Cloudflare Origin Issuer not getting ready

Question

I am currently debugging an strange error where my Cloudflare OriginIssuers are not getting ready, which blocks renewals.

I have tried restarting it once but that did not help, I looked at the port cert-manager uses and whitelisted it in the firewall and restarted cert-manager and the cloudflare origin issuer to no avail. It keeps throwing {"level":"error","error":"resource default/staging is not ready","name":"controller","reconcilerGroup":"cert-manager.io","reconcilerKind":"CertificateRequest","controller":"certificaterequest","name":"certificate-private-hjbl4","namespace":"default","time":"2022-08-01T13:50:33Z","message":"Reconciler error"}

Looking at more logs doesn't get me any further as I cannot for the life of me find the exact error. The logs that get generated are the one above, but I cannot find a log anywhere where I see the error of the Issuer.

The config I used to deploy the Issuer is as follows

apiVersion: cert-manager.k8s.cloudflare.com/v1
kind: OriginIssuer
metadata:
  name: staging
  namespace: default
spec:
  auth:
    serviceKeyRef:
      key: key
      name: cloudflare-staging
  requestType: OriginECC

score 0 · Answer 1 · answered Aug 01 '22 at 14:50

0

So as it turned out. The pod got OOMKilled for an unknown reason (still figuring this OOMKill out). But atleast the pod is running now.

answered Aug 01 '22 at 14:50

HeroOnSocks

3
1

score 0 · Accepted Answer · answered Nov 22 '22 at 12:00

0

The default chart/config of origin-ca-issuer deploys the pod with a memory limit of 50Mi. The uneventful termination logs which ends up with OOMKilled might get resolved if you increase it to a higher memory limit. e.g. 100Mi.

answered Nov 22 '22 at 12:00

Charlie C

16

Cloudflare Origin Issuer not getting ready

2 Answers2