Cert-manager: Incorrect format for clusterissuers YAML
Describe the bug:
The order challenge stuck because there is not a solver configured:
$ kubectl describe orders.acme.cert-manager.io ws-mashme-dev-cert-1953831913-4029208672
..........
Warning Solver 81s (x2 over 83s) cert-manager Failed to determine a valid solver configuration for the set of domains on the Order: no configured challenge solvers can be used for this challenge
$ kubectl apply -f deploy-issuer.yaml
..............
for: "deploy-issuer.yaml": admission webhook "webhook.cert-manager.io" denied the request: spec.acme.solvers[0]: Required value: no solver type configured
That is the original YAML, the syntax is from setup-acme docs
$ cat deploy-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: cluster-issuer-deploy
spec:
acme:
email: ***********************
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
key: ""
name: cluster-issuer-deploy
solvers:
- dns01:
cloudflare:
email: ******************
apiKeySecretRef:
key: api
name: cf-secret
And that is the YAML stored at kubernetes
$ kubectl get clusterissuers.cert-manager.io cluster-issuer-deploy -o yaml --export
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
generation: 1
name: cluster-issuer-deploy
selfLink: /apis/cert-manager.io/v1alpha2/clusterissuers/cluster-issuer-deploy
spec:
acme:
dns01:
providers:
- cloudflare:
apiKeySecretRef:
key: api
name: cf-secret
email: *****************
name: cf-dns
email: *******************
privateKeySecretRef:
key: ""
name: cluster-issuer-deploy
server: https://acme-v02.api.letsencrypt.org/directory
The spec chain was modified and now spec.acme.solvers[0] is invalid, the stored path is spec.acme.dns01.providers[0]
Environment details::
- Kubernetes version (e.g. v1.10.2): 1.14.6-gke.13
- Cloud-provider/provisioner (e.g. GKE, kops AWS, etc): GK路
- cert-manager version (e.g. v0.4.0): v0.11.0
- Install method (e.g. helm or static manifests): helm
Maybe related to https://github.com/jetstack/cert-manager/issues/2220
/kind bug
arrase
👍2
All 2 comments
Works with:
$ cat deploy-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: cluster-issuer-deploy
spec:
acme:
email: **********************
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cluster-issuer-deploy
solvers:
- dns01:
cloudflare:
email: ********************
apiKeySecretRef:
key: api
name: cf-secret
selector: {}
/kind documentation
arrase
on 20 Oct 2019
👍3
The doc you linked to there seems to be up to date/correct?
The file contents above in your original comment:
acme:
email: ***********************
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
key: ""
name: cluster-issuer-deploy
solvers:
- dns01:
cloudflare:
email: ******************
apiKeySecretRef:
key: api
name: cf-secret
are invalid as you are missing indentation on the cloudflare block:
- dns01:
cloudflare:
email: ******************
apiKeySecretRef:
key: api
name: cf-secret
should be:
- dns01:
cloudflare:
email: ******************
apiKeySecretRef:
key: api
name: cf-secret
munnerz
on 21 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings
Related issues
kragniz
路
4Comments
munnerz
路
4Comments
jakubknejzlik
路
3Comments
caiobegotti
路
4Comments
gaieges
路
3Comments
Most helpful comment
Works with:
Maybe docs should be updated
/kind documentation