install cert-manager: Readiness probe failed: HTTP probe failed with statuscode: 500 #3653
Labels
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
triage/support
Indicates an issue that is a support question.
when I try install cert-manager using following config yaml - everything created well except manager-webhook - when i check the events showing Readiness probe failed: HTTP probe failed with statuscode: 500
kubectl get pods -n cert-manager
NAME READY STATUS RESTARTS AGE
cert-manager-64887fb9d6-549vd 1/1 Running 0 29m
cert-manager-cainjector-99977ff45-85k64 1/1 Running 0 29m
cert-manager-webhook-64c5d4c9db-n296v 0/1 Running 0 21m
please find the following logs for the cert-manager-webhook pod
W0211 09:44:35.851864 1 client_config.go:608] Neither --kubeconfig nor --master was speci
fied. Using the inClusterConfig. This might not work.
I0211 09:44:35.852670 1 webhook.go:57] cert-manager/webhook "msg"="using dynamic certific
ate generating using CA stored in Secret resource" "secret_name"="cert-manager-webhook-ca" "se
cret_namespace"="cert-manager"
I0211 09:44:35.853889 1 server.go:146] cert-manager/webhook "msg"="listening for insecure
healthz connections" "address"=":6080"
I0211 09:44:35.854007 1 server.go:159] cert-manager/webhook "msg"="listening for secure c
onnections" "address"=":10250"
I0211 09:44:35.854039 1 server.go:185] cert-manager/webhook "msg"="registered pprof handl
ers"
I0211 09:44:35.859532 1 reflector.go:207] Starting reflector *v1.Secret (1m0s) from exter
nal/io_k8s_client_go/tools/cache/reflector.go:156
E0211 09:44:35.872089 1 reflector.go:127] external/io_k8s_client_go/tools/cache/reflector
.go:156: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets "cert-manager-webhook-c
a" is forbidden: User "system:serviceaccount:cert-manager:cert-manager-webhook" cannot list res
ource "secrets" in API group "" in the namespace "cert-manager"
E0211 09:44:36.826302 1 reflector.go:127] external/io_k8s_client_go/tools/cache/reflector
.go:156: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets "cert-manager-webhook-c
a" is forbidden: User "system:serviceaccount:cert-manager:cert-manager-webhook" cannot list res
ource "secrets" in API group "" in the namespace "cert-manager"
E0211 09:44:36.864222 1 dynamic_source.go:88] cert-manager/webhook "msg"="Failed to gener
ate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed
to find any PEM data in certificate input" "interval"=1000000000
E0211 09:44:37.861486 1 dynamic_source.go:88] cert-manager/webhook "msg"="Failed to gener
ate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed
to find any PEM data in certificate input" "interval"=1000000000
Environment details::
let me know if more info need, thanks
/kind bug
The text was updated successfully, but these errors were encountered: