WebHook error

[PrashantGSIN]

the cert-manager-vault-token created after that getting the below error.

Describe the bug:

Expected behaviour:

Should have fetched the certificates

Steps to reproduce the bug:

Restarted the Vault and microk8s.

Anything else we need to know?:

Environment details::

• Kubernetes version: 1.21/stable
• Cloud-provider/provisioner: testing over local Ubuntu
• cert-manager version: v1.5.3
• Install method: e.g. helm/static manifests: static

/kind bug

[irbekrm]

Please describe your installation config, what actually happened, what resources got created and add any logs with error messages etc.

[PrashantGSIN]

Please describe your installation config, what actually happened, what resources got created and add any logs with error messages etc.

@irbekrm,

I am actually testing K8s cert-manager vault configuration for automation of certificates.

I am able to install/start microk8s, able to run the pods, able to generate the token but my issuer is throwing this error.

I have attached the yml file in my first comment.

Let me know if you need any more of the details.

[PrashantGSIN]

Hi any other thoughts.

[irbekrm]

It looks like Kubernetes API server is not able to reach cert-manager webhook.

Have you checked that the webhook deployment is up and healthy? Are there any error logs etc?

It may also be that your cluster networking setup does not allow Kubernetes API server to reach a cluster service in which case you might need to run the webhook on host network https://cert-manager.io/docs/installation/compatibility/#aws-eks

[PrashantGSIN]

It looks like Kubernetes API server is not able to reach cert-manager webhook.

Have you checked that the webhook deployment is up and healthy? Are there any error logs etc?

It may also be that your cluster networking setup does not allow Kubernetes API server to reach a cluster service in which case you might need to run the webhook on host network https://cert-manager.io/docs/installation/compatibility/#aws-eks

The issue was once resolved by removing microk8s with "sudo snap remove microk8s" but today I was testing from the srcatch again got the same error. Although WebHook pod is up and running without any error. I am testing it over Amazon Ubuntu. Can't we set it up over Amazon Ubuntu ?

[irbekrm]

It shouldn't be related to Amazon Ubuntu. It is likely related to what your cluster networking setup is. You should verify that Kubernetes API server is able to reach the webhook service.

[PrashantGSIN]

It shouldn't be related to Amazon Ubuntu. It is likely related to what your cluster networking setup is. You should verify that Kubernetes API server is able to reach the webhook service.

Yes, I am using default VPC over AWS cloud with required ports enabled. How I can check if the k8s API server is able to reach webhook service ? Please help.

[irbekrm]

I don't really understand the setup - is this a self-hosted Kubernetes or are you using something like EKS?

[PrashantGSIN]

I don't really understand the setup - is this a self-hosted Kubernetes or are you using something like EKS?

I have taken Ubuntu machine from AWS EC2 console and there I am testing it. So I guess it is self-hosted k8s.
Let me know if you need any further information.

[PrashantGSIN]

I don't really understand the setup - is this a self-hosted Kubernetes or are you using something like EKS?

I have taken Ubuntu machine from AWS EC2 console and there I am testing it. So I guess it is self-hosted k8s.
Let me know if you need any further information.

I am testing microk8s on local ubuntu20.04 and still getting the same error. Please help.

[maelvls]

Note: if you like, you can join the #cert-manager channel on the Kubernetes Slack? You can join with this link.

[jetstack-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

[jetstack-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale

[jetstack-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

[jetstack-bot]

@jetstack-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.