[octavia-ingress-controller] - Could not retrieve certificate

[lenglet-k]

/kind bug

What happened: I deployed Octavia Ingress Controller in Kubernetes cluster and when octavia attempt to create resources for ingress it get this error

INFO   [2022-09-19T16:04:54Z] secret created in Barbican                    ingress=ingress/exploitation-ingress-rules lbID=0c58e5f4-091a-44b6-b04e-aebc1895251c secretName=kube_ingress_rbs_ingress_exploitation-ingress-rules_monitoring-secret secretRef="https://key-managerxx.yyy.aaa.net/v1/secrets/XXXXX"

INFO   [2022-09-19T16:04:55Z] creating listener                             lbID=XXXX listenerName=kube_ingress_rbs_ingress_exploitation-ingress-rules
E0919 16:04:58.075473       1 controller.go:521] failed to create openstack resources for ingress ingress/exploitation-ingress-rules: error creating listener: Bad request with: [POST https://load-balancer.xxx.yyy.aaa.net/v2.0/lbaas/listeners], error message: {"faultcode": "Client", "faultstring": "Could not retrieve certificate: ['https://key-manager.xxx.yyy.aaa.net/v1/secrets/XXXX', 'https://key-manager..xxx.yyy.aaa.net/v1/secrets/XXXX']", "debuginfo": null}
I0919 16:04:58.075610       1 event.go:285] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"ingress", Name:"exploitation-ingress-rules", UID:"b0c9fca6-583c-4757-8317-c81785c9855c", APIVersion:"networking.k8s.io/v1", ResourceVersion:"2888684143", FieldPath:""}): type: 'Warning' reason: 'Failed' Failed to create openstack resources for ingress ingress/exploitation-ingress-rules: error creating listener: Bad request with: [POST https://load-balancer..xxx.yyy.aaa.net/v2.0/lbaas/listeners], error message: {"faultcode": "Client", "faultstring": "Could not retrieve certificate: ['https://key-manager.xxx.yyy.aaa.net/v1/secrets/XXX', 'https://key-manager.xxx.yyy.aaa.net/v1/secrets/XXX']", "debuginfo": null}

The listener creation failed. The certificate exist in barbican.

What you expected to happen: The listener and all ressources must be created

How to reproduce it:

• Use Managed Kubernetes Service on OVH
• Create secret in kubernetes
• Deploy octavia ingress controller
• Create ingress rule and see log

Environment:

• octavia-ingress-controller: 1.24.2
• OpenStack version: Stein
• Kubernetes 1.22

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes/cloud-provider-openstack/issues/1995#issuecomment-1434379210): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.