Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: certificate manager with self managed certificates fail to upload #663

Open
1 task done
glacion opened this issue Nov 28, 2024 · 0 comments
Open
1 task done

[Bug]: certificate manager with self managed certificates fail to upload #663

glacion opened this issue Nov 28, 2024 · 0 comments
Labels
bug Something isn't working needs:triage

Comments

@glacion
Copy link

glacion commented Nov 28, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Affected Resource(s)

  • certificatemanager.gcp.upbound.io/v1beta1 Certificate
  • certificatemanager.gcp.upbound.io/v1beta2 Certificate

Resource MRs required to reproduce the bug

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-com
spec:
  dnsNames:
    - '*.example.com'
    - example.com
  issuerRef:
    name: example
  secretName: tls-example-com
---
apiVersion: certificatemanager.gcp.upbound.io/v1beta1
kind: Certificate
metadata:
  name: example-com-1
spec:
  forProvider:
    location: global
    selfManaged:
      - certificatePemSecretRef:
          key: tls.crt
          name: tls-example-com
          namespace: letsencrypt
        pemPrivateKeySecretRef:
          key: tls.key
          name: tls-example-com
          namespace: letsencrypt
  providerConfigRef:
    name: gcp
---
apiVersion: certificatemanager.gcp.upbound.io/v1beta1
kind: Certificate
metadata:
  name: example-com-2
spec:
  forProvider:
    location: global
    selfManaged:
      - certificatePemSecretRef:
          key: tls.crt
          name: tls-example-com
          namespace: letsencrypt
        privateKeyPemSecretRef:
          key: tls.key
          name: tls-example-com
          namespace: letsencrypt
  providerConfigRef:
    name: gcp
---
apiVersion: certificatemanager.gcp.upbound.io/v1beta2
kind: Certificate
metadata:
  name: example-com-3
spec:
  forProvider:
    location: global
    selfManaged:
      certificatePemSecretRef:
        key: tls.crt
        name: tls-example-com
        namespace: letsencrypt
      privateKeyPemSecretRef:
        key: tls.key
        name: tls-example-com
        namespace: letsencrypt
  providerConfigRef:
    name: gcp
---
apiVersion: certificatemanager.gcp.upbound.io/v1beta2
kind: Certificate
metadata:
  name: example-com-4
spec:
  forProvider:
    location: global
    selfManaged:
      certificatePemSecretRef:
        key: tls.crt
        name: tls-example-com
        namespace: letsencrypt
      pemPrivateKeySecretRef:
        key: tls.key
        name: tls-example-com
        namespace: letsencrypt
  providerConfigRef:
    name: gcp
---
apiVersion: certificatemanager.gcp.upbound.io/v1beta1
kind: Certificate
metadata:
  name: example-com-5
spec:
  forProvider:
    location: global
    selfManaged:
      - pemCertificate: |
          -----BEGIN CERTIFICATE-----
          ...
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          ...
          -----END CERTIFICATE-----
        pemPrivateKeySecretRef:
          key: tls.key
          name: tls-example-com
          namespace: letsencrypt
  providerConfigRef:
    name: gcp
---
apiVersion: certificatemanager.gcp.upbound.io/v1beta2
kind: Certificate
metadata:
  name: example-com-6
spec:
  forProvider:
    location: global
    selfManaged:
      pemCertificate: |
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
      pemPrivateKeySecretRef:
        key: tls.key
        name: tls-example-com
        namespace: letsencrypt
  providerConfigRef:
    name: gcp

Steps to Reproduce

  • Apply the provided manifest

What happened?

Only example-com-5 and example-com-6 are successful.

$ kubectl -n letsencrypt get certificates.certificatemanager.gcp.upbound.io
NAME        SYNCED   READY   EXTERNAL-NAME   AGE
example-com-1   False    False   example-com-1       70m
example-com-2   False    False   example-com-2       67m
example-com-3   False    False   example-com-3       65m
example-com-4   False    False   example-com-4       65m
example-com-5   True     True    example-com-5       57m
example-com-6   True     True    example-com-6       57m

