Skip to content

Secrets are not updated when key stores added/removed #5246

Closed
Closed
Secrets are not updated when key stores added/removed#5246
Labels
kind/bugCategorizes issue or PR as related to a bug.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.
@kuznero

Description

@kuznero
kuznero
opened on Jun 29, 2022

Describe the bug:

When original certificate is created:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cert
spec:
  secretName: tls-secret
  issuerRef:
    name: issuer
    kind: ClusterIssuer
  usages:
    - server auth
    - client auth
  dnsNames:
    - localhost

tls-secret secret includes tls.crt, tls.key and ca.crt as expected. Then cert certificate changes to also include:

  keystores:
    pkcs12:
      create: true
      passwordSecretRef:
        name: pkcs12-pass
        key: password

After this nothing happens - Certificate Manager does not try to re-create/change tls-secret and add missing keystore.p12 file. Instead in order to get Certificate Manager to generate missing keystore.p12 entry, it requires to delete tls-secret and let Certificate Manager re-create it using updated specification.

Expected behaviour:

Certificate Manager should detect such specification changes for certificate and generate missing or remove extra entries whenever necessary.

Anything else we need to know?:

Environment details::

  • Kubernetes version: 1.22.6, 1.24.1 (probably most versions)
  • Cloud-provider/provisioner: Kind, AKS
  • cert-manager version: 1.8.1
  • Install method: helm

/kind bug

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions