Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix cert-manager injection target #1106

Merged
merged 2 commits into from
Jan 9, 2025
Merged

fix cert-manager injection target #1106

merged 2 commits into from
Jan 9, 2025

Conversation

PaulFarver
Copy link
Contributor

@PaulFarver PaulFarver commented Jan 8, 2025
edited
Loading

@stevehipwell thanks for maintaining this chart 🎉

When running with .Values.admissionController.certManager.enabled we get the following error in our cert-manager-cainjector:

...
E0108 10:48:13.701446       1 sources.go:106] "unable to fetch associated certificate" err="Certificate.cert-manager.io \"vertical-pod-autoscaler-admission-controller-cert\" not found" logger="cert-manager" kind="mutatingwebhookconfiguration" kind="mutatingwebhookconfiguration" name="vpa-webhook-config" certificate="vertical-pod-autoscaler/vertical-pod-autoscaler-admission-controller-cert"
I0108 10:48:13.701486       1 reconciler.go:117] "could not find any ca data in data source for target" logger="cert-manager" kind="mutatingwebhookconfiguration" kind="mutatingwebhookconfiguration" name="vpa-webhook-config"

Taking a look at the templates, it looks like the annotation expects a reference to a certificate, but gets a reference to a secret. We can fix that with the following, based on the documentation here: https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource

stevehipwell
stevehipwell requested changes Jan 8, 2025
View reviewed changes
Copy link
Owner

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @PaulFarver, I think this is the fix for #1046 that I couldn't replicate. Have you tested the updated behaviour? Could you also please add an entry to the CHANGELOG under [UNRELEASED]?

@PaulFarver
Copy link
Contributor Author

Right... I tested it, but now I get the following 😅

I0108 16:02:34.877288       1 sources.go:189] "Secret resource does not allow direct injection - refusing to inject CA" logger="cert-manager" kind="mutatingwebhookconfiguration" kind="mutatingwebhookconfiguration" name="vpa-webhook-config" secret="vertical-pod-autoscaler/vertical-pod-autoscaler-admission-controller-cert"
I0108 16:02:34.877388       1 reconciler.go:117] "could not find any ca data in data source for target" logger="cert-manager" kind="mutatingwebhookconfiguration" kind="mutatingwebhookconfiguration" name="vpa-webhook-config"

So I'll change it to target the certificate resource with the other annotation

@PaulFarver PaulFarver changed the title fix cert-manager inject annotation fix cert-manager injection target Jan 8, 2025
@PaulFarver
Copy link
Contributor Author

PaulFarver commented Jan 8, 2025
edited
Loading

Now it's tested and working :)

stevehipwell
stevehipwell requested changes Jan 8, 2025
View reviewed changes
Copy link
Owner

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit.

charts/vertical-pod-autoscaler/CHANGELOG.md Outdated Show resolved Hide resolved
stevehipwell
stevehipwell approved these changes Jan 9, 2025
View reviewed changes
Copy link
Owner

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stevehipwell stevehipwell enabled auto-merge (squash) January 9, 2025 10:07
@stevehipwell stevehipwell merged commit fe7c4f5 into stevehipwell:main Jan 9, 2025
1 check passed
@PaulFarver
Copy link
Contributor Author

@stevehipwell When do you usually release?

@PaulFarver
Copy link
Contributor Author

Ahh... I see it now. I've created a PR for it at #1111

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevehipwell stevehipwell stevehipwell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@PaulFarver @stevehipwell