I use a scaleway kubernetes cluster v1.21.1 managed by gitlab.
To do this, I created a Cluster Management Project with the default template.
https://docs.gitlab.com/ee/user/clusters/management_project_template.html
(only ingress & certmanager enabled)
I only changed the email in the cert-manager yaml files.
When I call my testsite no SSL certificate is showing up.
Gitlab created following Pods (Logs):
certmanager-cainjector
...
I0624 15:29:56.319139 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1.autoscaling"}
I0624 15:29:56.319185 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.internal.apiserver.k8s.io"}
I0624 15:29:56.319234 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.node.k8s.io"}
I0624 15:29:56.319294 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.scheduling.k8s.io"}
I0624 15:29:56.319369 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.snapshot.storage.k8s.io"}
I0624 15:29:56.319452 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.certmanager.k8s.io"}
I0624 15:29:56.319509 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1.apiextensions.k8s.io"}
I0624 15:29:56.319602 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1.authentication.k8s.io"}
I0624 15:29:56.319677 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1.rbac.authorization.k8s.io"}
I0624 15:29:56.319788 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.rbac.authorization.k8s.io"}
I0624 15:29:56.319855 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.scheduling.k8s.io"}
I0624 15:29:56.319934 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.storage.k8s.io"}
I0624 15:29:56.319995 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1.snapshot.storage.k8s.io"}
I0624 15:29:56.320065 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.coordination.k8s.io"}
I0624 15:29:56.320124 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="apiservice" "request"={"Namespace":"","Name":"v1.networking.k8s.io"}
E0624 15:38:14.369342 1 leaderelection.go:359] Failed to update lock: etcdserver: request timed out
certmanager-cert-manager
...
I0624 15:02:26.334768 1 controller.go:129] cert-manager/controller/certificates "level"=0 "msg"="syncing item" "key"="kubernetes-test-27639905-production/production-auto-deploy-tls"
E0624 15:02:26.336757 1 event.go:296] Could not construct reference to: '&v1alpha1.Certificate{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"production-auto-deploy-tls", GenerateName:"", Namespace:"kubernetes-test-27639905-production", SelfLink:"", UID:"1aeb1ed7-1788-4c8f-8845-3cf76113e85f", ResourceVersion:"1574081655", Generation:3, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63760143384, loc:(*time.Location)(0x2d04f40)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string{"app":"production", "app.kubernetes.io/instance":"production", "app.kubernetes.io/managed-by":"Helm", "app.kubernetes.io/name":"production", "chart":"auto-deploy-app-2.6.0", "helm.sh/chart":"auto-deploy-app-2.6.0", "heritage":"Helm", "release":"production"}, Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference{v1.OwnerReference{APIVersion:"extensions/v1beta1", Kind:"Ingress", Name:"production-auto-deploy", UID:"b0395b36-c947-4549-8e23-5e17eea332b5", Controller:(*bool)(0xc000722c90), BlockOwnerDeletion:(*bool)(0xc000722c91)}}, Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry{v1.ManagedFieldsEntry{Manager:"jetstack-cert-manager", Operation:"Update", APIVersion:"certmanager.k8s.io/v1alpha1", Time:(*v1.Time)(0xc000aa7ce0), Fields:(*v1.Fields)(nil)}}}, Spec:v1alpha1.CertificateSpec{CommonName:"", Organization:[]string(nil), Duration:(*v1.Duration)(nil), RenewBefore:(*v1.Duration)(nil), DNSNames:[]string{"le-27639905.kub-cltest.lom.li", "hostur2-kubernetes-test.kub-cltest.lom.li"}, IPAddresses:[]string(nil), SecretName:"production-auto-deploy-tls", IssuerRef:v1alpha1.ObjectReference{Name:"letsencrypt-prod", Kind:"ClusterIssuer", Group:""}, IsCA:false, Usages:[]v1alpha1.KeyUsage(nil), ACME:(*v1alpha1.ACMECertificateConfig)(0xc000aa7d20), KeySize:0, KeyAlgorithm:"", KeyEncoding:""}, Status:v1alpha1.CertificateStatus{Conditions:[]v1alpha1.CertificateCondition{v1alpha1.CertificateCondition{Type:"Ready", Status:"False", LastTransitionTime:(*v1.Time)(0xc000aa7d80), Reason:"TemporaryCertificate", Message:"Certificate issuance in progress. Temporary certificate issued."}}, LastFailureTime:(*v1.Time)(nil), NotAfter:(*v1.Time)(nil)}}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' 'OrderComplete' 'Order "production-auto-deploy-tls-3711733499" completed successfully'
