how to disabled serverSideApply

[ruifaling]

Describe the bug:

Expected behaviour:

Steps to reproduce the bug:

I have installed the cert-manger of version 1.8.2 by kubectl aaply -f cert-manger.yaml，but Secret created failed when a certificate wanted, and I got the error form the pod of cert-manager:failed to apply secret xxx: 415 unsupported Media Type. Then I modified the apiserver to enabled the feature gate of serverSideApply, and the error disappered and the secret created successfully. I have some doubts: I have not set the serverSideApply in my cert-manager deployment, Isn't it optional？And how to disabled it ?
Anything else we need to know?:

Environment details::

• Kubernetes version:1.23.7 and 1.20.10
• Cloud-provider/provisioner:
• cert-manager version: 1.8.2
• Install method: e.g. helm/static manifests

/help

[jetstack-bot]

@ruifaling: The label(s) kind/help cannot be applied, because the repository doesn't have them.

In response to this:

Describe the bug:

Expected behaviour:

Steps to reproduce the bug:

I have installed the cert-manger of version 1.8.2 by kubectl aaply -f cert-manger.yaml，but Secret created failed when a certificate wanted, and I got the error form the pod of cert-manager:failed to apply secret xxx: 415 unsupported Media Type. Then I modified the apiserver to enabled the feature gate of serverSideApply, and the error disappered and the secret created successfully. I have some doubts: I have not set the serverSideApply in my cert-manager deployment, Isn't it optional？And how to disabled it ?
Anything else we need to know?:

Environment details::

• Kubernetes version:1.23.7 and 1.20.10
• Cloud-provider/provisioner:
• cert-manager version: 1.8.2
• Install method: e.g. helm/static manifests

/kind help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jetstack-bot]

@ruifaling:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[goto100]

It seems not able to disable SSA for secret creation. --feature-gates=ServerSideApply=false is not working.

[hzux]

down version to 1.6.3, it worked for me

[ruifaling]

It seems not able to disable SSA for secret creation. --feature-gates=ServerSideApply=false is not working.

According to my test，It dose not work.

[sathyanarays]

Adding more details to reproduce this issue in Kind cluster:

1. Edit the kind configuration located at cert-manager/make/config/kind/cluster.yaml to disable server side apply

apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
featureGates:
  "ServerSideApply": false
kubeadmConfigPatches:
  - |
    kind: ClusterConfiguration
    metadata:
      name: config
    etcd:
      local:
        extraArgs:
          unsafe-no-fsync: "true"
    networking:
      serviceSubnet: 10.0.0.0/16
nodes:
  - role: control-plane

2. Clean up the e2e kind cluster (if you already have one)
3. Run make e2e-setup-kind
4. Run make e2e-setup

The make e2e-setup will fail. The error logs in the cert-manager pod is as follows:

E1013 10:49:02.923638       1 controller.go:167] cert-manager/certificates-trigger "msg"="re-queuing item due to error processing" "error"="the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json" "key"="samplewebhook/samplewebhook-example-webhook-webhook-tls"
I1013 10:49:02.936093       1 trigger_controller.go:200] cert-manager/certificates-trigger "msg"="Certificate must be re-issued" "key"="samplewebhook/samplewebhook-example-webhook-ca" "message"="Issuing certificate as Secret does not exist" "reason"="DoesNotExist"
E1013 10:49:02.937119       1 controller.go:167] cert-manager/certificates-readiness "msg"="re-queuing item due to error processing" "error"="the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json" "key"="samplewebhook/samplewebhook-example-webhook-ca"
E1013 10:49:02.937797       1 controller.go:167] cert-manager/certificates-trigger "msg"="re-queuing item due to error processing" "error"="the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json" "key"="samplewebhook/samplewebhook-example-webhook-ca"
E1013 10:49:32.907918       1 controller.go:167] cert-manager/certificates-readiness "msg"="re-queuing item due to error processing" "error"="the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json" "key"="samplewebhook/samplewebhook-example-webhook-webhook-tls"
I1013 10:49:32.924072       1 trigger_controller.go:200] cert-manager/certificates-trigger "msg"="Certificate must be re-issued" "key"="samplewebhook/samplewebhook-example-webhook-webhook-tls" "message"="Issuing certificate as Secret does not exist" "reason"="DoesNotExist"
E1013 10:49:32.925726       1 controller.go:167] cert-manager/certificates-trigger "msg"="re-queuing item due to error processing" "error"="the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json" "key"="samplewebhook/samplewebhook-example-webhook-webhook-tls"
I1013 10:49:32.938196       1 trigger_controller.go:200] cert-manager/certificates-trigger "msg"="Certificate must be re-issued" "key"="samplewebhook/samplewebhook-example-webhook-ca" "message"="Issuing certificate as Secret does not exist" "reason"="DoesNotExist"
E1013 10:49:32.939567       1 controller.go:167] cert-manager/certificates-trigger "msg"="re-queuing item due to error processing" "error"="the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json" "key"="samplewebhook/samplewebhook-example-webhook-ca"
E1013 10:49:32.939669       1 controller.go:167] cert-manager/certificates-readiness "msg"="re-queuing item due to error processing" "error"="the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json" "key"="samplewebhook/samplewebhook-example-webhook-ca"

[sathyanarays]

Since the ServerSIdeApply feature was on Beta in K8s 1.20 & 1.21, customers may choose to disable them!

[sathyanarays]

For cert-manager versions above v1.7.0, the cluster should have ServerSideApply enabled!

[jetstack-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

[jetstack-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale

[ruifaling]

/close

[jetstack-bot]

@ruifaling: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.