robbietjuh / cert-manager-webhook-transip Goto Github PK
View Code? Open in Web Editor NEWA cert-manager webhook for requesting DNS-01 certs with TransIP as the DNS provider
License: Apache License 2.0
A cert-manager webhook for requesting DNS-01 certs with TransIP as the DNS provider
License: Apache License 2.0
Hey Robbie,
Do you think it would be possible to publish an ARM64 version? I'm running a k8s cluster on my raspberry pi and I would like to use this webhook to configure my ssl.
With kind regards,
Maaroen (Jeroen Nederlof)
Hello good people of cert-manager-webhook-transip
Im trying to use this chart for as a integration with Transip for DNS01 challenge to enable wildcard certificates.
So, what i did:
I have a installation of cert-manager (version cert-manager-v1.2.0-alpha.1) running in my cluster. And i can confirm that it is working. (i have created a issuer for http-01 challenge type and managed to create a valid certificate)
I followed the instructions and have deployed the chart with helm 3.
I have created a secret with the my credentials for transip.
The error im getting
When looking at the logs of the pod I seem to be getting a steady stream of errors:
I0316 14:58:35.976213 1 log.go:172] http: TLS handshake error from 10.164.0.12:34678: remote error: tls: bad certificate
I0316 14:58:36.198807 1 log.go:172] http: TLS handshake error from 10.164.0.14:59010: remote error: tls: bad certificate
I0316 14:58:36.228736 1 log.go:172] http: TLS handshake error from 10.164.0.20:59360: remote error: tls: bad certificate
I0316 14:58:39.136329 1 log.go:172] http: TLS handshake error from 10.164.15.198:37438: remote error: tls: bad certificate
I0316 14:58:39.800156 1 log.go:172] http: TLS handshake error from 10.164.15.237:41270: remote error: tls: bad certificate
I0316 14:58:52.488458 1 log.go:172] http: TLS handshake error from 10.164.15.237:41302: remote error: tls: bad certificate
And i was wondering what that meant, and how i can fix it.....
I imagine that its something silly that i have over looked....
Thanks in advance.
The deployment files are currently using apiVersion apiregistration.k8s.io/v1beta1
for the APIService, which is deprecated in 1.19+ and dropped completely in 1.22+.
The apiVersion to use is apiregistration.k8s.io/v1
. This apiVersion has been available since 1.10. No notable changes or migration steps needed according to the migration guide.
Hello Robbie,
Do you have any idea what causes this error: Error presenting challenge: the server is currently unable to handle the request (post transip.cert-manager.webhook.transip)
This makes me unable to do the dns challenge.
After installing the webhook transip Helm chart, I get the following error in the apiserver:
2020-07-17T18:38:41.719870952+02:00 E0717 16:38:41.719691 1 controller.go:114] loading OpenAPI spec for "v1alpha1.cert-manager.webhook.transip" failed with: failed to retrieve openAPI spec, http error: ResponseCode: 503, Body: Error trying to reach service: 'x509: certificate signed by unknown authority', Header: map[Content-Type:[text/plain; charset=utf-8] X-Content-Type-Options:[nosniff]]
And this one in the transip webhook deployment:
http: TLS handshake error from 10.11.0.3:37218: remote error: tls: bad certificate
After looking into the Helm chart (https://github.com/robbietjuh/cert-manager-webhook-transip/blob/master/deploy/transip-webhook/templates/pki.yaml) I'm wondering why a self-signed certificate is used. Shouldn't we use the CA certificate from the config map kube-system/extension-apiserver-authentication::requestheader-client-ca-file
so that the webhook is using certificates signed by the apiserver?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.