Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
A invalid certificate spec (such as unknown unit) blocks other certificate signing. #1269
Describe the bug:
On 0.6.0 (probably also earlier versions), I saw this behavior.
Steps to reproduce the bug:
Anything else we need to know?:
Hm, this is tough as it's the underlying lister that is throwing an error here. I'll ask around to see how we can 'absorb' these decode errors more generally.
That said, if you enable the webhook component then this sort of error should not occur in the first place, as the resource will be rejected before it is persisted to the apiserver.
After speaking to sig-api-machinery, it's not possible to suppress errors when a decoding error occurs on our 'informers' as it could lead to an inconsistent cache state, resulting in cert-manager making invalid assumptions about the 'state of the world' and taking invalid actions.
I think all we can do here is strongly recommend that you keep the webhook component available, and document the format that is expected for these fields. #1279 does both of these