Cert-manager failed to connect with stepca issuer on a ipv6 system
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Invalid
|
Medium
|
Greg Waines |
Bug Description
Brief Description
-----------------
Cert-manager failed to connect with stepca issuer on a ipv6 system
Severity
--------
Major
Steps to Reproduce
------------------
1)On a ipv6 system, create a following stepca issuer with "kubectl create -f stepca-issuer.yaml"
apiVersion: cert-manager.
kind: ClusterIssuer
metadata:
name: stepca-issuer
namespace: cert-manager
spec:
acme:
server: https:/
skipTLSVerify: true
email: <email address hidden>
privateKeySe
name: stepca-issuer
solvers:
- http01:
ingress:
class: nginx
2)the cert-manager fails to resolve the domainname of stepca to ipv6, instead it resolves to ipv4 which is network unreachable
[sysadmin@
Name: stepca-issuer
Namespace:
Labels: <none>
Annotations: <none>
API Version: cert-manager.
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2020-05-
Generation: 1
Managed Fields:
API Version: cert-manager.
Fields Type: FieldsV1
fieldsV1:
f:spec:
.:
f:acme:
.:
f:email:
.:
f:name:
f:server:
Manager: kubectl
Operation: Update
Time: 2020-05-
API Version: cert-manager.
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:acme:
Manager: controller
Operation: Update
Time: 2020-05-
Resource Version: 285266
Self Link: /apis/cert-
UID: bc0d12e8-
Spec:
Acme:
Email: <email address hidden>
Private Key Secret Ref:
Name: stepca-issuer
Server: https:/
Skip TLS Verify: true
Solvers:
http01:
Ingress:
Class: nginx
Status:
Acme:
Conditions:
Last Transition Time: 2020-05-
Message: Failed to verify ACME account: Post "https:/
Reason: ErrRegisterACME
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ErrInitIssuer 81m (x15 over 130m) cert-manager Error initializing issuer: Post "https:/
Warning ErrInitIssuer 75m cert-manager Error initializing issuer: context deadline exceeded
Warning ErrVerifyACMEAc
Warning ErrInitIssuer 75m (x2 over 75m) cert-manager Error initializing issuer: Get "https:/
Warning ErrVerifyACMEAc
Warning ErrVerifyACMEAc
[sysadmin@
Expected Behavior
------------------
The cm on ipv6 system should be connected with stepca issuer without any errors
Actual Behavior
----------------
cm on ipv6 system resolves stepca domainname to ipv4 instead of ipv6
Reproducibility
---------------
100%
System Configuration
-------
duplex system,wc_11_ipv6
Branch/Pull Time/Commit
-------
2020-04-28
Last Pass
---------
NA
Timestamp/Logs
--------------
2020-05-
Test Activity
-------------
Feature testing
Workaround
----------
NA
Changed in starlingx: | |
assignee: | nobody → Sabeel Ansari (sansariwr) |
Changed in starlingx: | |
assignee: | Sabeel Ansari (sansariwr) → Greg Waines (greg-waines) |
status: | Triaged → In Progress |
stx.4.0 / medium priority - issue related to recently submitted stx.4.0 cert-mgr feature