sevenGroupFrance
commented
1 year ago maybe some more logs will help :
(I've just replace my real domain by mydomain.com
I0210 10:34:37.841012 1 dns.go:88] cert-manager/challenges/Present "msg"="presenting DNS01 challenge for domain" "dnsName"="ws.gitpod.interne.mydomain.com" "domain"="ws.gitpod.interne.mydomain.com" "resource_kind"="Challenge" "resource_name"="https-certificates-645zn-2610251316-2920530305" "resource_namespace"="gitpod" "resource_version"="v1" "type"="DNS-01"
E0210 10:34:37.850493 1 controller.go:167] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="ovh.mydomain.com is forbidden: User \"system:serviceaccount:cert-manager:ovh-cert-lab-cert-manager\" cannot create resource \"ovh\" in API group \"mydomain.com\" at the cluster scope" "key"="gitpod/https-certificates-645zn-2610251316-2920530305"
E0210 10:34:37.855419 1 controller.go:167] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="ovh.mydomain.com is forbidden: User \"system:serviceaccount:cert-manager:ovh-cert-lab-cert-manager\" cannot create resource \"ovh\" in API group \"mydomain.com\" at the cluster scope" "key"="gitpod/https-certificates-645zn-2610251316-2126292448"
K8S version : 1.23.14-1 I have updated cert manager to last version (1.11), and install this webhook with helm, completing the values.yml with the group name, activating the clusterIssuer and setting OVH credentials.
When i ask for a new certificate, I'm having this error in the cert manager pod : (I have set group name with my domain)
error = ovh.GROUP-NAME is forbidden: User "system:serviceaccount:cert-manager:ovh-cert-lab-cert-manager" cannot create resource "ovh" in API group "GROUP-NAME" at the cluster scope
Any idea of the problem ?
The cert-manager helm chart and the webhook has been installed in the same namespace. I've checked the ovh credentials secret, wich seems ok and in the same namespace as the webhook.