🐛 Wait for cert-manager in make create-cluster-management

[tahsinrahman]

What this PR does / why we need it:
Fix this error

$ make create-cluster-management
unable to recognize "examples/_out/provider-components.yaml": no matches for kind "Certificate" in version "certmanager.k8s.io/v1alpha1"
unable to recognize "examples/_out/provider-components.yaml": no matches for kind "Issuer" in version "certmanager.k8s.io/v1alpha1"

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

[detiber]

Suggested change

	create -f examples/_out/provider-components.yaml || true
	create -f examples/_out/provider-components.yaml

We should not continue if applying the provider components fails.

[tahsinrahman]

currently cert-manager manifests are added to provider-components.yaml. So should we deploy cert-manager first from capi/config/certmanager, wait for pods to be ready and then apply provider-components.yaml?

[detiber]

Yes, I believe that should be the correct ordering.

[tahsinrahman]

Then we get this error, cert-manager manifests already exists :|

namespace/capi-system created
customresourcedefinition.apiextensions.k8s.io/awsclusters.infrastructure.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/awsmachines.infrastructure.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/awsmachinetemplates.infrastructure.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/clusters.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/kubeadmconfigs.bootstrap.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/machinedeployments.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/machines.cluster.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/machinesets.cluster.x-k8s.io created
role.rbac.authorization.k8s.io/capa-leader-election-role created
role.rbac.authorization.k8s.io/capi-leader-election-role created
clusterrole.rbac.authorization.k8s.io/capa-manager-role created
clusterrole.rbac.authorization.k8s.io/capa-proxy-role created
clusterrole.rbac.authorization.k8s.io/capi-manager-role created
rolebinding.rbac.authorization.k8s.io/capa-leader-election-rolebinding created
rolebinding.rbac.authorization.k8s.io/capi-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/capa-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/capa-proxy-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/capi-manager-rolebinding created
secret/capa-manager-bootstrap-credentials created
service/capa-controller-manager-metrics-service created
service/capa-webhook-service created
deployment.apps/capa-controller-manager created
deployment.apps/capi-controller-manager created
certificate.certmanager.k8s.io/capa-serving-cert created
issuer.certmanager.k8s.io/capa-selfsigned-issuer created
validatingwebhookconfiguration.admissionregistration.k8s.io/capa-validating-webhook-configuration created
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": namespaces "cert-manager" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": customresourcedefinitions.apiextensions.k8s.io "certificaterequests.certmanager.k8s.io" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": customresourcedefinitions.apiextensions.k8s.io "certificates.certmanager.k8s.io" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": customresourcedefinitions.apiextensions.k8s.io "challenges.certmanager.k8s.io" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": customresourcedefinitions.apiextensions.k8s.io "clusterissuers.certmanager.k8s.io" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": customresourcedefinitions.apiextensions.k8s.io "issuers.certmanager.k8s.io" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": customresourcedefinitions.apiextensions.k8s.io "orders.certmanager.k8s.io" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": mutatingwebhookconfigurations.admissionregistration.k8s.io "cert-manager-webhook" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": serviceaccounts "cert-manager" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": serviceaccounts "cert-manager-cainjector" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": serviceaccounts "cert-manager-webhook" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-edit" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-view" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-webhook:webhook-requester" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-cainjector" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-controller-certificates" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-controller-challenges" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-controller-clusterissuers" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-controller-ingress-shim" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-controller-issuers" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-controller-orders" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterroles.rbac.authorization.k8s.io "cert-manager-leaderelection" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": rolebindings.rbac.authorization.k8s.io "cert-manager-webhook:webhook-authentication-reader" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-cainjector" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-controller-certificates" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-controller-challenges" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-controller-clusterissuers" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-controller-ingress-shim" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-controller-issuers" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-controller-orders" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-leaderelection" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": clusterrolebindings.rbac.authorization.k8s.io "cert-manager-webhook:auth-delegator" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": services "cert-manager" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": services "cert-manager-webhook" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": deployments.apps "cert-manager" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": deployments.apps "cert-manager-cainjector" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": deployments.apps "cert-manager-webhook" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": apiservices.apiregistration.k8s.io "v1beta1.webhook.certmanager.k8s.io" already exists
Error from server (AlreadyExists): error when creating "examples/_out/provider-components.yaml": validatingwebhookconfigurations.admissionregistration.k8s.io "cert-manager-webhook" already exists
make: *** [Makefile:319: create-cluster-management] Error 1

[detiber]

Ah, this is because the target that is building the provider components is adding the cert manager manifests... I'm wondering if we should not use that target for this step and instead build the manifests with kustomize here instead?

[vincepri]

Where are these CRDs getting added?

[tahsinrahman]

This sleep is to avoid this error

Error from server (InternalError): error when creating "examples/_out/provider-components.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": the server is currently unable to handle the request
Error from server (InternalError): error when creating "examples/_out/provider-components.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": the server is currently unable to handle the request

[vincepri]

This can probably be removed

[tahsinrahman]

this sleep is here as pods are not created instantly, kubectl wait complains that no pod found

# Wait for cert-manager pods to be ready.
kubectl \
	--kubeconfig=$(kind get kubeconfig-path --name="clusterapi") \
	wait --for=condition=Ready --namespace=cert-manager --timeout=15m pods --all
error: no matching resources found

[dims]

/approve
/lgtm

[vincepri]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, tahsinrahman, vincepri

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [vincepri]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment