nokia / adcs-issuer Goto Github PK

I've got a more recent fork of this project working in a test EKS cluster but when i create a new Certificate resource it ends up going into an infinite loop where it creates a CertificateRequest, submits it, downloads the issued certificate from the CA, creates a valid kubernetes certificate, and then throws the following error which starts the whole process all over....seemingly forever.

E0825 22:18:19.942299 1 controller.go:158] cert-manager/controller/CertificateReadiness "msg"="re-queuing item due to error processing" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"testcert1\": the object has been modified; please apply your changes to the latest version and try again" "key"="adcs-issuer-system/testcert1"

I have been using the fork modified by @SimeonPoot which seems more current

I don't have the ability to build the CRDs or image at my organization because we limit the internet locations we can access. Is there any way you can build the image and push to DockerHub and make the CRDs part of a release?

Hi there,
how to make a correct "caBundle" for the AdcsIssuer.
i get an incorrect ca.crt generated, is that related to a wrong caBundel?

Downloaded and installed adcs issuer according to documentation, as well as extra documentation found at this github fork. When certificates are created / kube applied, the certificate generates a certificate request with a matching adcsrequest identical to that of the certificate request as expected. However, beyond this point, there is no sign of forward progress being made. Actions have been taking to debug this via use of an actual ADCS instance, the simulator hosted locally as well as varying control managers, images and API Versions to no avail. It does not appear that any connection is being attempted by the issuer itself. Furthermore, the simulator does not receive any attempts at a connection either as it remains idle at cd test/adcs-sim && go run main.go -dns example.com && cd - Startign with id = 0 as expected with no connection attempts at all.

The environment is an on-prem single node Kubernetes cluster using rancher and traefik for ingress that is attempting to connect to an intermediary ADCS node. We believe that the caBundle as well as the NTLM authentication is correct when configuring the issuer, however even if this were incorrect it would be expected that the logs within ADCS would indicate rejections yet the node is not receiving any connection attempts at all. Upon executing kubectl describe certificaterequest <cr_name> within events it simply indicates that it is waiting and "processing ADCS request".

@JoshVanL @ctrought

Hi there,
i get with make manager this error message:

/root/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/webhook/parser.go:98:29: undefined: v1beta1.Webhook

this will not help:

(cd .. && GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/[email protected])

an help here.
thanks

error: unable to recognize "adsc.yaml": no matches for kind "ClusterAdcsIssuer" in version "cert-manager.io/v1alpha2"

I am new to this, can you please share what is the API version that i should use in order to created ClusterAdcsIssuer

Hi,
I just want to ask about this project status. cert-manager/cert-manager#2288 is already merged in cert-manager and README is not updated yet. Also, I haven't seen any new development recently

Hi there,
the correct caBundele is registered to the Adcs issuer.
But the generated "ca.crt" in the certificate is not valid, readable.
What am i doing wrong here?

Thanks for any help.
@SimeonPoot, i use your fork (thanks)