Home > Enterprise >  Cert-manager renewal time not showing correctly (incorrect duration)
Cert-manager renewal time not showing correctly (incorrect duration)

Time:12-16

I am following the devops guy tutorial for setting up CERT manager.

Steps:

Create new kind cluster

kind create cluster --name certmanager --image kindest/node:v1.19.1

get cert-manager yaml

curl -LO https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.yaml

Install cert-manager

kubectl apply -f cert-manager-1.0.4.yaml

Test the certificate creation process

kubectl create ns cert-manager-test

kubectl apply -f ./selfsigned/issuer.yaml

I modified the cert to look like (add duration and renewBefore)

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: selfsigned-cert
  namespace: cert-manager-test
spec:
  duration: 1h 
  renewBefore: 20m
  dnsNames:
    - example.com
  secretName: selfsigned-cert-tls
  issuerRef:
    name: test-selfsigned

Apply cert

kubectl apply -f ./selfsigned/certificate.yaml

kubectl describe certificate selfsigned-cert

Show the following

Spec:
  Dns Names:
    example.com
  Duration:  1h0m0s
  Issuer Ref:
    Name:        test-selfsigned
  Renew Before:  20m0s
  Secret Name:   selfsigned-cert-tls
Status:
  Conditions:
    Last Transition Time:  2021-12-14T00:35:09Z
    Message:               Certificate is up to date and has not expired
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2022-03-14T00:35:09Z
  Not Before:              2021-12-14T00:35:09Z
  Renewal Time:            2022-03-14T00:15:09Z
  Revision:                1

Why is the renewal time 90 days from today? It should be 1 hour from the time I created it ~ (2021-12-14T00:35:09Z) as I set the duration to 1 hour!

EDIT: I actually updated to the latest cert-manager (v.1.6.1) and did the exact same steps. It seems to work. Maybe it was bug in that version. Weird!

CodePudding user response:

Posted community wiki answer for better visibility based on the OP edit in the main question. Feel free to expand it.

The solution for the issue is to upgrade to the current, supported version (from the OP edit in main question):

I actually updated to the latest cert-manager (v.1.6.1) and did the exact same steps. It seems to work. Maybe it was bug in that version. Weird!

Version 1.6.1 is currently supported (as of today - 14.12.2021) until Feb 9, 2022.

Version 1.0.4 is outdated, not supported since Feb 10, 2021.

Page link:https//www.codepudding.com/Enterprise/229621.html

Prev:Get redis host url from terraform helm_release resource
Next:Tekton Pipelines: Enable alpha features using released pipelines yaml without the need to store (& m
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding