Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Banazai operator : CA secrets distributed by operator in all namespace causing errors in Cert Manager Ca Injector #478

Closed
3 tasks done
kumarBiplab1987 opened this issue May 24, 2024 · 2 comments
Closed
3 tasks done

Banazai operator : CA secrets distributed by operator in all namespace causing errors in Cert Manager Ca Injector #478

kumarBiplab1987 opened this issue May 24, 2024 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@kumarBiplab1987
Copy link

kumarBiplab1987 commented May 24, 2024
edited
Loading

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.
  • I agree to follow the Code of Conduct.

Operator Version

v1.22.1

Installation Type

Helm

Bank-Vaults Version

v1.31.0

Kubernetes Version

v1.25.5

Kubernetes Distribution/Provisioner

rancher

Expected Behavior

When distributing CA certs through operator it should not copy the cert manager annotations in the vault tls secrets.

Actual Behavior

We are using cert manager to manage the certificates of all vault services in our kubernetes cluster.
When we are trying to create a namespace for our services, Banzai is automatically creating secret includes ca cert in that namespace, which is having cert manager annotations in the metadata of the secret resource and cert manager CA injector pod is complains that associated certificates resource with the secret is not present in that namespace.

cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io "vault" not found" "certificate"={"Namespace":"infra","Name":"vault"} "secret"={"Namespace":"infra","Name":"vault-tls"}

Steps To Reproduce

  1. Install Banzai vault operator.
  2. Use Cert manager to generate vault certificates.
  3. Use "existingTlsSecretName: vault-tls" in the crd when bringing up the vault services.

Configuration

No response

Logs

Logs from the cert manager CA injector
cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io "vault" not found" "certificate"={"Namespace":"infra","Name":"vault"} "secret"={"Namespace":"infra","Name":"vault-tls"}

Additional Information

No response
@kumarBiplab1987 kumarBiplab1987 added the kind/bug Categorizes issue or PR as related to a bug. label May 24, 2024
@kumarBiplab1987
Copy link
Author

Linking the existing defect #124

@csatib02
Copy link
Member

Closing in favour of the original issue: #124

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kumarBiplab1987 @csatib02