rkosegi / cert-manager-webhook-active24 Goto Github PK

Currently, there are 2 Helm charts:

• chart
  Uses older image rkosegi/cert-manager-webhook-active24:1.0.0
• deploy/chart
  Uses newer but currently non-existent image ghcr.io/rkosegi/cert-manager-webhook-active24:1.0.1 (the right one would be ghcr.io/rkosegi/cert-manager-webhook-active24:v1.0.1)
  Has an additional ClusterRole and ClusterRoleBinding in rbac.yaml

In the main README.md file, the 2nd one is used in the installation description so I'm not sure what the 1st one is for.
I use that 2nd one with fixed image tag.

In any case, please sort this out so that there's just 1 Helm chart and that it works without any additional modifications.

I followed the installation instruction and after I created the certificate I got this error in the certificate challenge:

Events:
  Type     Reason        Age                  From          Message
  ----     ------        ----                 ----          -------
  Normal   Started       2m18s                cert-manager  Challenge scheduled for processing
  Warning  PresentError  72s (x5 over 2m17s)  cert-manager  Error presenting challenge: unable to get secret `/cert-manager`; resource name may not be empty

Am I missing something? Is there a secret name I need to set in the helm chart?

Hello,
Image in docker.hub is not published.

After download source and run helm upgrade --install ac24 ./chart --namespace cert-manager

EVENT K8s:

ac24-cert-manager-webhook-active24-6874bd4c86-nqpqt.17a67eefb0038230
Failed
Error: ErrImagePull

--

Failed to pull image "rkosegi/cert-manager-webhook-active24:v1.0.2": reading manifest v1.0.2 in docker.io/rkosegi/cert-manager-webhook-active24: requested access to the resource is denied

--

Back-off pulling image "rkosegi/cert-manager-webhook-active24:v1.0.2"

Does it support multiple domains in some way?
We;ve got several domains managed by active24 and so far we've been able to get only 1 of them to work. If we add more domains then the acme challenge DNS records are created in the 1st one - the one for which this webhook is configured (apiGroup in Helm chart).

Is there any way how to use multiple domains with this webhook?

We can perhaps add the acme challenge CNAME records to the other domains to point to the 1st one, but that looks more like a workaround.

Recently I started having issues with the certificate renewal (worked a few months ago, but not any longer).

I0809 13:34:52.061900       1 main.go:78] Present: fqdn=_acme-challenge.somedomain.net., zone=somedomain.net., key=qUXCrf7evXjIQfBWEItLIwuCxzoDQCOpK5aRitCSMpc
I0809 13:34:52.061924       1 main.go:189] recordName: ResolvedZone=somedomain.net., ResolvedFQDN=_acme-challenge.somedomain.net.
I0809 13:34:52.066250       1 active24.go:37] FindTxtRecord: name=_acme-challenge, text=qUXCrf7evXjIQfBWEItLIwuCxzoDQCOpK5aRitCSMpc
E0809 13:34:52.295304       1 active24.go:41] "invalid API response" err="invalid response from api: 404" code="404 404"

• Deployed using Helm chart v1.0.1 with image set to ghcr.io/rkosegi/cert-manager-webhook-active24:v1.0.1 (you've got it wrong in the v1.0.1 - it points to rkosegi/cert-manager-webhook-active24:1.0.1 which doesn't exist).
• API key is correct (issued last year, still valid)
• ClusterIssuer also appears correct (created last year, not changed since then)

Do you know if the Active24 API hasn't changed in any way?
I looked at https://api.active24.com/swagger-ui.html and tried some manual requests to get some records (using my API key) - those work and it appears to match what the https://github.com/rkosegi/active24-go/blob/main/active24/dns.go does. But maybe I'm missing something.

Note that I can't find the expected TXT record there - based on the above piece of log it should be at least created, but there's nothing visible in those records. Maybe even that part doesn't work properly, or it's just a consequence.