kelvie / cert-manager-webhook-namecheap Goto Github PK

After following the steps I get this error in cert-manager pod, and the container is not created

MountVolume.SetUp failed for volume "certs" : secret "namecheap-webhook-cert-manager-webhook-namecheap-webhook-tls" not found

Hi,

first thank you for your work on this webhook.

Recently I discovered that the current version is spamming the api-server with the following:

E0209 22:02:54.158852 1 controller.go:102] loading OpenAPI spec for "v1alpha1.acme.namecheap.com" failed with: failed to download v1alpha1.acme.namecheap.com: resource not found
I0209 22:02:54.159117 1 controller.go:109] OpenAPI AggregationController: action for item v1alpha1.acme.namecheap.com: Rate Limited Requeue.
E0209 22:03:54.172207 1 controller.go:102] loading OpenAPI spec for "v1alpha1.acme.namecheap.com" failed with: failed to download v1alpha1.acme.namecheap.com: resource not found
I0209 22:03:54.172352 1 controller.go:109] OpenAPI AggregationController: action for item v1alpha1.acme.namecheap.com: Rate Limited Requeue.
E0209 22:05:54.187839 1 controller.go:102] loading OpenAPI spec for "v1alpha1.acme.namecheap.com" failed with: failed to download v1alpha1.acme.namecheap.com: resource not found
I0209 22:05:54.187924 1 controller.go:109] OpenAPI AggregationController: action for item v1alpha1.acme.namecheap.com: Rate Limited Requeue.
E0209 22:06:53.156491 1 controller.go:146] Error updating APIService "v1alpha1.acme.namecheap.com" with err: failed to download v1alpha1.acme.namecheap.com: resource not found
E0209 22:06:54.161506 1 controller.go:102] loading OpenAPI spec for "v1alpha1.acme.namecheap.com" failed with: failed to download v1alpha1.acme.namecheap.com: resource not found
I0209 22:06:54.161581 1 controller.go:109] OpenAPI AggregationController: action for item v1alpha1.acme.namecheap.com: Rate Limited Requeue.

According to cert-manager#27, there needs to be an upgrade of the dependencies to at least cert-manager 1.30.0.

Not sure if there have to be further adjustments.

Hey there,
The webhook container is unable to watch FlowSchema's and PriorityLevelConfigurations in my cluster @ v1.26.3

0329 13:03:43.790478 1 reflector.go:138] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167: Failed to watch *v1beta1.FlowSchema: failed to list *v1beta1.FlowSchema: the server could not find the requested resource
E0329 13:04:18.249198 1 reflector.go:138] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167: Failed to watch *v1beta1.PriorityLevelConfiguration: failed to list *v1beta1.PriorityLevelConfiguration: the server could not find the requested resource

Looks like both objects have moved to the v1beta3 group
kubectl api-resources -o wide | grep flow flowschemas flowcontrol.apiserver.k8s.io/v1beta3 false FlowSchema create,delete,deletecollection,get,list,patch,update,watch prioritylevelconfigurations flowcontrol.apiserver.k8s.io/v1beta3 false PriorityLevelConfiguration create,delete,deletecollection,get,list,patch,update,watch

Followed all the steps above and encountered an issue specific to a few of my domain names with more unique TLDs. Both my *.gg and *.sh domain names produced the following error: invalid domain: incorrect format (larger stack trace below), however my *.com domain name was able to issue a certificate without issues

I took a cursory look at the code and it's probably an issue with the go-namecheap SDK (or namecheap's apis not allowing these TLDs to be programmatically modified), but I'm not a go developer so I'm not 100% sure

Thank you for this amazing functionality, will try and debug the issue locally and if I find a fix, will raise a PR :)

I1226 18:20:13.309012       1 dns.go:88] "cert-manager/challenges/Present: presenting DNS01 challenge for domain" resource_name="coffee-kian-www-ingress-cert-namecheap-stage-2-42404-2248307218" resource_namespace="coffee-kian" resource_kind="Challenge" resource_version="v1" dnsName="coffee.techgarden.gg" type="DNS-01" resource_name="coffee-kian-www-ingress-cert-namecheap-stage-2-42404-2248307218" resource_namespace="coffee-kian" resource_kind="Challenge" resource_version="v1" domain="coffee.techgarden.gg"
E1226 18:20:13.318063       1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="invalid domain: incorrect format" key="coffee-kian/coffee-kian-www-ingress-cert-namecheap-stage-2-42404-2248307218"
I1226 18:20:18.308557       1 dns.go:88] "cert-manager/challenges/Present: presenting DNS01 challenge for domain" resource_name="coffee-kian-www-ingress-cert-namecheap-stage-2-42404-2248307218" resource_namespace="coffee-kian" resource_kind="Challenge" resource_version="v1" dnsName="coffee.techgarden.gg" type="DNS-01" resource_name="coffee-kian-www-ingress-cert-namecheap-stage-2-42404-2248307218" resource_namespace="coffee-kian" resource_kind="Challenge" resource_version="v1" domain="coffee.techgarden.gg"
E1226 18:20:18.319667       1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="invalid domain: incorrect format" key="coffee-kian/coffee-kian-www-ingress-cert-namecheap-stage-2-42404-2248307218"