Error when starting pod - Hostname is required to create a client factory

[Realiserad]

I get the error "Hostname is required to create a client factory" when deploying the controller, but the hostname is defined in the ejbca-credentials secret.

This is how I deploy:

[...]
kubectl -n pki create secret generic ejbca-credentials --from-file credentials.yml
cat > values.yml<< EOF
ejbca:
  defaultCertificateProfileName: "TLS Certificate"
  defaultEndEntityProfileName: "Istio Workload"
  defaultCertificateAuthorityName: "Kubernetes CA"
EOF
git clone https://github.com/Keyfactor/ejbca-k8s-csr-signer.git
helm package ejbca-k8s-csr-signer/charts
helm install -n pki ejbca-k8s -f values.yml ejbca-csr-signer-*.tgz

Any idea what's wrong?

user@ubuntu:~$ kubectl logs -n pki ejbca-k8s-ejbca-csr-signer-85f888cc44-p9dzg
INFO[2023-02-18T18:34:23Z] Getting configuration from ./config/config.yaml  scope=Config
TRAC[2023-02-18T18:34:23Z] ./config/config.yaml exists and contains 206 bytes:
 useEST: false
defaultESTAlias: 
defaultCertificateProfileName: TLS Certificate
defaultEndEntityProfileName: Istio Workload
defaultCertificateAuthorityName: Kubernetes CA
healthcheckPort: 5354
chainDepth: 4  scope=Config
INFO[2023-02-18T18:34:23Z] Successfully retrieved configuration: 
 &config.ServerConfig{HealthCheckPort:"5354", DefaultCertificateProfileName:"TLS Certificate", DefaultEndEntityProfileName:"Istio Workload", DefaultCertificateAuthorityName:"Kubernetes CA", UseEST:false, DefaultESTAlias:"", ChainDepth:4}  scope=Config
INFO[2023-02-18T18:34:23Z] Successfully retrieved credentials.           scope=Credential
INFO[2023-02-18T18:34:23Z] Looking in /clientcert/ for client certificates  scope=Credential
WARN[2023-02-18T18:34:23Z] read /clientcert/..data: is a directory       scope=Credential
INFO[2023-02-18T18:34:23Z] tls.crt exists and contains 1444 bytes        scope=Credential
INFO[2023-02-18T18:34:23Z] tls.key exists and contains 1705 bytes        scope=Credential
INFO[2023-02-18T18:34:23Z] Successfully retrieved client certificate     scope=Credential
2023/02/18 18:34:23 [ERROR] Hostname is required to create a client factory.
FATA[2023-02-18T18:34:23Z] hostname is required to create a client factory  scope=Main
user@ubuntu:~$ 
user@ubuntu:~$ kubectl get secrets -n pki
NAME                              TYPE                 DATA   AGE
ejbca-client-cert                 kubernetes.io/tls    2      122m
sh.helm.release.v1.ejbca-k8s.v1   helm.sh/release.v1   1      81m
ejbca-credentials                 Opaque               1      67m
user@ubuntu:~$ kubectl get pods -n pki
NAME                                          READY   STATUS             RESTARTS         AGE
ca                                            1/1     Running            4 (36m ago)      2d3h
ejbca-k8s-ejbca-csr-signer-85f888cc44-p9dzg   0/1     CrashLoopBackOff   17 (4m42s ago)   44m
user@ubuntu:~$ kubectl describe secret -n pki ejbca-credentials
Name:         ejbca-credentials
Namespace:    pki
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
credentials.yml:  451 bytes
user@ubuntu:~$ cat credentials.yml 
# Hostname to EJBCA server
hostname: "ca.pki.svc.cluster.local"

# Password used to protect private key, if it's encrypted according to RFC 1423. Leave blank if private key
# is not encrypted.
keyPassword: ""

# EJBCA username used if the proxy was configured to use EST for enrollment. To enable EST, set useEST to true in values.yaml.
ejbcaUsername: ""

# EJBCA password used if the proxy was configured to use EST for enrollment.
ejbcaPassword: ""

The error message seems to come from the EJBCA Go Client which reads the hostname from the EJBCA_HOSTNAME environment variable.

[svenska-primekey]

Can you try creating the secret with .yaml instead of .yml. I seem to recall that has something to do with this.