I tried to apply this WebHookPdnsIssuer.yaml issuer :
# https://github.com/zachomedia/cert-manager-webhook-pdns?tab=readme-ov-file#issuerclusterissuer
apiVersion: v1
kind: Secret
metadata:
name: pdns-api-key
type: Opaque
data:
key: APIKEY_BASE64
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: emailaddress
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging-account-key
solvers:
- dns01:
webhook:
groupName: acmeissuer.grasp.deals
solverName: pdns
config:
# Base URL of the PowerDNS server.
host: https://acmeissuer.grasp.deals
# Reference to the Kubernetes secret containing the API key.
apiKeySecretRef:
name: pdns-api-key
key: key
###
### OPTIONAL
###
# API Key scheme https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml
# default: no scheme ""
apiKeyScheme: ""
# Header name for API key
#
# This defaults to X-API-Key when unset but supports customizations
# e.g. Authorization
apiKeyHeaderName: ""
# Server ID for the PowerDNS API.
# When unset, defaults to "localhost".
#
# This should generally be left unset, and used
# only if you have a proxy in front of the PowerDNS API
# that requires a different value.
serverID: localhost
# Request headers when connecting to the PowerDNS API.
# The following headers are set by default, but can be overriden:
# X-API-Key
# Content-Type
headers:
key: value
# CA bundle for TLS connections
# When unset, the default system certificate store is used.
caBundle: BASE64_ENCODED_CA_BUNDLE
# TTL for DNS records
# (in seconds)
ttl: 120
# Timeout for requests to the PDNS api server
# (in seconds)
timeout: 30
# If the server is only allowed to edit certain zones; the
# default is an empty list, allowing everything.
# *IMPORTANT*: Remember the trailing dot to make the zone-name
# fully qualified.
allowed-zones:
#- auth.grasp.deals.
- acmeissuer.grasp.deals.
But I'm getting this error:
root@k8s-eu-1-control-plane-node-1:~/CertManager-Config# kubectl apply -f WebHookPdnsIssuer.yaml
issuer.cert-manager.io/letsencrypt-staging created
Error from server (BadRequest): error when creating "WebHookPdnsIssuer.yaml": Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 6
What am I doing wrong and/or missing? How to make it work?
I tried to apply this
WebHookPdnsIssuer.yaml
issuer :But I'm getting this error:
What am I doing wrong and/or missing? How to make it work?