E0624 15:02:26.374421 1 sync.go:499] cert-manager/controller/certificates/certificates "msg"="error saving certificate" "error"="resourceVersion should not be set on objects to be created"
E0624 15:02:26.374485 1 event.go:296] Could not construct reference to: '&v1alpha1.Certificate{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"production-auto-deploy-tls", GenerateName:"", Namespace:"kubernetes-test-27639905-production", SelfLink:"", UID:"1aeb1ed7-1788-4c8f-8845-3cf76113e85f", ResourceVersion:"1574081655", Generation:3, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63760143384, loc:(*time.Location)(0x2d04f40)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string{"app":"production", "app.kubernetes.io/instance":"production", "app.kubernetes.io/managed-by":"Helm", "app.kubernetes.io/name":"production", "chart":"auto-deploy-app-2.6.0", "helm.sh/chart":"auto-deploy-app-2.6.0", "heritage":"Helm", "release":"production"}, Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference{v1.OwnerReference{APIVersion:"extensions/v1beta1", Kind:"Ingress", Name:"production-auto-deploy", UID:"b0395b36-c947-4549-8e23-5e17eea332b5", Controller:(*bool)(0xc000722c90), BlockOwnerDeletion:(*bool)(0xc000722c91)}}, Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry{v1.ManagedFieldsEntry{Manager:"jetstack-cert-manager", Operation:"Update", APIVersion:"certmanager.k8s.io/v1alpha1", Time:(*v1.Time)(0xc000aa7ce0), Fields:(*v1.Fields)(nil)}}}, Spec:v1alpha1.CertificateSpec{CommonName:"", Organization:[]string(nil), Duration:(*v1.Duration)(nil), RenewBefore:(*v1.Duration)(nil), DNSNames:[]string{"le-27639905.kub-cltest.lom.li", "hostur2-kubernetes-test.kub-cltest.lom.li"}, IPAddresses:[]string(nil), SecretName:"production-auto-deploy-tls", IssuerRef:v1alpha1.ObjectReference{Name:"letsencrypt-prod", Kind:"ClusterIssuer", Group:""}, IsCA:false, Usages:[]v1alpha1.KeyUsage(nil), ACME:(*v1alpha1.ACMECertificateConfig)(0xc000aa7d20), KeySize:0, KeyAlgorithm:"", KeyEncoding:""}, Status:v1alpha1.CertificateStatus{Conditions:[]v1alpha1.CertificateCondition{v1alpha1.CertificateCondition{Type:"Ready", Status:"False", LastTransitionTime:(*v1.Time)(0xc000aa7d80), Reason:"TemporaryCertificate", Message:"Certificate issuance in progress. Temporary certificate issued."}}, LastFailureTime:(*v1.Time)(nil), NotAfter:(*v1.Time)(nil)}}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Warning' 'SaveCertError' 'Error saving TLS certificate: resourceVersion should not be set on objects to be created'
E0624 15:02:26.375859 1 controller.go:131] cert-manager/controller/certificates "msg"="re-queuing item due to error processing" "error"="resourceVersion should not be set on objects to be created" "key"="kubernetes-test-27639905-production/production-auto-deploy-tls"
certmanager-cert-manager-webhook
...
I0624 14:57:03.846840 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:05.106212 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.198251 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.411711 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.475789 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.608012 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.737256 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
I0624 14:57:11.781294 1 mutation.go:120] cert-manager "level"=0 "msg"="generated patch" "patch"="[{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsType\"},{\"op\":\"remove\",\"path\":\"/metadata/managedFields/0/fieldsV1\"}]"
Question
Is this a configuration issue?
Do I have to change something in the cluster configuration?