names: ${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local
        csi.cert-manager.io/issuer-kind: "AWSPCAClusterIssuer"
        csi:cert-manager.io/issuer-group: "awspca.cert-manager.io"
        csi.cert-manager.io/common-name: "${SERVICE_ACCOUNT_NAME}.${POD_NAMESPACE}"

from csi-driver.

GStones avatar GStones commented on July 25, 2024

Many thanks!

from csi-driver.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.