search

zachomedia / cert-manager-webhook-pdns

A PowerDNS webhook for cert-manager
MIT License
57 stars 33 forks source link

Error: Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 6 #53

Closed raphael10-collab closed 5 months ago

raphael10-collab commented 5 months ago

I tried to apply this WebHookPdnsIssuer.yaml issuer : 

# https://github.com/zachomedia/cert-manager-webhook-pdns?tab=readme-ov-file#issuerclusterissuer

apiVersion: v1
kind: Secret
metadata:
  name: pdns-api-key
type: Opaque
data:
  key: APIKEY_BASE64
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: emailaddress
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-staging-account-key
    solvers:
      - dns01:
          webhook:
            groupName: acmeissuer.grasp.deals
            solverName: pdns
            config:
              # Base URL of the PowerDNS server.
              host: https://acmeissuer.grasp.deals

              # Reference to the Kubernetes secret containing the API key.
              apiKeySecretRef:
                name: pdns-api-key
                key: key

              ###
              ### OPTIONAL
              ###

              # API Key scheme https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml
              # default: no scheme ""
              apiKeyScheme: ""

              # Header name for API key
              #
              # This defaults to X-API-Key when unset but supports customizations
              # e.g. Authorization 
              apiKeyHeaderName: ""

              # Server ID for the PowerDNS API.
              # When unset, defaults to "localhost".
              #
              # This should generally be left unset, and used
              # only if you have a proxy in front of the PowerDNS API
              # that requires a different value.
              serverID: localhost

              # Request headers when connecting to the PowerDNS API.
              # The following headers are set by default, but can be overriden:
              #   X-API-Key
              #   Content-Type
              headers:
                key: value

              # CA bundle for TLS connections
              # When unset, the default system certificate store is used.
              caBundle: BASE64_ENCODED_CA_BUNDLE

              # TTL for DNS records
              # (in seconds)
              ttl: 120

              # Timeout for requests to the PDNS api server
              # (in seconds)
              timeout: 30

              # If the server is only allowed to edit certain zones; the
              # default is an empty list, allowing everything.
              # *IMPORTANT*: Remember the trailing dot to make the zone-name
              # fully qualified.
              allowed-zones:
                #- auth.grasp.deals.
                - acmeissuer.grasp.deals.

But I'm getting this error:

root@k8s-eu-1-control-plane-node-1:~/CertManager-Config# kubectl apply -f WebHookPdnsIssuer.yaml 
issuer.cert-manager.io/letsencrypt-staging created
Error from server (BadRequest): error when creating "WebHookPdnsIssuer.yaml": Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 6

What am I doing wrong and/or missing? How to make it work?