-
Bug
-
Resolution: Done
-
Undefined
-
None
-
openshift-4.20
-
None
-
Quality / Stability / Reliability
-
False
-
-
2
-
Important
-
None
-
uShift Sprint 274
-
None
-
None
-
None
Description of problem:
When trying to test http01 solver with default Ingress in microshift it does not work because there is no IngressClassName. cert-manager expects to set the ingressClassName field on the temporary Ingress it creates for the challenge. If the corresponding IngressClass resource doesn't exist, even if MicroShift's router could handle it, cert-manager might not trust that it will, or it might be configured to explicitly look for an IngressClass definition. The absence of the IngressClass means the "glue" is missing for cert-manager to confidently direct the challenge to the router
Version-Release number of selected component (if applicable):
4.20
How reproducible:
Always
Steps to Reproduce:
1. Install microshift 4.20 cluster 2. Install cert-manager rpms 3. create namespace using command oc create ns test-cert-manager 4. create acme issuer using the yaml file below apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt-http01 spec: acme: privateKeySecretRef: name: acme-account-key server: https://acme-staging-v02.api.letsencrypt.org/directory solvers: - http01: ingress: ingressClassName: openshift-default 5. create a certificate using the yaml file below apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: cert-from-letsencrypt-http01 spec: commonName: microshift.gcp.devcluster.openshift.com dnsNames: - microshift.gcp.devcluster.openshift.com duration: 1h issuerRef: group: cert-manager.io kind: Issuer name: letsencrypt-http01 renewBefore: 58m secretName: cert-from-letsencrypt-http01 usages: - server auth
Actual results:
certificate never becomes ready
Expected results:
certificate should become ready
Additional info:
After creating an ingress class as below and updating issuer with the class name below, certificate became ready. apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: openshift-ingress spec: controller: openshift.io/ingress-to-route https://cert-manager.io/docs/configuration/acme/http01/#ingressclassname