Problem
The certificate.yaml Helm template hardcodes group: cert-manager.io
when generating the cert-manager Certificate resource, even when
tls.certManager.existingIssuer.enabled=true.
This breaks setups that use external cert-manager issuer plugins whose
group differs from the standard one. For example, the
aws-privateca-issuer plugin uses the group awspca.cert-manager.io,
and providing an existingIssuer with kind: AWSPCAIssuer without the
correct group causes cert-manager to fail resolving the issuer.
Expected behavior
When tls.certManager.existingIssuer.enabled=true, the group field of
the issuer reference should be configurable by the user.
Fix
Add a tls.certManager.existingIssuer.group value (defaulting to
cert-manager.io for backward compatibility) and use it in the template.
A PR is open for this: #1797
Problem
The
certificate.yamlHelm template hardcodesgroup: cert-manager.iowhen generating the cert-manager
Certificateresource, even whentls.certManager.existingIssuer.enabled=true.This breaks setups that use external cert-manager issuer plugins whose
group differs from the standard one. For example, the
aws-privateca-issuerplugin uses the groupawspca.cert-manager.io,and providing an
existingIssuerwithkind: AWSPCAIssuerwithout thecorrect group causes cert-manager to fail resolving the issuer.
Expected behavior
When
tls.certManager.existingIssuer.enabled=true, thegroupfield ofthe issuer reference should be configurable by the user.
Fix
Add a
tls.certManager.existingIssuer.groupvalue (defaulting tocert-manager.iofor backward compatibility) and use it in the template.A PR is open for this: #1797