example-com-1

Status:
  At Provider:
  Conditions:
    Last Transition Time:  2024-11-28T18:54:26Z
    Reason:                Creating
    Status:                False
    Type:                  Ready
    Last Transition Time:  2024-11-28T18:54:26Z
    Message:               create failed: async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:                ReconcileError
    Status:                False
    Type:                  Synced
    Last Transition Time:  2024-11-28T18:54:26Z
    Message:               async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:  AsyncCreateFailure
    Status:  False
    Type:    LastAsyncOperation
Events:
  Type     Reason                        Age                From                                                                 Message
  ----     ------                        ----               ----                                                                 -------
  Warning  CannotCreateExternalResource  5m (x66 over 70m)  managed/certificatemanager.gcp.upbound.io/v1beta1, kind=certificate  async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]

example-com-2

Status:
  At Provider:
  Conditions:
    Last Transition Time:  2024-11-28T18:57:20Z
    Reason:                Creating
    Status:                False
    Type:                  Ready
    Last Transition Time:  2024-11-28T18:57:21Z
    Message:               create failed: async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Invalid JSON payload received. Unknown name "privateKeyPem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      },
      {
        "description": "Invalid JSON payload received. Unknown name \"privateKeyPem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:                ReconcileError
    Status:                False
    Type:                  Synced
    Last Transition Time:  2024-11-28T18:57:21Z
    Message:               async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Invalid JSON payload received. Unknown name "privateKeyPem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      },
      {
        "description": "Invalid JSON payload received. Unknown name \"privateKeyPem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:  AsyncCreateFailure
    Status:  False
    Type:    LastAsyncOperation
Events:
  Type     Reason                        Age                   From                                                                 Message
  ----     ------                        ----                  ----                                                                 -------
  Warning  CannotCreateExternalResource  3m44s (x77 over 69m)  managed/certificatemanager.gcp.upbound.io/v1beta1, kind=certificate  async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Invalid JSON payload received. Unknown name "privateKeyPem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      },
      {
        "description": "Invalid JSON payload received. Unknown name \"privateKeyPem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]

example-com-3

Status:
  At Provider:
  Conditions:
    Last Transition Time:  2024-11-28T18:59:11Z
    Reason:                Creating
    Status:                False
    Type:                  Ready
    Last Transition Time:  2024-11-28T18:59:12Z
    Message:               create failed: async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Invalid JSON payload received. Unknown name "privateKeyPem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      },
      {
        "description": "Invalid JSON payload received. Unknown name \"privateKeyPem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:                ReconcileError
    Status:                False
    Type:                  Synced
    Last Transition Time:  2024-11-28T18:59:12Z
    Message:               async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Invalid JSON payload received. Unknown name "privateKeyPem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      },
      {
        "description": "Invalid JSON payload received. Unknown name \"privateKeyPem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:  AsyncCreateFailure
    Status:  False
    Type:    LastAsyncOperation
Events:
  Type     Reason                        Age                  From                                                                 Message
  ----     ------                        ----                 ----                                                                 -------
  Warning  CannotCreateExternalResource  3m9s (x76 over 67m)  managed/certificatemanager.gcp.upbound.io/v1beta1, kind=certificate  async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Invalid JSON payload received. Unknown name "privateKeyPem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      },
      {
        "description": "Invalid JSON payload received. Unknown name \"privateKeyPem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]

example-com-4

Status:
  At Provider:
  Conditions:
    Last Transition Time:  2024-11-28T18:59:43Z
    Reason:                Creating
    Status:                False
    Type:                  Ready
    Last Transition Time:  2024-11-28T18:59:43Z
    Message:               create failed: async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:                ReconcileError
    Status:                False
    Type:                  Synced
    Last Transition Time:  2024-11-28T18:59:43Z
    Message:               async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]
    Reason:  AsyncCreateFailure
    Status:  False
    Type:    LastAsyncOperation
Events:
  Type     Reason                        Age                   From                                                                 Message
  ----     ------                        ----                  ----                                                                 -------
  Warning  CannotCreateExternalResource  2m57s (x76 over 67m)  managed/certificatemanager.gcp.upbound.io/v1beta1, kind=certificate  async create failed: failed to create the resource: [{0 Error creating Certificate: googleapi: Error 400: Invalid JSON payload received. Unknown name "certificatePem" at 'certificate.self_managed': Cannot find field.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"certificatePem\" at 'certificate.self_managed': Cannot find field.",
        "field": "certificate.self_managed"
      }
    ]
  }
]  []}]

Relevant Error Output Snippet

No response

Crossplane Version

1.18.0

Provider Version

1.10.0

Kubernetes Version

v1.30.5-gke.1443001

Kubernetes Distribution

GKE

Additional Info

No response
@glacion glacion added bug Something isn't working needs:triage labels Nov 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs:triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@glacion