Setting up CertManager on GKE

Question

I'm trying to setup CertManager on k8s and I keep getting the following error:

Error syncing to GCP: error running load balancer syncing routine: error initializing translator env: secrets "letsencrypt-cluster-issuer-key" not found

It looks like the name of the generated certificate has a suffix to it, thus it can't find it.

My configuration

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kong-ingress
  namespace: api
  annotations:
    kubernetes.io/ingress.class: "gce"
    cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
    kubernetes.io/ingress.global-static-ip-name: "api"
spec:
  rules:
  - host: MY_DOMAIN
    http:
      paths:
      - path: "/*"
        pathType: ImplementationSpecific
        backend:
          service:
            name: kong
            port:
              number: 8000
  tls:
    - hosts:
      - MY_DOMAIN
      secretName: letsencrypt-cluster-issuer-key
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-cluster-issuer
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: MY_EMAIL
    privateKeySecretRef:
      name: letsencrypt-cluster-issuer-key
    solvers:
      - http01:
          ingress:
            class: gce
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: api-certificate
  namespace: api
spec:
  secretName: letsencrypt-cluster-issuer-key
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  subject:
    organizations:
      - MY_ORGANIZATION
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
    - client auth
  # At least one of a DNS Name, URI, or IP address is required.
  dnsNames:
    - MY_DOMAIN
  # Issuer references are always required.
  issuerRef:
    name: letsencrypt-cluster-issuer
    kind: ClusterIssuer

Outputs:

❯ kubectl -n api get certificates
NAME                             READY   SECRET                           AGE
api-certificate                  False   letsencrypt-cluster-issuer-key   6m14s
letsencrypt-cluster-issuer-key   False   letsencrypt-cluster-issuer-key   6m9s

❯ kubectl -n api get secrets
NAME                                   TYPE                                  DATA   AGE
api-certificate-vn2dj                  Opaque                                1      7m8s
default-token-5vd7p                    kubernetes.io/service-account-token   3      8m35s
letsencrypt-cluster-issuer-key-76cvz   Opaque                                1      7m4s

As you can see, the generated secret has this suffix on it and causes the problem I think. I've also tried to move the certificate around to following namespaces default, kube-system, cert-manager without any success

Versions:

• CertManager 1.8.0
• GKE 1.23.5-gke.2400

Any ideas?