cert-manager-webhook-duckdns
cert-manager-webhook-duckdns copied to clipboard
ebrianne
not working anymore with kubernetes 1.22
I have been using this until kubernetes 1.21; and it works perfectly. thanks alot.
But it seems that it doesnt support 1.22 anymore.
And I think its because of multiple reasons :
- you cant use cert-manager 1.2 anymore with k8s 1.22 because they removed the beta api of
apiservices.apiregistration.k8s.io, so the minimum cert-manager version is 1.5 for k8s 1.22. - It seems that the new cert-manager version, requires extra rbac config for any custom webhooks; I am seeing alot of errors in cert-manager that its service account is forbidden to access the custom api that duckdns deployment created.
Did you guys manage to test this with the newer k8s version and the new cert-manager versions ?
My fork is working on v1.24.4+k3s1 with cert-manager 1.9.1. https://github.com/joshuakraitberg/cert-manager-webhook-duckdns
@joshuakraitberg : I am having problems with your repo regarding rbac. The rbac does not seem to define the sufficient rights. I am using v1.24.6+k3s1" and cert-manager v1.10.0. Can you also include "issues" at your repo so that I can report this to proper repo?
The error is shown in challenge events when the cert order is stuck on pending state:
"Warning PresentError 22m (x28 over 10h) cert-manager-challenges Error presenting challenge: duckdns.mydomain.duckdns.org is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "duckdns" in API group "mydomain.duckdns.org" at the cluster scope"
