Maël Valais

From what I understand, Vault does a call to the [Kubernetes TokenReview API](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#tokenreview-v1beta1-authentication-k8s-io) to check that the token mounted in my `vault-0` container has not been revoked. It also checks...

Hi! I was able to reproduce the issue! Back in https://github.com/jetstack/cert-manager/issues/4144#issuecomment-884275324, I made a tiny mistake that was setting `iss` to `kubernetes/serviceaccount` instead of the issuer I was giving. I...

/kind feature /priority backlog

/retitle Make it possible to give a projected service account token to the Vault Issuer instead of a service account Secret

Out of curiosity (and putting aside the fact that cert-manager needs to support projected tokens at some point), what is the use-case for configuring Vault with the `iss` string `https://oidc.eks.eu-west-1.amazonaws.com/id/***`...

@avoidik Does it mean this issue is "solved" by using Vault 1.9.0? If the `iss` field isn't checked anymore, the whole problem gets solved and we don't need to bother...

tl;dr: | cert-manager -> Vault auth method | Supported by cert-manager in the built-in Vault Issuer? | |--|--| | Kubernetes auth | ✅ | | JWT auth | ❌ |...

I am not actively working on this anymore. Yes, it would be worth writing a doc summerizing the state of this issue. I had started writing [something](https://hackmd.io/MNQf9ReSR6GdkFl04oS-fA) but I think...

@hawksight @stevegore Thank you Peter and Steve! I had not realized that it was so easy to work around the problem of "cert-manager + Kubernetes 1.24". Since the work around...

While adding a unit test for RequestMatchesSpec, I hit a circular dependency because I was trying to use `internaltest.MustCreatePEMPrivateKey(t)`: ``` # github.com/jetstack/cert-manager/pkg/controller/certificates package github.com/jetstack/cert-manager/pkg/controller/certificates imports github.com/jetstack/cert-manager/pkg/controller/certificates/internal/test: import cycle not allowed...