Secret credentials not found

[Khaos66]

I just can't figure out why the adcs-issuer pod outputs this error on the console:

Error

ts=2024-04-09T15:09:01.543158806Z level=error msg="Reconciler error" controller=adcsrequest 
controllerGroup=adcs.certmanager.csf.nokia.com controllerKind=AdcsRequest AdcsRequest="{tls-bagetter-1 bagetter}" 
namespace=bagetter name=tls-bagetter-1 reconcileID=5f20f147-1bf9-4317-a6b9-630b1c715416 error="Secret \"adcs-issuer-
credentials\" not found" stacktrace="sigs.k8s.io/controller-runtime/pkg/internal/controller.
(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-
runtime@v0.16.3/pkg/internal/controller/controller.go:329\nsigs.k8s.io/controller-runtime/pkg/internal/controller.
(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-
runtime@v0.16.3/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.
(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:227"

Steps

These are the steps I took:

• I have deployed the helm chart to my cluster
• I have created a Secret and a AdcsClusterIssuer see below
• I have deployed an Ingress and added the annotations

Resources

---
apiVersion: v1
kind: Secret
metadata:
  name: adcs-issuer-credentials
  namespace: cert-manager
type: Opaque
data: # Base64 encoded
  password: REDACTED # Password
  username: REDACTED # Username
---
apiVersion: adcs.certmanager.csf.nokia.com/v1
kind: AdcsClusterIssuer
metadata:
  name: my-adcs
  namespace: cert-manager
spec:
  caBundle: [  .... ]
  credentialsRef:
    name: adcs-issuer-credentials
  statusCheckInterval: 5m
  retryInterval: 5m
  url: "http://myca/certsrv"
  templateName: "My-Webserver-2Y"

Ingress

This is from another helm chart

  values:
     ingress:
        bagetter-ingress:
          enabled: true
          className: nginx
          annotations:
            kubernetes.io/ingress.class: nginx
            cert-manager.io/issuer: my-adcs
            cert-manager.io/issuer-kind: ClusterAdcsIssuer
            cert-manager.io/issuer-group: adcs.certmanager.csf.nokia.com
            cert-manager.io/renew-before: 48h

Result

• Ingress shows event CreateCertificate
• Certificate shows events Requested and Issuing
• Certificate Request shows events Pending and approved by cert-manager
• adcs-issuer pod shows error message from up there

The secret can be access via kubectl get secret adcs-issuer-credentials -n cert-manager I just can't find the issue...

[vrabbi]

what do your helm values look like? in which namespace did you deploy the ADCS Issuer helm chart?

The secret needs to be in the same namespace as the helm chart was deployed to, which must also be the same as what is set in the values.yaml under:

controllerManager:
  arguments:
    cluster-resource-namespace: adcs-issuer

Which is defaulted as can be seen above to be adcs-issuer

[Khaos66]

Thank you for the fast response <3 I guess I've missed that one. I'll give it a try

[Khaos66]

@vrabbi Thank you so much! It's working now 😍