Maximo

 View Only

MAS Custom Certificates

  • 1.  MAS Custom Certificates

    Posted Thu May 18, 2023 05:02 AM
    Edited by Mohamed Skandaji Thu May 18, 2023 05:18 AM

    Hi All,

    We have a custom certificate IONOS provider, it's recommended to add a new webhook for IONOS to renew the MAS public certificates.
    it's work for me when I create a new project cert-manager and install the operator from  https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
    but I get the error below when I choose to install ibm-cert-manager-operator from Red Hat OperatorHub in ibm-common-services namespace ( as IBM recommended)
    I think it's due to missing RBAC for the Service Account   ibm-cert-manager-controller, please advise?
    ```````````
    cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="ionos.acme.fabmade.de is forbidden: User \"system:serviceaccount:ibm-common-services:ibm-cert-manager-controller\" 
    cannot create resource \"ionos\" in API group \"acme.fabmade.de\" at the cluster scope" "key"="mas-tst-core/tst-cert-public-llhcj-2221398163-4246310490"
    ``````````
    to install IONOS webhook for cert manager : https://github.com/fabmade/cert-manager-webhook-ionos
    Cert manager acme dns01 webhook provider for ionos - GitHub - fabmade/cert-manager-webhook-ionos: Cert manager acme dns01 webhook provider for ionos
    github.com

    Environment specs:
    OpenShift version 4.8.9
    Maximo Application Suite 8.10
    Manage 8.6



    ------------------------------
    Mohamed Skandaji
    Smartech
    +21624420600
    ------------------------------