I am following the devops guy tutorial for setting up CERT manager.
Steps:
Create new kind cluster
kind create cluster --name certmanager --image kindest/node:v1.19.1
get cert-manager yaml
curl -LO https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.yaml
Install cert-manager
kubectl apply -f cert-manager-1.0.4.yaml
Test the certificate creation process
kubectl create ns cert-manager-test
kubectl apply -f ./selfsigned/issuer.yaml
I modified the cert to look like (add duration and renewBefore)
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: selfsigned-cert
namespace: cert-manager-test
spec:
duration: 1h
renewBefore: 20m
dnsNames:
- example.com
secretName: selfsigned-cert-tls
issuerRef:
name: test-selfsigned
Apply cert
kubectl apply -f ./selfsigned/certificate.yaml
kubectl describe certificate selfsigned-cert
Show the following
Spec:
Dns Names:
example.com
Duration: 1h0m0s
Issuer Ref:
Name: test-selfsigned
Renew Before: 20m0s
Secret Name: selfsigned-cert-tls
Status:
Conditions:
Last Transition Time: 2021-12-14T00:35:09Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2022-03-14T00:35:09Z
Not Before: 2021-12-14T00:35:09Z
Renewal Time: 2022-03-14T00:15:09Z
Revision: 1
Why is the renewal time 90 days from today? It should be 1 hour from the time I created it ~ (2021-12-14T00:35:09Z) as I set the duration to 1 hour!
EDIT: I actually updated to the latest cert-manager (v.1.6.1) and did the exact same steps. It seems to work. Maybe it was bug in that version. Weird!
