search

mecodia / cert-manager-webhook-hetzner

A cert-manager integration with Hetzner DNS
Apache License 2.0
17 stars 12 forks source link

Crash on Certificate request #4

Closed modzilla99 closed 1 year ago

modzilla99 commented 2 years ago

When trying to request a certificate from LetsEncrypt the thing just crashes. I don't what happens exactly but this the error message:

goroutine 1899465 [running]:
golang.org/x/net/http2.(*serverConn).runHandler.func1(0xc0003bcb50, 0xc00097ff8e, 0xc00096a480)
    /go/pkg/mod/golang.org/x/net@v0.0.0-20200822124328-c89045814202/http2/server.go:2140 +0x193
panic(0x1abc060, 0xc000adb2c0)
    /usr/local/go/src/runtime/panic.go:965 +0x1b9
k8s.io/apimachinery/pkg/util/runtime.HandleCrash(0xc00097fc98, 0x1, 0x1)
    /go/pkg/mod/k8s.io/apimachinery@v0.19.0/pkg/util/runtime/runtime.go:55 +0x109
panic(0x1abc060, 0xc000adb2c0)
    /usr/local/go/src/runtime/panic.go:965 +0x1b9
k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP(0xc00000d068, 0x2077100, 0xc00011cc40, 0xc000469b00)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/server/filters/timeout.go:119 +0x43b
k8s.io/apiserver/pkg/server/filters.WithWaitGroup.func1(0x2077100, 0xc00011cc40, 0xc000469a00)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/server/filters/waitgroup.go:59 +0x137
net/http.HandlerFunc.ServeHTTP(0xc0006136b0, 0x2077100, 0xc00011cc40, 0xc000469a00)
    /usr/local/go/src/net/http/server.go:2069 +0x44
k8s.io/apiserver/pkg/endpoints/filters.WithRequestInfo.func1(0x2077100, 0xc00011cc40, 0xc000469900)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/endpoints/filters/requestinfo.go:39 +0x287
net/http.HandlerFunc.ServeHTTP(0xc0006136e0, 0x2077100, 0xc00011cc40, 0xc000469900)
    /usr/local/go/src/net/http/server.go:2069 +0x44
k8s.io/apiserver/pkg/endpoints/filters.WithWarningRecorder.func1(0x2077100, 0xc00011cc40, 0xc000469800)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/endpoints/filters/warning.go:35 +0x1a8
net/http.HandlerFunc.ServeHTTP(0xc00000d098, 0x2077100, 0xc00011cc40, 0xc000469800)
    /usr/local/go/src/net/http/server.go:2069 +0x44
k8s.io/apiserver/pkg/endpoints/filters.WithCacheControl.func1(0x2077100, 0xc00011cc40, 0xc000469800)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/endpoints/filters/cachecontrol.go:31 +0xa8
net/http.HandlerFunc.ServeHTTP(0xc00000d0b0, 0x2077100, 0xc00011cc40, 0xc000469800)
    /usr/local/go/src/net/http/server.go:2069 +0x44
k8s.io/apiserver/pkg/server/httplog.WithLogging.func1(0x206d5c0, 0xc0003bcb50, 0xc000bd2600)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/server/httplog/httplog.go:91 +0x2f1
net/http.HandlerFunc.ServeHTTP(0xc00008be40, 0x206d5c0, 0xc0003bcb50, 0xc000bd2600)
    /usr/local/go/src/net/http/server.go:2069 +0x44
k8s.io/apiserver/pkg/server/filters.withPanicRecovery.func1(0x206d5c0, 0xc0003bcb50, 0xc000bd2600)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/server/filters/wrap.go:51 +0xe6
net/http.HandlerFunc.ServeHTTP(0xc00008be60, 0x206d5c0, 0xc0003bcb50, 0xc000bd2600)
    /usr/local/go/src/net/http/server.go:2069 +0x44
k8s.io/apiserver/pkg/server.(*APIServerHandler).ServeHTTP(0xc000613710, 0x206d5c0, 0xc0003bcb50, 0xc000bd2600)
    /go/pkg/mod/k8s.io/apiserver@v0.19.0/pkg/server/handler.go:189 +0x51
net/http.serverHandler.ServeHTTP(0xc0005b8fc0, 0x206d5c0, 0xc0003bcb50, 0xc000bd2600)
    /usr/local/go/src/net/http/server.go:2887 +0xa3
net/http.initALPNRequest.ServeHTTP(0x207ad78, 0xc0007232c0, 0xc0007d6700, 0xc0005b8fc0, 0x206d5c0, 0xc0003bcb50, 0xc000bd2600)
    /usr/local/go/src/net/http/server.go:3459 +0x8d
golang.org/x/net/http2.(*serverConn).runHandler(0xc00096a480, 0xc0003bcb50, 0xc000bd2600, 0xc0008cac60)
    /go/pkg/mod/golang.org/x/net@v0.0.0-20200822124328-c89045814202/http2/server.go:2147 +0x8b
created by golang.org/x/net/http2.(*serverConn).processHeaders
    /go/pkg/mod/golang.org/x/net@v0.0.0-20200822124328-c89045814202/http2/server.go:1881 +0x505

My deployment:

certManager:
  namespace: cert-manager
extraArgs:
- --dns01-recursive-nameservers-only
- --dns01-recursive-nameservers="8.8.8.8:53"
ingressShim:
  defaultIssuerGroup: cert-manager.io
  defaultIssuerKind: ClusterIssuer
  defaultIssuerName: letsencrypt-prod
installCRDs: true
prometheus:
  enabled: true
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: justin.lamp96@gmail.com
    preferredChain: ""
    privateKeySecretRef:
      name: letsencrypt-prod
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - dns01:
        webhook:
          config:
            APIKey: MYKEY=
          groupName: dns.hetzner.cloud
          solverName: hetzner
modzilla99 commented 2 years ago

I am using a v1.22.3 cluster but that should not cause any issues as I ran the same config in a v1.22.2 cluster before.

toabi commented 1 year ago

Sorry this went under the radar, I guess you found a solution :D

It's a weird stacktrace only in third party code… I'm working on updating this whole thing a bit: #6