dmahmalat / cert-manager-webhook-google-domains Goto Github PK
View Code? Open in Web Editor NEWAllow cert-manager to solve DNS challenges using Google Domains DNS
License: Apache License 2.0
Allow cert-manager to solve DNS challenges using Google Domains DNS
License: Apache License 2.0
This is the error I get. When it reaches the challenges stage. I'm new to cert-manager and kubernetes. It is likely I just have something misconfigured.
google-domains.acmedns.odetopeaches.com is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "google-domains" in API group "acmedns.odetopeaches.com" at the cluster scope
Tried to provision a cert but it didn't work and the only thing in the logs is this.
W0526 17:38:30.711418 1 reflector.go:424] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: failed to list *v1beta3.FlowSchema: the server could not find the requested resource
E0526 17:38:30.711477 1 reflector.go:140] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: Failed to watch *v1beta3.FlowSchema: failed to list *v1beta3.FlowSchema: the server could not find the requested resource
W0526 17:38:45.231383 1 reflector.go:424] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: failed to list *v1beta3.PriorityLevelConfiguration: the server could not find the requested resource
E0526 17:38:45.231430 1 reflector.go:140] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: Failed to watch *v1beta3.PriorityLevelConfiguration: failed to list *v1beta3.PriorityLevelConfiguration: the server could not find the requested resource
Running on GKE 1.25.
I have cert manager installed in the cert-manager namespace.
I install this via: helm uninstall my-release dmahmalat/cert-manager-webhook-google-domains -n default and I guess it goes into the default namespace
Then my issuer secret is in the cert-manager namespace.
My issuer doesn't have a namespace.
When I install a certificate from the default namespace I get this in the cert-manager pod.
E0403 01:34:07.619223 1 controller.go:167] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="unable to get secret
cert-manager; unable to get secret
cert-domain-tls-key-example.com/cert-manager; secrets \"cert-domain-tls-key-example.com\" is forbidden: User \"system:serviceaccount:default:my-release-cert-manager-webhook-google-domains\" cannot get resource \"secrets\" in API group \"\" in the namespace \"cert-manager\"" "key"="default/example-com-dphgr-1778196375-4263164308"
Are you by chance running cert-manager in the default namespace? Just trying to get this working.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.