search

djkormo / adcs-issuer

BSD 3-Clause "New" or "Revised" License
16 stars 8 forks source link

namespace=adcs-issuer error="Secret \"adcs-issuer-secret\" not found" #51

Closed StefanSa closed 4 months ago

StefanSa commented 5 months ago

@djkormo Cześć Krzysztof First of all, thank you for this repo. I rolled out the controller using the helmet chart. It runs in the namespace adcs-isuer. The missing and claimed secret adcs-issuer-secret is actually also in the same namespace.

namespace=adcs-issuer error="Secret \"adcs-issuer-secret\" not found"

So i don't understand why he can't find the secret. Any idea what I am doing wrong here?

Pozdrowienia z Niemiec do Polski.

djkormo commented 5 months ago

Add all your helm commands and values file . I'll try to recreate this error.

StefanSa commented 5 months ago

I will give you more detailed information tomorrow. Miłego wieczoru.

StefanSa commented 4 months ago

@djkormo The steps i have taken

helm lint chart/adcs-issuer
helm template charts/adcs-issuer -n adcs-issuer --values charts/adcs-issuer/values.yaml > adcs-issuer-all.yaml
kubectl  --namespace adcs-issuer apply -f adcs-issuer-all.yaml

Secret adcs-issuer-credentials (only for testing)

apiVersion: v1
kind: Secret
metadata:
  name: adcs-issuer-credentials
  namespace: adcs-issuer # namespace of cert managera and adcs operator
type: Opaque
data:
  password: REDACTED # Password
  username: REDACTED # username

ClusterAdcsIssuer (only for testing)

---
apiVersion: adcs.certmanager.csf.nokia.com/v1
kind: ClusterAdcsIssuer
metadata:
  name: adcsissuer-cluster
spec:
  caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxRENDQXBDZ0F3SUJBZ0lRUndrQjB1MjdMNXhHV1ZuSmRMT09KREFOQmd
    credentialsRef:
    name: adcs-issuer-secret
  statusCheckInterval: 2m
  retryInterval: 2m
  url: https://certsrv/
  templateName: letsencrypt

cert request

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  annotations:
  name: adcs-cert
  namespace: adcs-issuer
spec:
  commonName: test.local
  dnsNames:
  - service1.test.local
  - service2.test.local
  issuerRef:
    group: adcs.certmanager.csf.nokia.com
    kind: ClusterAdcsIssuer
    name: adcsissuer-cluster
  secretName: webhook-server-cert
#  subject:
#    organizations:
#      - example.com
#      - anybody.com

error message:

ts=2024-02-08T08:38:35.400221974Z level=error logger=controller.adcsrequest msg="Couldn't get issuer" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer adcsrequest=adcs-issuer/adcs-cert-1 issuer="{adcsissuer-cluster ClusterAdcsIssuer adcs.certmanager.csf.nokia.com}" error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227"
2024-02-08T08:38:35.400388458Z ts=2024-02-08T08:38:35.40028887Z level=error logger=controller.adcsrequest msg="Reconciler error" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227"
ts=2024-02-08T08:38:35.405524885Z level=info logger=controller.adcsrequest msg="Processing request" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer adcsrequest=adcs-issuer/adcs-cert-1
2024-02-08T08:38:35.405639557Z ts=2024-02-08T08:38:35.405593712Z level=error logger=controller.adcsrequest msg="Couldn't get issuer" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer adcsrequest=adcs-issuer/adcs-cert-1 issuer="{adcsissuer-cluster ClusterAdcsIssuer adcs.certmanager.csf.nokia.com}" error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227"
2024-02-08T08:38:35.405669096Z ts=2024-02-08T08:38:35.405628351Z level=error logger=controller.adcsrequest msg="Reconciler error" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.1
djkormo commented 4 months ago

As a temporary workaround change in deployment from - --cluster-resource-namespace=cert-manager to - --cluster-resource-namespace=adcs-issuer

StefanSa commented 4 months ago

@djkormo It works perfectly. Thanks for your help -> Dziękujemy za pomoc

jamallorock commented 4 months ago

I confirm. Local change improves the situation. We are working on a global solution.

djkormo commented 4 months ago

We added more examples for installation via helm charts

https://github.com/djkormo/adcs-issuer/tree/master/install-examples

Please use this file https://github.com/djkormo/adcs-issuer/blob/master/install-examples/values-adcs-issuer-namespace.yaml as your base configuration.

jamallorock commented 4 months ago

@StefanSa Please confirm proposed solution.

StefanSa commented 4 months ago

@jamallorock @djkormo I can confirm that this solution works. Thanks for the quick help.

djkormo commented 4 months ago

Check new 2.0.9 version