helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard

Published 20 hours ago verified publisher icon kubewarden

Can not specify / use a ClusterIssuer for kubewarden tls cert

Open Martin-Weiss opened this issue 2 years ago • 2 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

When deploying cert-manager we create a CA and a ClusterIssuer and want to use the ClusterIssuer also for Kubewarden. Unfortunately the helm chart does not allow to specify the usage of a ClusterIssuer. Seems there is just support for an "Issuer".

Expected Behavior

ClusterIssuer should be able to be used.

Steps To Reproduce

  1. deploy cert-manager with self-signed CA and create a ClusterIssuer
  2. try to use the ClusterIssuer with Kubewarden helm chart deployment

Environment

- OS: Linux / SLES 15 SP4
- Architecture: x86_64

Anything else?

No response

Martin-Weiss avatar Nov 22 '22 09:11 Martin-Weiss

In case we give the user the option to create and use their own issuer we should give them the option to use a ClusterIssuer and/or a namesaced issuer:

# source options:
  # - "cert-manager-self-signed": Scaffold cert-manager integration, and create
  #  a self-signed certificate with a cert-manager self-signed Issuer. Depends
  #  on cert-manager. (default)
  # - "cert-manager": Scafffold cert-manager integration. User configures their
  #  own Issuer. Depends on cert-manager. Set tls.certManagerIssuerName to the
  #  desired Issuer.

Otherwise the “User configures their own Issuer.” does not make much sense vs "Kubewarden creates the issuer"..

(Each issuer should be added to the trusted CA store and should be verified / validated)

Martin-Weiss avatar Nov 22 '22 10:11 Martin-Weiss

Relates to https://github.com/kubewarden/helm-charts/issues/19.

viccuad avatar Dec 02 '22 09:12 viccuad