Also, I have deployed cert-manager, exoscale-cert-manager-webhook, an API key as secret and an ingress controller. I have a domain registered and nameservers are configured correctly.
Problem
cert-manager cannot issue a certificate. Here are the logs
Cert-Manager
I0414 11:48:53.377777 1 dns.go:88] cert-manager/challenges/Present "msg"="presenting DNS01 challenge for domain" "dnsName"="example-project.aufschlag-barcamp.de" "domain"="example-project.aufschlag-bar
camp.de" "resource_kind"="Challenge" "resource_name"="example-project.aufschlag-barcamp.de-zfb27-236130982-1601768340" "resource_namespace"="admin" "resource_version"="v1" "type"="DNS-01"
E0414 11:48:53.380840 1 controller.go:167] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="exoscale.acme.exoscale.com is forbidden: User \"system:serviceaccount:admin:c
ert-manager\" cannot create resource \"exoscale\" in API group \"acme.exoscale.com\" at the cluster scope" "key"="admin/example-project.aufschlag-barcamp.de-zfb27-236130982-1601768340"
I0414 11:54:13.382177 1 dns.go:88] cert-manager/challenges/Present "msg"="presenting DNS01 challenge for domain" "dnsName"="example-project.aufschlag-barcamp.de" "domain"="example-project.aufschlag-bar
camp.de" "resource_kind"="Challenge" "resource_name"="example-project.aufschlag-barcamp.de-zfb27-236130982-1601768340" "resource_namespace"="admin" "resource_version"="v1" "type"="DNS-01"
E0414 11:54:13.385515 1 controller.go:167] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="exoscale.acme.exoscale.com is forbidden: User \"system:serviceaccount:admin:c
ert-manager\" cannot create resource \"exoscale\" in API group \"acme.exoscale.com\" at the cluster scope" "key"="admin/example-project.aufschlag-barcamp.de-zfb27-236130982-1601768340"
Cert Manager webhook
serviceaccount:admin:cert-manager-webhook-exoscale" cannot list resource "flowschemas" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
E0414 11:59:12.462170 1 reflector.go:138] k8s.io/client-go@v0.24.4/tools/cache/reflector.go:167: Failed to watch *v1beta2.FlowSchema: failed to list *v1beta2.FlowSchema: flowschemas.flowcontrol.apiserv
er.k8s.io is forbidden: User "system:serviceaccount:admin:cert-manager-webhook-exoscale" cannot list resource "flowschemas" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
W0414 11:59:30.074199 1 reflector.go:324] k8s.io/client-go@v0.24.4/tools/cache/reflector.go:167: failed to list *v1beta2.PriorityLevelConfiguration: prioritylevelconfigurations.flowcontrol.apiserver.k8
s.io is forbidden: User "system:serviceaccount:admin:cert-manager-webhook-exoscale" cannot list resource "prioritylevelconfigurations" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
E0414 11:59:30.074224 1 reflector.go:138] k8s.io/client-go@v0.24.4/tools/cache/reflector.go:167: Failed to watch *v1beta2.PriorityLevelConfiguration: failed to list *v1beta2.PriorityLevelConfiguration:
prioritylevelconfigurations.flowcontrol.apiserver.k8s.io is forbidden: User "system:serviceaccount:admin:cert-manager-webhook-exoscale" cannot list resource "prioritylevelconfigurations" in API group "flowc
ontrol.apiserver.k8s.io" at the cluster scope
W0414 12:00:02.945013 1 reflector.go:324] k8s.io/client-go@v0.24.4/tools/cache/reflector.go:167: failed to list *v1beta2.FlowSchema: flowschemas.flowcontrol.apiserver.k8s.io is forbidden: User "system:
serviceaccount:admin:cert-manager-webhook-exoscale" cannot list resource "flowschemas" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
E0414 12:00:02.945038 1 reflector.go:138] k8s.io/client-go@v0.24.4/tools/cache/reflector.go:167: Failed to watch *v1beta2.FlowSchema: failed to list *v1beta2.FlowSchema: flowschemas.flowcontrol.apiserv
er.k8s.io is forbidden: User "system:serviceaccount:admin:cert-manager-webhook-exoscale" cannot list resource "flowschemas" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
Expected outcome
a certificate is issued and ready
I have the following resources created: inside a SKS cluster
Also, I have deployed cert-manager, exoscale-cert-manager-webhook, an API key as secret and an ingress controller. I have a domain registered and nameservers are configured correctly.
Problem cert-manager cannot issue a certificate. Here are the logs
Cert-Manager
Cert Manager webhook
Expected outcome a certificate is issued and ready
I followed the instructions here https://www.exoscale.com/syslog/cert-manager-webhook-exoscale/