Improved error logging #41
Description
Currently, when the controller fails to create/sync a certificate, there is no helpful log messages on how to fix. This is even true when the logs are set to debug. For example:
kubectl log -l app.kubernetes.io/name=cert-manager-sync | grep stg.example
{"action":"nextRetryTime","level":"debug","msg":"nextRetryTime 2025-12-30 17:34:51 +0000 UTC","name":"stg.example.app.internal","namespace":"stg-example-app","next-retry":"2025-12-30T17:34:51Z","time":"2025-12-30T17:33:23Z"}
{"action":"HandleSecret","level":"debug","msg":"not ready to retry","name":"stg.example.app.internal","namespace":"stg-example-app","time":"2025-12-30T17:33:23Z"}
{"action":"secretWatched","level":"debug","msg":"returning true","namespace":"stg-example-app","secret":"stg.example.app.internal","time":"2025-12-30T17:33:25Z"}
{"action":"HandleSecret","level":"debug","msg":"HandleSecret stg-example-app/stg.example.app.internal","name":"stg.example.app.internal","namespace":"stg-example-app","time":"2025-12-30T17:33:25Z"}
{"action":"readyToRetry","level":"debug","msg":"readyToRetry stg.example.app.internal","time":"2025-12-30T17:33:25Z"}
{"action":"maxRetries","level":"debug","msg":"maxRetries stg.example.app.internal","time":"2025-12-30T17:33:25Z"}
{"action":"consumedRetries","level":"debug","msg":"consumedRetries stg.example.app.internal","time":"2025-12-30T17:33:25Z"}
{"action":"nextRetryTime","level":"debug","msg":"nextRetryTime","name":"stg.example.app.internal","namespace":"stg-example-app","time":"2025-12-30T17:33:25Z"}
{"action":"nextRetryTime","level":"debug","msg":"nextRetryTime 2025-12-30 17:34:51 +0000 UTC","name":"stg.example.app.internal","namespace":"stg-example-app","next-retry":"2025-12-30T17:34:51Z","time":"2025-12-30T17:33:25Z"}
{"action":"HandleSecret","level":"debug","msg":"not ready to retry","name":"stg.example.app.internal","namespace":"stg-example-app","time":"2025-12-30T17:33:25Z"}
More details around why a sync is failing would be helpful to understand what a cluster operator can fix.