New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Syncing secret across namespaces gives error "unable to fetch certificate that owns the secret" #4210
Comments
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
I have exactly the same problem. Did you find a solution @aesa-dr ? |
I believe this is caused by the copied secrets having cert-manager annotations. It looks like kubed can strip those https://appscode.com/products/kubed/v0.12.0/guides/config-syncer/intra-cluster/#remove-annotation The error message also shows up for secrets whose certificates have been deleted it seems. |
@thatsmydoing Thanks for the link, however I think that section of the doc is referring to that fact that manually removing the |
Oh, you're right. Sorry about that. There is indeed an open issue asking for it https://github.com/kubeops/config-syncer/issues/465 |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@landorg: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Anyone ever managed to fix this? |
Describe the bug:
When syncing (using kubed) wildcard cert secret across namespaces we get an error in cert-manager-cainjector pod from all namespaces where the secret is synced.
The wildcard certificate still works though.
error we get:
Expected behaviour:
I get no errors in cert-manager-cainjector logs.
Steps to reproduce the bug:
We use a bash script to install cert-manager, secrets and certifications - therefore you will see variables haven't been filled out.
Anything else we need to know?:
Environment details::
/kind bug
The text was updated successfully, but these errors were encountered: