-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Internal error occurred: failed calling webhook #2918
Comments
Can you please get us the following info:
Thanks /triage support |
@meyskens I have updated the question. |
Also seeing this on a freshly installed k8s 1.18.3 cluster with cert manager 0.15.1. Logs from the webhook pod are identical to the OP's. |
same issue with k8s 1.18.3 cluster with cert manager 0.15.1 |
same issue with k8s 1.15.12 and cert manager 0.15.1. Is there any workaround to this issue? |
same issue with k8s 1.17.2 and cert-manager 0.15.1... |
same issue with k8s 1.17.5 and cert-manager 0.14.3... |
What OS are you using because it was working fine with cert-manager 0.13 on Debian 9, but since I moved to Ubuntu 18.04, and I can't make it working anymore (I wrote a guide at that time). |
I’m running all my nodes on CentOS 7. I’ve updated my question. |
I am also running on OpenNebula k8s cluster. First make sure to label your master node: Now install cert-manager with the following helm cmd:
|
same issue with k8s 1.18.2 cluster calico with cert manager 0.15.1 and 0.13.1 |
same issue with k8s 1.17.2 and cert-manager 0.15.1 |
same issue with openshift 4.3 and cert manager 0.15.1 |
same issue after upgrading k8s 1.17.x to 1.18.6 (Rancher / flannel 0.12.0) with cert-manager 0.15.0, 0.15.2 and 0.16.0 couple of observations:
which took me to this issue with flannel: flannel-io/flannel#1243 after adding the route as proposed here things seem to start working again |
I would like to post that now I no more have any issues with cert-manager in my Kubernetes 1.15.12 cluster. I did ran the sonobuoy tool which highlighted that master nodes were failing to communicate with worker node after the provisioning tool Chef ran due to a restart of the VPN service (that allows masters and workers to talk to each other securely). I'm now checking why restarting the VPN service prevents the nodes to communicate together, but that's another topic. To be more precise on my case, I'm running When that happen, after grabbing the
All in all the Update: Actually I just discovered that when restarting the VPN service, the flannel network interface disappears and is never recreated! That explains why Kubernetes pods on that node can't communicate with other pods from the cluster. |
Going to close this one as it doesn't seem cert-manager related. Feel free to /reopen if needed. |
/close |
@meyskens: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
same issue when i want to create ingress service |
@alikarimii Got any more commands for this one? Do you need to |
When testing the installation, I get "Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=30s: context deadline exceeded"
Versions:
Kubernetes: Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.2", GitCommit:"52c56ce7a8272c798dbc29846288d7cd9fbae032", GitTreeState:"clean", BuildDate:"2020-04-16T11:56:40Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
OS: CentOS 7
Update: I have removed this environment and will not be able to test any fixes.
Cert Manager: v0.15.0
Installed from Helm using official documentation on a two-node cluster.
To reproduce:
Expected results:
Additional Notes:
Logs (
kubectl logs -l app=cert-manager -n cert-manager
):kubectl logs -n cert-manager cert-manager-7cb75cf6b4-wjndg
:kubectl logs -n cert-manager cert-manager-cainjector-759496659c-6sgkj
:kubectl logs -n cert-manager cert-manager-webhook-7c75b89bf6-c4fr6
:The text was updated successfully, but these errors were encountered: