Puncte:0

How do I have to configure certmanaager when using a gitlab managed cluster?

drapel cn

I use a scaleway kubernetes cluster v1.21.1 managed by gitlab.

To do this, I created a Cluster Management Project with the default template. https://docs.gitlab.com/ee/user/clusters/management_project_template.html (only ingress & certmanager enabled)

I only changed the email in the cert-manager yaml files.

When I call my testsite no SSL certificate is showing up.

Gitlab created following Pods (Logs):

certmanager-cainjector

...
I0624 15:29:56.319139       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.autoscaling"}
I0624 15:29:56.319185       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.internal.apiserver.k8s.io"}
I0624 15:29:56.319234       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.node.k8s.io"}
I0624 15:29:56.319294       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.scheduling.k8s.io"}
I0624 15:29:56.319369       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.snapshot.storage.k8s.io"}
I0624 15:29:56.319452       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.certmanager.k8s.io"}
I0624 15:29:56.319509       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.apiextensions.k8s.io"}
I0624 15:29:56.319602       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.authentication.k8s.io"}
I0624 15:29:56.319677       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.rbac.authorization.k8s.io"}
I0624 15:29:56.319788       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.rbac.authorization.k8s.io"}
I0624 15:29:56.319855       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.scheduling.k8s.io"}
I0624 15:29:56.319934       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.storage.k8s.io"}
I0624 15:29:56.319995       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.snapshot.storage.k8s.io"}
I0624 15:29:56.320065       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.coordination.k8s.io"}
I0624 15:29:56.320124       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.networking.k8s.io"}
E0624 15:38:14.369342       1 leaderelection.go:359] Failed to update lock: etcdserver: request timed out

