cert-manager with argocd (terraform) : wrong caBundle used #3536
Unanswered
guillaume130679
asked this question in
Q&A
Replies: 1 comment
-
The |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello everyone,
I am deploying containers in kubernetes on Google Kubernetes Engine and I use argocd to deploy K8s and I run into the following issue:
The certificates are distributed by "Let's Encrypt" and distributed with Vault.
Argocd deploys the k8s cluster (via terraform) but then again argocd keeps refreshing and loses synchronisation because the caBundle value (base64 encoded) differs from what is normally expected in the template.
I am not sure what is happening, but it looks as though a "default caBundle" is being given to the instance. It doesn't prevent the cluster and the underlying apps from working but it's just that argocd struggles to sync with the cluster to know it's state. It keeps losing sync.
I will be honest and I am not sure if the issue pertains to cert-manager here, or if it's related to the way vault delivers the certificate.
I guess I am simply trying to figure out if this behaviour is expected with cert-manager and if cert manager "picks up" a default pre-configured caBundle if there is any issue?
I hope that makes sense.
Thank you for your help.
Beta Was this translation helpful? Give feedback.
All reactions