search

zachomedia / cert-manager-webhook-pdns

A PowerDNS webhook for cert-manager
MIT License
59 stars 35 forks source link

Panic in validate #39

Closed nogweii closed 1 year ago

nogweii commented 1 year ago

Getting this stack trace in my logs for the pdns container a lot:

E0704 10:21:48.586927       1 runtime.go:77] Observed a panic: runtime error: invalid memory address or nil pointer dereference
goroutine 440780 [running]:
k8s.io/apiserver/pkg/endpoints/handlers/finisher.finishRequest.func1.1()
        /go/pkg/mod/k8s.io/apiserver@v0.24.1/pkg/endpoints/handlers/finisher/finisher.go:105 +0xaf
panic({0x1ce6020, 0x331ae00})
        /usr/local/go/src/runtime/panic.go:838 +0x207
main.(*powerDNSProviderSolver).validate(...)
        /workspace/main.go:267
main.(*powerDNSProviderSolver).init(0xc0003003a8, 0x3?, {0xc0009e71c0, 0xc})
        /workspace/main.go:281 +0xbb
main.(*powerDNSProviderSolver).Present(0x1f10180?, 0xc0008538c0)
        /workspace/main.go:151 +0x18e
github.com/cert-manager/cert-manager/pkg/acme/webhook/registry/challengepayload.(*REST).callSolver(0xc0001503d0, {{0x0, 0x0}, {0xc0009e71b0, 0x7}, {0xc0009e71b8, 0x6}, {0xc000662ff0, 0x11}, {0xc>
        /go/pkg/mod/github.com/cert-manager/cert-manager@v1.8.0/pkg/acme/webhook/registry/challengepayload/challenge_payload.go:86 +0x168
github.com/cert-manager/cert-manager/pkg/acme/webhook/registry/challengepayload.(*REST).Create(0x0?, {0xc000857001?, 0xc00085ac30?}, {0x2303398?, 0xc00085ac30}, 0x231e880?, 0x2326ba8?)
        /go/pkg/mod/github.com/cert-manager/cert-manager@v1.8.0/pkg/acme/webhook/registry/challengepayload/challenge_payload.go:66 +0xe5
k8s.io/apiserver/pkg/endpoints/handlers.(*namedCreaterAdapter).Create(0x0?, {0x231cee8?, 0xc00085b1a0?}, {0xc000216b40?, 0x231e880?}, {0x2303398?, 0xc00085ac30?}, 0xc00095a3c0?, 0x24?)
        /go/pkg/mod/k8s.io/apiserver@v0.24.1/pkg/endpoints/handlers/create.go:247 +0x42
k8s.io/apiserver/pkg/endpoints/handlers.createHandler.func1.1()
        /go/pkg/mod/k8s.io/apiserver@v0.24.1/pkg/endpoints/handlers/create.go:177 +0xd8
k8s.io/apiserver/pkg/endpoints/handlers.createHandler.func1.2()
        /go/pkg/mod/k8s.io/apiserver@v0.24.1/pkg/endpoints/handlers/create.go:203 +0x40d
k8s.io/apiserver/pkg/endpoints/handlers/finisher.finishRequest.func1()
        /go/pkg/mod/k8s.io/apiserver@v0.24.1/pkg/endpoints/handlers/finisher/finisher.go:117 +0x8f
created by k8s.io/apiserver/pkg/endpoints/handlers/finisher.finishRequest
        /go/pkg/mod/k8s.io/apiserver@v0.24.1/pkg/endpoints/handlers/finisher/finisher.go:92 +0xde

Looking at the problematic line I'm not immediately sure why the error is happening: https://github.com/zachomedia/cert-manager-webhook-pdns/blob/v2.3.0/main.go#L267

Running v2.3.0 with helm chart 3.1.0.

nogweii commented 1 year ago

Oh, I figured out why. I had misconfigured the ClusterIssuer:

--- old.yaml    2023-07-05 19:47:22.433275649 -0700
+++ cert-manager.io-v1.ClusterIssuer-letsencrypt.yaml   2023-07-05 19:47:16.329835258 -0700
@@ -16,7 +16,7 @@
     - dns01:
         webhook:
           config:
-            apiSecretKeyRef:
+            apiKeySecretRef:
               key: api-key
               name: powerdns-api-key
             host: https://etherium.tail.vpn.aether.earth:16419
zachomedia commented 1 year ago

Ah! That would do it. However, the webhook shouldn't panic on that. I'll update the check to handle a null object :)