certmanager-cert-manager

...
I0624 15:02:26.334768       1 controller.go:129] cert-manager/controller/certificates "level"=0 "msg"="syncing item" "key"="kubernetes-test-27639905-production/production-auto-deploy-tls" 
E0624 15:02:26.336757       1 event.go:296] Could not construct reference to: '&v1alpha1.Certificate{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"production-auto-deploy-tls", GenerateName:"", Namespace:"kubernetes-test-27639905-production", SelfLink:"", UID:"1aeb1ed7-1788-4c8f-8845-3cf76113e85f", ResourceVersion:"1574081655", Generation:3, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63760143384, loc:(*time.Location)(0x2d04f40)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string{"app":"production", "app.kubernetes.io/instance":"production", "app.kubernetes.io/managed-by":"Helm", "app.kubernetes.io/name":"production", "chart":"auto-deploy-app-2.6.0", "helm.sh/chart":"auto-deploy-app-2.6.0", "heritage":"Helm", "release":"production"}, Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference{v1.OwnerReference{APIVersion:"extensions/v1beta1", Kind:"Ingress", Name:"production-auto-deploy", UID:"b0395b36-c947-4549-8e23-5e17eea332b5", Controller:(*bool)(0xc000722c90), BlockOwnerDeletion:(*bool)(0xc000722c91)}}, Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry{v1.ManagedFieldsEntry{Manager:"jetstack-cert-manager", Operation:"Update", APIVersion:"certmanager.k8s.io/v1alpha1", Time:(*v1.Time)(0xc000aa7ce0), Fields:(*v1.Fields)(nil)}}}, Spec:v1alpha1.CertificateSpec{CommonName:"", Organization:[]string(nil), Duration:(*v1.Duration)(nil), RenewBefore:(*v1.Duration)(nil), DNSNames:[]string{"le-27639905.kub-cltest.lom.li", "hostur2-kubernetes-test.kub-cltest.lom.li"}, IPAddresses:[]string(nil), SecretName:"production-auto-deploy-tls", IssuerRef:v1alpha1.ObjectReference{Name:"letsencrypt-prod", Kind:"ClusterIssuer", Group:""}, IsCA:false, Usages:[]v1alpha1.KeyUsage(nil), ACME:(*v1alpha1.ACMECertificateConfig)(0xc000aa7d20), KeySize:0, KeyAlgorithm:"", KeyEncoding:""}, Status:v1alpha1.CertificateStatus{Conditions:[]v1alpha1.CertificateCondition{v1alpha1.CertificateCondition{Type:"Ready", Status:"False", LastTransitionTime:(*v1.Time)(0xc000aa7d80), Reason:"TemporaryCertificate", Message:"Certificate issuance in progress. Temporary certificate issued."}}, LastFailureTime:(*v1.Time)(nil), NotAfter:(*v1.Time)(nil)}}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' 'OrderComplete' 'Order "production-auto-deploy-tls-3711733499" completed successfully'
E0624 15:02:26.374421       1 sync.go:499] cert-manager/controller/certificates/certificates "msg"="error saving certificate" "error"="resourceVersion should not be set on objects to be created"  
E0624 15:02:26.374485       1 event.go:296] Could not construct reference to: '&v1alpha1.Certificate{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"production-auto-deploy-tls", GenerateName:"", Namespace:"kubernetes-test-27639905-production", SelfLink:"", UID:"1aeb1ed7-1788-4c8f-8845-3cf76113e85f", ResourceVersion:"1574081655", Generation:3, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63760143384, loc:(*time.Location)(0x2d04f40)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string{"app":"production", "app.kubernetes.io/instance":"production", "app.kubernetes.io/managed-by":"Helm", "app.kubernetes.io/name":"production", "chart":"auto-deploy-app-2.6.0", "helm.sh/chart":"auto-deploy-app-2.6.0", "heritage":"Helm", "release":"production"}, Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference{v1.OwnerReference{APIVersion:"extensions/v1beta1", Kind:"Ingress", Name:"production-auto-deploy", UID:"b0395b36-c947-4549-8e23-5e17eea332b5", Controller:(*bool)(0xc000722c90), BlockOwnerDeletion:(*bool)(0xc000722c91)}}, Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry{v1.ManagedFieldsEntry{Manager:"jetstack-cert-manager", Operation:"Update", APIVersion:"certmanager.k8s.io/v1alpha1", Time:(*v1.Time)(0xc000aa7ce0), Fields:(*v1.Fields)(nil)}}}, Spec:v1alpha1.CertificateSpec{CommonName:"", Organization:[]string(nil), Duration:(*v1.Duration)(nil), RenewBefore:(*v1.Duration)(nil), DNSNames:[]string{"le-27639905.kub-cltest.lom.li", "hostur2-kubernetes-test.kub-cltest.lom.li"}, IPAddresses:[]string(nil), SecretName:"production-auto-deploy-tls", IssuerRef:v1alpha1.ObjectReference{Name:"letsencrypt-prod", Kind:"ClusterIssuer", Group:""}, IsCA:false, Usages:[]v1alpha1.KeyUsage(nil), ACME:(*v1alpha1.ACMECertificateConfig)(0xc000aa7d20), KeySize:0, KeyAlgorithm:"", KeyEncoding:""}, Status:v1alpha1.CertificateStatus{Conditions:[]v1alpha1.CertificateCondition{v1alpha1.CertificateCondition{Type:"Ready", Status:"False", LastTransitionTime:(*v1.Time)(0xc000aa7d80), Reason:"TemporaryCertificate", Message:"Certificate issuance in progress. Temporary certificate issued."}}, LastFailureTime:(*v1.Time)(nil), NotAfter:(*v1.Time)(nil)}}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Warning' 'SaveCertError' 'Error saving TLS certificate: resourceVersion should not be set on objects to be created'
E0624 15:02:26.375859       1 controller.go:131] cert-manager/controller/certificates "msg"="re-queuing item  due to error processing" "error"="resourceVersion should not be set on objects to be created" "key"="kubernetes-test-27639905-production/production-auto-deploy-tls" 

certmanager-cert-manager-webhook

...
I0624 14:57:03.846840       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:05.106212       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.198251       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.411711       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.475789       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.608012       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.737256       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.781294       1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch"  "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"

Question

Is this a configuration issue?

Do I have to change something in the cluster configuration?

Puncte:1
drapel fr

Acest mesaj de eroare provine din faptul că utilizați cert-manager v0.10.1 sau mai recent cu Kubernetes 1.20 sau mai recent. Problema dispare cu cert-manager v0.11.0.

Vă încurajez să utilizați o versiune recentă a cert-manager. Am observat ca helmfile.yaml are atât o versiune veche, cât și o versiune recentă a diagramei cert-manager; cert-manager-1-4 este cel pe care ar trebui să-l folosești.

fișe de cârmă:
# - cale: applications/cert-manager/helmfile.yaml # â cert-manager v0.10.1
# - cale: applications/cert-manager-1-4/helmfile.yaml # â cert-manager v1.4.0

Sursă: https://github.com/jetstack/cert-manager/issues/3615

Postează un răspuns

Majoritatea oamenilor nu înțeleg că a pune multe întrebări deblochează învățarea și îmbunătățește legătura interpersonală. În studiile lui Alison, de exemplu, deși oamenii își puteau aminti cu exactitate câte întrebări au fost puse în conversațiile lor, ei nu au intuit legătura dintre întrebări și apreciere. În patru studii, în care participanții au fost implicați în conversații ei înșiși sau au citit transcrieri ale conversațiilor altora, oamenii au avut tendința să nu realizeze că întrebarea ar influența – sau ar fi influențat – nivelul de prietenie dintre conversatori.