search

aureq / cert-manager-webhook-ovh

OVH Webhook for Cert Manager
https://aureq.github.io/cert-manager-webhook-ovh/
Apache License 2.0
80 stars 14 forks source link

OVH API call failed #44

Open ClemCreator opened 7 months ago

ClemCreator commented 7 months ago

What happened?

E0418 13:17:18.602410 1 controller.go:167] "re-queuing item due to error processing" err="OVH API call failed: GET /domain/zone/MYDN.ovh/status - Get \"https://eu.api.ovh.com/1.0/domain/zone/MYDN.ovh/status\": net/http: invalid header field value for \"X-Ovh-Consumer\"" logger="cert-manager.challenges" key="cert-manager/MYDN-ovh-1-4057160949-2135846745"

Expected Behavior

non error during this process

Steps to reproduce

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: MYBASEDN-ovh
spec:
  dnsNames:
  - "MYBASEDN.ovh"
  - "*.MYBASEDN.ovh"
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  secretName: MYBASEDN-ovh-tls
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: MYEMAIL@example.com
    privateKeySecretRef:
      name: letsencrypt-account-key
    solvers:
    - dns01:
        webhook:
          groupName: "dev.MYDN.be"
          solverName: ovh
          config:
            endpoint: ovh-eu
            applicationKeyRef:
              key: applicationKey
              name: ovh-credentials
            applicationSecretRef:
              key: applicationSecret
              name: ovh-credentials
            consumerKeyRef:
              key: consumerKey
              name: ovh-credentials
---   
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: ovh-credentials
  namespace: cert-manager
data:
  applicationKey: "*********************"
  applicationSecret: ""*********************""
  consumerKey: ""*********************""
 ---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cert-manager-webhook-ovh:secret-reader
rules:
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["ovh-credentials"]
  verbs: ["get", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cert-manager-webhook-ovh:secret-reader
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cert-manager-webhook-ovh:secret-reader
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager-webhook-ovh

Versions in use

cert-manager: v1.14.4 K8s Rev: v1.24.4 chart version: 0.6.0

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).