Hello,
I’m currently trying to setup TLS for the MongoDB deployment. I want to use the cert-manager to issue the certificates.
Cert-manager v1.6.0 was deployed way before I started deploying the MongoDB operator into our Azure Kubernetes Cluster. We already serve Let’s-Encrypt certificates with it. So, it is working. Further, the CRDs are applied and show up when I list them with.
$ kubectl get crds | grep cert-manager
certificaterequests.cert-manager.io
certificates.cert-manager.io
challenges.acme.cert-manager.io
clusterissuers.cert-manager.io
issuers.cert-manager.io
orders.acme.cert-manager.io
I have following options set in the deployment file
mongod:
security:
redactClientLogData: false
enableEncryption: true
So far so god, but I get an error:
"level":"error",
"ts":1637768579.1549218,
"logger":"controller_psmdb",
"msg":"issue cert with cert-manager",
"error":"create issuer: no matches for kind \"Issuer\" in version \"cert-manager.io/v1alpha2\"",
"stacktrace":
"github.com/go-logr/zapr.(*zapLogger).Error
/go/src/github.com/percona/percona-server-mongodb-operator/vendor/github.com/go-logr/zapr/zapr.go:128
github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb.(*ReconcilePerconaServerMongoDB).reconsileSSL
/go/src/github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb/ssl.go:37
github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb.(*ReconcilePerconaServerMongoDB).Reconcile
/go/src/github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb/psmdb_controller.go:296
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/go/src/github.com/percona/percona-server-mongodb-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:256
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/go/src/github.com/percona/percona-server-mongodb-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
/go/src/github.com/percona/percona-server-mongodb-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
/go/src/github.com/percona/percona-server-mongodb-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:152
k8s.io/apimachinery/pkg/util/wait.JitterUntil
/go/src/github.com/percona/percona-server-mongodb-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:153
k8s.io/apimachinery/pkg/util/wait.Until
/go/src/github.com/percona/percona-server-mongodb-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88"
I checked for permissions using:
$ kubectl --as=system:serviceaccount:mongo-database:percona-psmdb-operator auth can-i get -n mongo-database issuers
yes
Any idea where the issue lies? Is there an issue that the cert-manager and operator are located in dfiferent namespaces?