commit d72a3d49bc7a5bf55e965cc741e27122f8982cb6
Author: Michel Thebeau <email address hidden>
Date: Wed Mar 24 19:12:30 2021 -0400
add extraArgs enable-certificate-owner-ref
When removing an application (e.g., vault) that had provisioned a
certificate with cert-manager, "the issuer and certificate resources are
deleted, but the secret is left behind because it is not owned by the
certificate resource... This orphaned secret does not get updated on a
subsequent reapply and is then invalid when vault attempts to use it."
The workaround was to remove the secret manually before reapply.
Enable the option by default for StarlingX. Secrets will be
automatically removed when the certificate resource is deleted.
Closes-Bug: 1888900
Change-Id: I2b057a71da8dd761a891fc879ad9860c9822cba0
Signed-off-by: Michel Thebeau <email address hidden>
Reviewed: https:/ /review. opendev. org/c/starlingx /cert-manager- armada- app/+/784812 /opendev. org/starlingx/ cert-manager- armada- app/commit/ d72a3d49bc7a5bf 55e965cc741e271 22f8982cb6
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit d72a3d49bc7a5bf 55e965cc741e271 22f8982cb6
Author: Michel Thebeau <email address hidden>
Date: Wed Mar 24 19:12:30 2021 -0400
add extraArgs enable- certificate- owner-ref
When removing an application (e.g., vault) that had provisioned a
certificate with cert-manager, "the issuer and certificate resources are
deleted, but the secret is left behind because it is not owned by the
certificate resource... This orphaned secret does not get updated on a
subsequent reapply and is then invalid when vault attempts to use it."
The workaround was to remove the secret manually before reapply.
Enable the option by default for StarlingX. Secrets will be
automatically removed when the certificate resource is deleted.
Closes-Bug: 1888900 61a891fc879ad98 60c9822cba0
Change-Id: I2b057a71da8dd7
Signed-off-by: Michel Thebeau <email address hidden>