New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Web Hook in cert-manager is not working properly. Can anyone please me out. #6989
Comments
Hey @minigamkreddy thanks for raising. This is a fairly common error to see and usually it is networking, DNS or cloud provider specific as the issue. We have a guide to help debug if you could try that first? https://cert-manager.io/docs/troubleshooting/webhook/ Failing that, can you please share your k8s environment details. In general every cert-manager resource if sent to the |
Thanks For replying back Yes I will Follow the link which you have provided me. CERT MANAGER DETAILS Environment Details OS Details cert-manager version: ert-manager-controller: Note : For more Details related to Environment please reply back. MORE DEATAILS kubectl get pod -n cert-manager -l app.kubernetes.io/name=webhook root@KmasterVM:/home/manoj/VM1_E810/vcsr-orch/helms# kubectl get pod -n cert-manager -l app.kubernetes.io/name=webhook root@KmasterVM:/home/manoj/VM1_E810/vcsr-orch/helms# kubectl logs -n cert-manager -l app.kubernetes.io/name=webhook | head -10 root@KmasterVM:/home/manoj/VM1_E810/vcsr-orch/helms# kubectl get deploy -n cert-manager cert-manager-webhook -oyaml | grep -A3 ports: |
resource mapping not found for name: "cert-manager" namespace: "" from "test-resources.yaml": no matches for kind "Issuer" in version "v1" Below commands are not working curl -sS --dump-header - 127.0.0.1:6080/healthz => These command except the response from there 10.10.224.60:3128. These is not communicated with interval cluster. How to reslove these issue. |
If you run
Perhaps the CRDs were not installed, and that could explain it. But i expect they are there otherwise there should be more failing components. |
root@KmasterVM:/home/manoj/VM1_E810/cert-manager# kubectl get crd root@KmasterVM:/home/manoj/VM1_E810/cert-manager# kubectl apply -f test-resources.yaml |
above issue got resloved. But I am seeing another issue oot@KmasterVM:/home/manoj/VM1_E810/cert-manager# kubectl apply -f test-resources.yaml I have change the time to IST but still it doesn't work Can you suggest me any idea how to reslove these issue. |
Ok so you have CRDs and you now have a new error. Previously it was Can you get the cert-manager-webhook-ca certificate out of the secret it is stored in? k get secret -n cert-manager cert-manager-webhook-ca -o json | jq -r '.data["tls.crt"]' | base64 --decode | openssl x509 -text -noout Assuming that cert is active (which it should be). I would validate that your server time is synced properly. This seems like your master node you are running on. Maybe try checking your server time compared to actual time to see if there is any drift? sntp -d pool.ntp.org For example my output seems to be:
Which seems very much in sync. The concerning bit in your error is that the cert seems to be issued for the future in your case. So some time setting appears to be off: |
Thanks, But the Certificate which was created not able to access in different namespaces using clusterissuer as Kind. Do you have any reference yaml file. So that I can create the certificate which can be accessible across namespaces . |
I am getting below issue while creating the self-signed issuer and a certificate resource in a test namespace.
Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/validate?timeout=30s": Service Unavailable
Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/validate?timeout=30s": Service Unavailable
Describe the bug:
we will create a self-signed issuer and a certificate resource in a test namespace
Expected behaviour:
Need to communicate with webhook and create the self assigned certificate.
Steps to reproduce the bug:
I have followed the steps from the given below link
https://cert-manager.io/docs/installation/kubectl/
Anything else we need to know?:
Environment details::
Kubernetes version:
kubectl version
Client Version: v1.28.1
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.1
Cloud-provider/provisioner:
cert-manager version: ert-manager-controller:
Image: quay.io/jetstack/cert-manager-controller:v1.14.5
Install method:
https://cert-manager.io/docs/installation/kubectl/
/kind bug
The text was updated successfully, but these errors were encountered: