Comments (13)
I really appreciate you all commenting here and discussing this! We (the maintainer team) are stretched pretty thin at the moment and it looks like the webhook-example has passed us by a bit. I've put out a call to action to hopefully get someone to take a look at this repo soon!
Thank you all for being part of the community, appreciate you all! ❤️
from webhook-example.
Likewise @SgtCoDFish we all also very much appreciate all the work you and the entire team are doing.
from webhook-example.
I have got the same error with the freenom dsn resolver.
Still no idea on how to fix it.
from webhook-example.
I have the same issue with Cert Manager Webhook for Dynu
Any idea?
from webhook-example.
controller.go:116] loading OpenAPI spec for "v1alpha1.acme.mycompany.com" failed with: OpenAPI spec does not exist
v1alpha1.acme.mycompany.com
is the default API GroupVersion in this sample webhook repository. The error comes from when a new apiserver config is created in Kubernetes.
Perhaps the group name in chart values has not been changed https://github.com/cert-manager/webhook-example/blob/master/deploy/example-webhook/values.yaml#L9 ?
If it seems like the webhook repository does not reference v1alpha1.acme.mycompany.com
anywhere, but the error is still present, it would be good if someone could add instructions how to reproduce it.
from webhook-example.
Looking at the referenced cert manager webhooks (dynu, freenom, and others on GitHub) and my own, it looks like the error messages are present even if we update the group name to something explicit.
It seems another project implements the openapi spec kubernetes-sigs/prometheus-adapter#335
May need to implement this: https://github.com/kubernetes/kube-openapi
from webhook-example.
I got the same problem with PowerDNS webhook, still no fix?
from webhook-example.
Update: Ignore this, my issue is different, seems to be a problem with using too new of a version of k8s.io/api
I hit what appears to be a variation of this on my attempt at a custom webhook for Porkbun
cert-manager: error executing command" err="error installing APIGroup for solvers: unable to get openapi models: OpenAPIV3 config must not be nil
I dug into the webhook code and nothing obvious stuck out to me.
from webhook-example.
Update: Ignore this, my issue is different, seems to be a problem with using too new of a version of
k8s.io/api
I hit what appears to be a variation of this on my attempt at a custom webhook for Porkbun
cert-manager: error executing command" err="error installing APIGroup for solvers: unable to get openapi models: OpenAPIV3 config must not be nil
I dug into the webhook code and nothing obvious stuck out to me.
@bcspragu if you are still interested / haven't solved your problem yet, consider this: I ran into the same error message and as it turns out, the problem was the go version used in the Dockerfile
, i.e. the go version used for building the hook.
I overcame the problem by looking at other working hooks, realizing the most recent version any of them used was:
FROM golang:1.19-alpine AS build_deps
If you set your Dockerfile to use v1.19, your problem will likely disappear. To make my build work, I referenced the webhook for google-domains, merging their go.mod
and go.sum
files with the one go v1.21 created for my own project, simply adding the additional lines required for my project to their files.
from webhook-example.
@bcspragu if you are still interested / haven't solved your problem yet, consider this: I ran into the same error message and as it turns out, the problem was the go version used in the
Dockerfile
, i.e. the go version used for building the hook.
Thanks for the tip! In my case, I don't remember the exact resolution, but I think I had fixed my issue by just not upgrading k8s.io/api
(i.e. reverting most of my go.mod
changes). That Porkbun webhook now works excellent for my use case, and I'm running it on Go 1.21
from webhook-example.
This issue should be now solved.
- compile the webhook against cert-manager 1.13.0
- run the webhook with cert-manager 1.13.0
I haven't seen a single error across my cluster for the last 24 hours.
Note that upgrading to cert-manager to 1.13.0 alone isn't enough. The webhook needs to be compiled against cert-manager 1.13.0.
Here is an excerpt of my go.mod
go 1.20
require (
github.com/cert-manager/cert-manager v1.13.0
github.com/ovh/go-ovh v1.4.2
k8s.io/api v0.28.1
k8s.io/apiextensions-apiserver v0.28.1
k8s.io/apimachinery v0.28.1
k8s.io/client-go v0.28.1
)
from webhook-example.
This issue should be now solved.
- compile the webhook against cert-manager 1.13.0
- run the webhook with cert-manager 1.13.0
I haven't seen a single error across my cluster for the last 24 hours.
Note that upgrading to cert-manager to 1.13.0 alone isn't enough. The webhook needs to be compiled against cert-manager 1.13.0.
Here is an excerpt of my
go.mod
go 1.20 require ( github.com/cert-manager/cert-manager v1.13.0 github.com/ovh/go-ovh v1.4.2 k8s.io/api v0.28.1 k8s.io/apiextensions-apiserver v0.28.1 k8s.io/apimachinery v0.28.1 k8s.io/client-go v0.28.1 )
Whilst I can confirm building against v1.13 works when also deploying with the same version, the information provided is incomplete. More development has to be done for the hook to actually work:
- between v1.11 and v1.13, cert-manager moved the
test/acme/dns
folder contents out of the repo and back in. They messed up however and obmitted the/dns/
folder when moving back in, which requires an update to the test suite inmain_test.go
- the controller-runtime in v1.13 has a bug, making it complain
log.SetLogger(...) has never been called
, requiring adjustments in the solver code - v1.13 is significantly more aggressive when triggering requests in the extended test suite. This got out of control so much that a rework of a solver was required to adjust for API rate limits. The same solver works perfectly fine against the same API when compiled with v1.11
from webhook-example.
@irreleph4nt I'm not part of the cert-manager/jetstack team but what you describe sounds like separate issues (though connected perhaps). Have you considered raising separate issues and linking them to this one?
On your 2nd point, do you have more details and some code to propose?
from webhook-example.
Related Issues (19)
- How to add api key secret during testing HOT 1
- Panic: slice bounds out of range under arm64 because of old dependency pkg HOT 2
- Set up basic e2e test that deploys the webhook and ensures we can POST a challenge
- Guidance on how to deploy webhook solver into a kubernetes cluster HOT 2
- Make unit testing easier/make examples work HOT 11
- integration test example does not work with certmanager v1.5.0 HOT 3
- tests not working on macos monterey
- Add logging example
- Set repository to be a GitHub template repository
- Webhook CPU usage is rather high HOT 2
- Code reference a pull request to be merged, but the pull request was closed by a robot
- failed to list *v1beta3.FlowSchema HOT 14
- cannot create resource "godaddy" in API group HOT 1
- Doesn't work with go versions >1.19 HOT 1
- security description HOT 1
- apiVersion version is ourfdated since release 0.12.0 HOT 1
- Question: namespace to install the resources
- This example really not work for cert-manger 0.12.0 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webhook-example.