Skip to content

cert-manager 0.10.1 broken with Kubernetes 1.20

Summary

When doing a fresh deploy with a 1.20 cluster certificates are not provisioned - cert manager has the following error: sync.go:499] cert-manager/controller/certificates/certificates "msg"="error saving certificate" "error"="resourceVersion should not be set on objects to be created"

This appears to be caused by https://github.com/jetstack/cert-manager/issues/3615 and is resolved in newer cert-manager versions

Steps to reproduce

Install Gitlab Chart on k8s 1.20 cluster using the build in cert-manager and letsencrypt issuer

Configuration used

global:
  edition: ce
  hosts:
    https: true
...
  ingress:
    configureCertmanager: true
    enabled: true
    tls:
      enabled: true
...
certmanager:
  # Disable CRD creation as it's already added by GKE
  createCustomResource: false

certmanager-issuer:
  email: ${cert_manager_email}

Current behavior

Cert-manager loops with the error above every 30 seconds

Expected behavior

Certificate is provisioned

Versions

  • Chart: 4.10.4
  • Platform:
    • Cloud: GKE
  • Kubernetes: (kubectl version)
    • Client: Terraform Kubernetes provider 1.13.2
    • Server: v1.20.6-gke.1000
  • Helm: (helm version)
    • Client: Terraform Helm provider 1.3.0
    • Server: N/A

Relevant logs

Here is a complete try/retry loop for the main cert:

E0604 18:49:31.743370       1 sync.go:499] cert-manager/controller/certificates/certificates "msg"="error saving certificate" "error"="resourceVersion should not be set on objects to be created"  
E0604 18:49:31.743601       1 controller.go:131] cert-manager/controller/certificates "msg"="re-queuing item  due to error processing" "error"="resourceVersion should not be set on objects to be created" "key"="gitlab/gitlab-gitlab-tls" 
I0604 18:49:31.822271       1 controller.go:129] cert-manager/controller/certificates "level"=0 "msg"="syncing item" "key"="gitlab/gitlab-gitlab-tls" 
I0604 18:49:31.822432       1 controller.go:129] cert-manager/controller/orders "level"=0 "msg"="syncing item" "key"="gitlab/gitlab-gitlab-tls-4149932550" 
I0604 18:49:31.823878       1 controller.go:135] cert-manager/controller/orders "level"=0 "msg"="finished processing work item" "key"="gitlab/gitlab-gitlab-tls-4149932550" 
I0604 18:49:31.823906       1 controller.go:129] cert-manager/controller/orders "level"=0 "msg"="syncing item" "key"="gitlab/gitlab-registry-tls-1977550111" 
I0604 18:49:31.824098       1 controller.go:129] cert-manager/controller/certificates "level"=0 "msg"="syncing item" "key"="gitlab/gitlab-registry-tls" 
I0604 18:49:31.825209       1 controller.go:135] cert-manager/controller/orders "level"=0 "msg"="finished processing work item" "key"="gitlab/gitlab-registry-tls-1977550111" 
E0604 18:49:31.832602       1 sync.go:499] cert-manager/controller/certificates/certificates "msg"="error saving certificate" "error"="resourceVersion should not be set on objects to be created"