Comments (9)
When I set the groupName
to xxx.com
, I got the following error message:
alidns.xxx.com is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "alidns" in API group "xxx.com" at the cluster scope
Status:
Presented: false
Processing: true
Reason: alidns.xxx.com is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "alidns" in API group "xxx.com" at the cluster scope
State: pending
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Started 11s cert-manager Challenge scheduled for processing
Warning PresentError 6s (x3 over 11s) cert-manager Error presenting challenge: alidns.xxx.com is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "alidns" in API group "xxx.com" at the cluster scope
from alidns-webhook.
Hi simicn,
GroupName should be set the same as group names of CRDs in bundle.yaml. So if you changed groupName to xxx.com
, you also need to change bundle.yaml.
For the first question, please check the log of the alidns-webhook pod, might be caused by wrong alicloud access key or letsencrypt account.
from alidns-webhook.
Hi simicn,
GroupName should be set the same as group names of CRDs in bundle.yaml. So if you changed groupName to
xxx.com
, you also need to change bundle.yaml.For the first question, please check the log of the alidns-webhook pod, might be caused by wrong alicloud access key or letsencrypt account.
Thanks for your help
from alidns-webhook.
I set the groupName
of the ClusterIssuer as 'xxx.com'
and also changed all occurrences of groupName
in bundle.yml, but I still got the similar error:
Error presenting challenge: the server is currently unable to handle the request (post alidns.xxx.com)
Was the request of post alidns.xxx.com
sent by cert-manager itself ?
from alidns-webhook.
I set the
groupName
of the ClusterIssuer as'xxx.com'
and also changed all occurrences ofgroupName
in bundle.yml, but I still got the similar error:Error presenting challenge: the server is currently unable to handle the request (post alidns.xxx.com)
Was the request of
post alidns.xxx.com
sent by cert-manager itself ?
@kaelzhang Please check the log of the alidns-webhook pod, might be caused by wrong alicloud access key or letsencrypt account.
from alidns-webhook.
Thanks for your reply.
Seems cert-manager
eats all logs and I could only see those logs of RunWebhookServer
but no logs of the webhook.
Or anywhere else I could check the logs, or how to turn on log output ?
from alidns-webhook.
Please check the metadata.name of APIService resource for the webhook.
If you changed group name, you have to change the apiservice resource name in bundle.yml.
If you hadn't set apiservice name properly, you could find some error logs in kube-apiserver logs.
Please refer to k8s api extension document for more information.
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1alpha1.acme.yourcompany.com
labels:
app: alidns-webhook
annotations:
cert-manager.io/inject-ca-from: "cert-manager/alidns-webhook-webhook-tls"
spec:
group: acme.yourcompany.com
groupPriorityMinimum: 1000
versionPriority: 15
service:
name: alidns-webhook
namespace: cert-manager
version: v1alpha1
from alidns-webhook.
I had changed metadata.name
& spec.group
of APIService, container.env.GROUP_NAME
of deployment, and apiGroups.0
of ClusterRole in bundle.yml before I saw the Error presenting challenge
from alidns-webhook.
Could you please upload your bundle.yml here?
from alidns-webhook.
Related Issues (20)
- Install via helm with different namespace?
- unable to create alidns-secret HOT 1
- alidns-webhook中定义的secret是什么 HOT 1
- Install alidns-webhook failed, no endpoints available for service "cert-manager-webhook" HOT 1
- use alidns error HOT 8
- cannot create resource alidns HOT 4
- InvalidAccessKeyId,but i'm sure the AccessKey is valid! HOT 3
- It appears that only single domain cert are supported HOT 2
- The third-level domain name wildcard certificate does not work HOT 7
- Doesn't work with `K3S v1.22.2+k3s1` + `cert-manager v1.5.3` HOT 4
- Error presenting challenge: the server could not find the requested resource (post alidns.acme HOT 7
- 自签证书是出什么问题了吗? HOT 2
- Install FailedMount
- how to config 2 domain in config file HOT 1
- Failed to watch *v1beta1.FlowSchema: failed to list HOT 7
- for alidns-webhook error HOT 23
- alidns SDK ErrorCode: InvalidAccessKeyId.NotFound HOT 3
- APIService v1alpha1.acme.xxx.com FailedDiscoveryCheck
- Install alidns-webhook fail HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alidns-webhook.