Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

failed calling admission webhook "admission.voyager.appscode.com" #1080

Closed
lilyhe123 opened this issue May 30, 2018 · 1 comment
Closed

failed calling admission webhook "admission.voyager.appscode.com" #1080

lilyhe123 opened this issue May 30, 2018 · 1 comment
Labels
bug

Comments

@lilyhe123
Copy link

@lilyhe123 lilyhe123 commented May 30, 2018

Install voyager via curl -fsSL https://raw.githubusercontent.com/appscode/voyager/6.0.0/hack/deploy/voyager.sh \ | bash -s -- --provider=baremetal --namespace=voyager

Then I deployed voyager ingress kk apply -f test-ingress.yaml but got following errors:
Error from server (InternalError): error when creating "test-ingress.yaml": Internal error occurred: failed calling admission webhook "admission.voyager.appscode.com": Post https://kubernetes.default.svc:443/apis/admission.voyager.appscode.com/v1beta1/admissionreviews: x509: certificate is valid for kubernetes.default.svc, not apiserver-loopback-client

My env:

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:17:39Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:05:37Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

$ docker version
Client:
 Version:      17.03.1-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   276fd32
 Built:        Fri Jun 23 20:13:39 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.03.1-ce
 API version:  1.27 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   276fd32
 Built:        Fri Jun 23 20:13:39 2017
 OS/Arch:      linux/amd64
 Experimental: false

And flags of the kube apiserver:

  - command:
    - kube-apiserver
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --service-cluster-ip-range=10.96.0.0/12
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --allow-privileged=true
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
    - --requestheader-username-headers=X-Remote-User
    - --requestheader-allowed-names=front-proxy-client
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --requestheader-group-headers=X-Remote-Group
    - --advertise-address=XXXX
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
    - --secure-port=6443
    - --insecure-port=0
    - --enable-bootstrap-token-auth=true
    - --authorization-mode=Node,RBAC
    - --etcd-servers=https://127.0.0.1:2379
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
@tamalsaha

This comment has been minimized.

Copy link
Member

@tamalsaha tamalsaha commented Jun 1, 2018

This issue was fixed after kubernetes.default.svc was added to NO_PROXY env var in kube-apiserver pod.

@tamalsaha tamalsaha closed this Jun 1, 2018
@tamalsaha tamalsaha added the bug label Jun 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.