Closed StefanSa closed 4 months ago
Add all your helm commands and values file . I'll try to recreate this error.
I will give you more detailed information tomorrow. Miłego wieczoru.
@djkormo The steps i have taken
helm lint chart/adcs-issuer
helm template charts/adcs-issuer -n adcs-issuer --values charts/adcs-issuer/values.yaml > adcs-issuer-all.yaml
kubectl --namespace adcs-issuer apply -f adcs-issuer-all.yaml
Secret adcs-issuer-credentials (only for testing)
apiVersion: v1
kind: Secret
metadata:
name: adcs-issuer-credentials
namespace: adcs-issuer # namespace of cert managera and adcs operator
type: Opaque
data:
password: REDACTED # Password
username: REDACTED # username
ClusterAdcsIssuer (only for testing)
---
apiVersion: adcs.certmanager.csf.nokia.com/v1
kind: ClusterAdcsIssuer
metadata:
name: adcsissuer-cluster
spec:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxRENDQXBDZ0F3SUJBZ0lRUndrQjB1MjdMNXhHV1ZuSmRMT09KREFOQmd
credentialsRef:
name: adcs-issuer-secret
statusCheckInterval: 2m
retryInterval: 2m
url: https://certsrv/
templateName: letsencrypt
cert request
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
annotations:
name: adcs-cert
namespace: adcs-issuer
spec:
commonName: test.local
dnsNames:
- service1.test.local
- service2.test.local
issuerRef:
group: adcs.certmanager.csf.nokia.com
kind: ClusterAdcsIssuer
name: adcsissuer-cluster
secretName: webhook-server-cert
# subject:
# organizations:
# - example.com
# - anybody.com
error message:
ts=2024-02-08T08:38:35.400221974Z level=error logger=controller.adcsrequest msg="Couldn't get issuer" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer adcsrequest=adcs-issuer/adcs-cert-1 issuer="{adcsissuer-cluster ClusterAdcsIssuer adcs.certmanager.csf.nokia.com}" error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227"
2024-02-08T08:38:35.400388458Z ts=2024-02-08T08:38:35.40028887Z level=error logger=controller.adcsrequest msg="Reconciler error" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227"
ts=2024-02-08T08:38:35.405524885Z level=info logger=controller.adcsrequest msg="Processing request" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer adcsrequest=adcs-issuer/adcs-cert-1
2024-02-08T08:38:35.405639557Z ts=2024-02-08T08:38:35.405593712Z level=error logger=controller.adcsrequest msg="Couldn't get issuer" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer adcsrequest=adcs-issuer/adcs-cert-1 issuer="{adcsissuer-cluster ClusterAdcsIssuer adcs.certmanager.csf.nokia.com}" error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227"
2024-02-08T08:38:35.405669096Z ts=2024-02-08T08:38:35.405628351Z level=error logger=controller.adcsrequest msg="Reconciler error" reconcilergroup=adcs.certmanager.csf.nokia.com reconcilerkind=AdcsRequest name=adcs-cert-1 namespace=adcs-issuer error="Secret \"adcs-issuer-secret\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.1
As a temporary workaround change in deployment from
- --cluster-resource-namespace=cert-manager
to
- --cluster-resource-namespace=adcs-issuer
@djkormo It works perfectly. Thanks for your help -> Dziękujemy za pomoc
I confirm. Local change improves the situation. We are working on a global solution.
We added more examples for installation via helm charts
https://github.com/djkormo/adcs-issuer/tree/master/install-examples
Please use this file https://github.com/djkormo/adcs-issuer/blob/master/install-examples/values-adcs-issuer-namespace.yaml as your base configuration.
@StefanSa Please confirm proposed solution.
@jamallorock @djkormo I can confirm that this solution works. Thanks for the quick help.
Check new 2.0.9 version
@djkormo Cześć Krzysztof First of all, thank you for this repo. I rolled out the controller using the helmet chart. It runs in the
namespace adcs-isuer
. The missing and claimed secretadcs-issuer-secret
is actually also in the same namespace.namespace=adcs-issuer error="Secret \"adcs-issuer-secret\" not found"
So i don't understand why he can't find the secret. Any idea what I am doing wrong here?
Pozdrowienia z Niemiec do Polski.