[1.21.1] cert manager compatibilty problem?

[pasztorl]

Report

Tried with cert manager 1.17 and 1.19 and still got this messages in operator log.
Cert manager is working fine, the issuers are ready, certs on secrets also valid.
Even tried to ignore webhook validation error, the problem is the same.

More about the problem

2026-01-13T11:30:35.070Z	ERROR	Reconciler error	{"controller": "psmdb-controller", "controllerGroup": "psmdb.percona.com", "controllerKind": "PerconaServerMongoDB", "PerconaServerMongoDB": {"name":"graylog-mdb-psmdb-db","namespace":"log"}, "namespace": "log", "name": "graylog-mdb-psmdb-db", "reconcileID": "f5eda14c-99fa-464b-a335-2ca246737e1e", "error": "TLS secrets handler: \"check cert-manager: the cert-manager validating webhook did not validate the dry-run CertificateRequest object\". Please create your TLS secret graylog-mdb-psmdb-db-ssl manually or setup cert-manager correctly", "errorVerbose": "TLS secrets handler: \"check cert-manager: the cert-manager validating webhook did not validate the dry-run CertificateRequest object\". Please create your TLS secret graylog-mdb-psmdb-db-ssl manually or setup cert-manager correctly\ngithub.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb.(*ReconcilePerconaServerMongoDB).Reconcile\n\t/go/src/github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb/psmdb_controller.go:393\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:216\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:461\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:421\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func1.1\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:296\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1693"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:474
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:421
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func1.1
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:296

Steps to reproduce

1. install cert manager (default values)
2. install percona psmdb operator (default values)
3. have previously created psmdb cluster

Versions

1. Kubernetes 1.32
2. Operator 1.21.1
3. Database 8.0.4

Anything else?

No response

[hors]

@pasztorl We have tested PSMDBO 1.21.1 with cert-manager v1.19.1. Please try to update your cert manager.

[pasztorl]

Hi! I tried with 1.19.1 too with same result. :(

[hors]

@pasztorl Do you use Helm to deploy the PSMDB operator and cluster? Also, I’m not sure I understand step 3 – “have previously created a PSMDB cluster.” What does that mean?

I’m planning to test it like this:

1. Deploy CertManager
2. Deploy the operator
3. Create a fresh PSMDB cluster

Does that sound correct? Or I need to have some old cluster

[hors]

@pasztorl Do you use Helm to deploy the PSMDB operator and cluster? Also, I’m not sure I understand step 3 – “have previously created a PSMDB cluster.” What does that mean?

I’m planning to test it like this:

1. Deploy CertManager
2. Deploy the operator
3. Create a fresh PSMDB cluster

Does that sound correct? Or I need to have some old cluster

@pasztorl could you please check my latest message?

[pasztorl]

hi @hors
sorry for the delay. i have an already running cluster. I have'n tried with new cluster and yes, i using the psmdb-db helm chart