Cert-manager scheme registration error in etcd-operator-controller-manager #232
Description
Problem
In the current implementation of cert-manager provider in etcd-operator, the etcd-operator-controller-manager expects cert-manager to be installed in the desired cluster as a prerequisite.
This prerequisite should not exist since we want to give users the flexibility to choose their own certificate manager, currently limited to: cert-manager provider and auto provider.
Cause
Introduced as a part of commit: b97e11f
Due to cert-manager scheme registration here: https://github.com/etcd-io/etcd-operator/blob/main/cmd/main.go#L52
Error Logs
In a vanilla cluster not having cert-manager pre-installed, the etcd-operator runs into the following error, causing CrashLoopBackOff.:
etcd-operator on auto-cert-provider [$!] via 🐳 colima via 🐹 v1.25.3 on ☁️ (us-east-1) on ☁️ [email protected] took 4s
❯ k logs -f etcd-operator-controller-manager-57f9c8d96c-h5wkd -n etcd-operator-system
2025-10-28T17:26:53Z INFO setup starting manager
2025-10-28T17:26:53Z INFO controller-runtime.metrics Starting metrics server
2025-10-28T17:26:53Z INFO setup disabling http/2
2025-10-28T17:26:53Z INFO starting server {"name": "health probe", "addr": "[::]:8081"}
I1028 17:26:53.655650 1 leaderelection.go:257] attempting to acquire leader lease etcd-operator-system/cc4a0f4b.etcd.io...
I1028 17:26:53.667873 1 leaderelection.go:271] successfully acquired lease etcd-operator-system/cc4a0f4b.etcd.io
2025-10-28T17:26:53Z INFO Starting EventSource {"controller": "etcdcluster", "controllerGroup": "operator.etcd.io", "controllerKind": "EtcdCluster", "source": "kind source: *v1.Certificate"}
2025-10-28T17:26:53Z DEBUG events etcd-operator-controller-manager-57f9c8d96c-h5wkd_b167bbfc-1d45-461d-b4a5-92de47951c9c became leader {"type": "Normal", "object": {"kind":"Lease","namespace":"etcd-operator-system","name":"cc4a0f4b.etcd.io","uid":"9c66e6c2-20a7-498e-a2c5-b6d681b2c992","apiVersion":"coordination.k8s.io/v1","resourceVersion":"1439"}, "reason": "LeaderElection"}
2025-10-28T17:26:53Z INFO Starting EventSource {"controller": "etcdcluster", "controllerGroup": "operator.etcd.io", "controllerKind": "EtcdCluster", "source": "kind source: *v1alpha1.EtcdCluster"}
2025-10-28T17:26:53Z INFO Starting EventSource {"controller": "etcdcluster", "controllerGroup": "operator.etcd.io", "controllerKind": "EtcdCluster", "source": "kind source: *v1.StatefulSet"}
2025-10-28T17:26:53Z INFO Starting EventSource {"controller": "etcdcluster", "controllerGroup": "operator.etcd.io", "controllerKind": "EtcdCluster", "source": "kind source: *v1.Service"}
2025-10-28T17:26:53Z INFO Starting EventSource {"controller": "etcdcluster", "controllerGroup": "operator.etcd.io", "controllerKind": "EtcdCluster", "source": "kind source: *v1.ConfigMap"}
2025-10-28T17:26:53Z ERROR controller-runtime.source.Kind failed to get informer from cache {"error": "unable to retrieve the complete list of server APIs: cert-manager.io/v1: no matches for cert-manager.io/v1, Resource="}
sigs.k8s.io/controller-runtime/pkg/internal/source.(*Kind[...]).Start.func1.1
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/source/kind.go:80
k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1
/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/loop.go:53
k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext
/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/loop.go:54
k8s.io/apimachinery/pkg/util/wait.PollUntilContextCancel
/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/poll.go:33
sigs.k8s.io/controller-runtime/pkg/internal/source.(*Kind[...]).Start.func1
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/source/kind.go:68
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 Running 0 8m24s
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 1/1 Running 0 8m35s
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 Error 0 10m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 Running 1 (2s ago) 10m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 1/1 Running 1 (13s ago) 10m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 Error 1 (2m19s ago) 12m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 CrashLoopBackOff 1 (5s ago) 12m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 Running 2 (18s ago) 12m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 1/1 Running 2 (29s ago) 13m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 Error 2 (2m34s ago) 15m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 CrashLoopBackOff 2 (5s ago) 15m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 0/1 Running 3 (28s ago) 15m
etcd-operator-system etcd-operator-controller-manager-57f9c8d96c-h5wkd 1/1 Running 3 (39s ago) 15m
Suggested Solution
Instead of registering the cert-manager scheme directly with the etcd-operator client, we can create a separate client for cert-manager.
This client would be invoked only when the cert-manager provider interface is selected, i.e., when the user opts for the cert-manager certificate provider.
Cert-manager client ref: https://github.com/cert-manager/cert-manager/tree/master/pkg/client/clientset/versioned