Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with validating webhooks install with the official chart #1819

Closed
ghost opened this issue Apr 19, 2021 · 7 comments
Closed

Problems with validating webhooks install with the official chart #1819

ghost opened this issue Apr 19, 2021 · 7 comments
Assignees
@realshuting
Labels
helm Issues dealing with the Helm chart
Milestone
Kyverno Release 1...

Comments

@ghost
Copy link

ghost commented Apr 19, 2021
edited by ghost

Hello!
I am trying to instal 1.3.5 chart to a 1.19.7 Kubernetes cluster (It is a Yandex Cloud managed cluster)
After running helm install I am having a ns with loop-crashing Kyverno pod.
The only parameter I gave it was nodeselector parameter.
Logs reading some problem with creating ValidatingWebhook:

I0419 10:05:18.996862       1 version.go:17]  "msg"="Kyverno"  "Version"="v1.3.5"
I0419 10:05:18.996905       1 version.go:18]  "msg"="Kyverno"  "BuildHash"="(HEAD/4a4fdc54eeba747d3024cfbfd8b8df40c3828777"
I0419 10:05:18.996914       1 version.go:19]  "msg"="Kyverno"  "BuildTime"="2021-04-16_09:08:52PM"
I0419 10:05:18.997102       1 config.go:92] CreateClientConfig "msg"="Using in-cluster configuration"  
I0419 10:05:19.072040       1 util.go:86]  "msg"="CRD found"  "gvr"="kyverno.io/v1, Resource=clusterpolicies"
I0419 10:05:19.072763       1 util.go:86]  "msg"="CRD found"  "gvr"="wgpolicyk8s.io/v1alpha1, Resource=clusterpolicyreports"
I0419 10:05:19.073333       1 util.go:86]  "msg"="CRD found"  "gvr"="wgpolicyk8s.io/v1alpha1, Resource=policyreports"
I0419 10:05:19.073944       1 util.go:86]  "msg"="CRD found"  "gvr"="kyverno.io/v1alpha1, Resource=clusterreportchangerequests"
I0419 10:05:19.074626       1 util.go:86]  "msg"="CRD found"  "gvr"="kyverno.io/v1alpha1, Resource=reportchangerequests"
I0419 10:05:19.075970       1 reflector.go:219] Starting reflector *unstructured.Unstructured (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:19.176996       1 reflector.go:219] Starting reflector *unstructured.Unstructured (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:20.677873       1 reflector.go:219] Starting reflector *unstructured.Unstructured (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:20.778819       1 reflector.go:219] Starting reflector *unstructured.Unstructured (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:20.879603       1 reflector.go:219] Starting reflector *unstructured.Unstructured (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:20.980776       1 dynamicconfig.go:273] ConfigData "msg"="Init resource "  "excludeRoles"=""
I0419 10:05:20.985850       1 certRenewer.go:72] CertRenewer/InitTLSPemPair "msg"="building key/certificate pair for TLS"  
I0419 10:05:21.076637       1 certRenewer.go:132] CertRenewer/CAcert "msg"="secret created"  "name"="kyverno-f37b-svc.kyverno.svc.kyverno-tls-ca" "namespace"="kyverno"
I0419 10:05:21.211361       1 certRenewer.go:185] CertRenewer/WriteTLSPair "msg"="secret created"  "name"="kyverno-f37b-svc.kyverno.svc.kyverno-tls-pair" "namespace"="kyverno"
I0419 10:05:21.667915       1 reflector.go:219] Starting reflector *v1.Policy (1h0m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668040       1 reflector.go:219] Starting reflector *v1.GenerateRequest (1h0m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668152       1 reportcontroller.go:205] PolicyReportGenerator "msg"="start"  
I0419 10:05:21.668178       1 reflector.go:219] Starting reflector *v1alpha1.PolicyReport (1h0m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668221       1 reflector.go:219] Starting reflector *v1.ClusterPolicy (1h0m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668045       1 informer.go:109] PolicyCacheController "msg"="starting"  
I0419 10:05:21.667955       1 reportrequest.go:180] ReportChangeRequestGenerator "msg"="start"  
I0419 10:05:21.668416       1 reflector.go:219] Starting reflector *v1.ClusterRole (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668064       1 controller.go:226] GenerateCleanUpController "msg"="starting"  
I0419 10:05:21.668313       1 reflector.go:219] Starting reflector *v1alpha1.ClusterReportChangeRequest (1h0m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668480       1 reflector.go:219] Starting reflector *v1.Role (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668045       1 generate_controller.go:264] GenerateController "msg"="starting"  "workers"=10
I0419 10:05:21.668363       1 reflector.go:219] Starting reflector *v1alpha1.ReportChangeRequest (1h0m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668667       1 controller.go:112] EventGenerator "msg"="start"  
I0419 10:05:21.668356       1 reflector.go:219] Starting reflector *v1.ClusterRoleBinding (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668590       1 reflector.go:219] Starting reflector *v1.Namespace (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668590       1 reflector.go:219] Starting reflector *v1.ConfigMap (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668616       1 reflector.go:219] Starting reflector *v1.RoleBinding (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.668629       1 validate_controller.go:393] PolicyController "msg"="starting"  
I0419 10:05:21.668644       1 reflector.go:219] Starting reflector *unstructured.Unstructured (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.669180       1 reflector.go:219] Starting reflector *v1alpha1.ClusterPolicyReport (1h0m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.744704       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="restrict-apparmor-profiles" "uid"="a7a293b5-fb9b-4f1b-aa71-30d77b94c517"
I0419 10:05:21.795094       1 dynamicconfig.go:216] ConfigData "msg"="Updated resource filters" "name"="kyverno-f37b" "namespace"="kyverno" "newFilters"=[{"Kind":"Event","Namespace":"*","Name":"*"},{"Kind":"*","Namespace":"kube-system","Name":"*"},{"Kind":"*","Namespace":"kube-public","Name":"*"},{"Kind":"*","Namespace":"kube-node-lease","Name":"*"},{"Kind":"Node","Namespace":"*","Name":"*"},{"Kind":"APIService","Namespace":"*","Name":"*"},{"Kind":"TokenReview","Namespace":"*","Name":"*"},{"Kind":"SubjectAccessReview","Namespace":"*","Name":"*"},{"Kind":"SelfSubjectAccessReview","Namespace":"*","Name":"*"},{"Kind":"*","Namespace":"kyverno","Name":"*"},{"Kind":"Binding","Namespace":"*","Name":"*"},{"Kind":"ReplicaSet","Namespace":"*","Name":"*"},{"Kind":"ReportChangeRequest","Namespace":"*","Name":"*"},{"Kind":"ClusterReportChangeRequest","Namespace":"*","Name":"*"}] "oldFilters"=null
I0419 10:05:21.879960       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="disallow-host-path" "uid"="37d435a0-6e74-46ce-b4cd-cf4696d2a120"
I0419 10:05:21.881056       1 reflector.go:219] Starting reflector *unstructured.Unstructured (15m0s) from pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167
I0419 10:05:21.925541       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="restrict-sysctls" "uid"="35a7ac84-07ae-46b0-88d7-0b35e7c4b0c0"
I0419 10:05:21.945632       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="disallow-selinux" "uid"="964bc99b-ee47-4980-a24a-c15a53e1c23a"
I0419 10:05:21.959825       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="disallow-host-ports" "uid"="33e0c34e-85f9-4d8f-abd2-67a11ac3aeb7"
I0419 10:05:21.971990       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="disallow-add-capabilities" "uid"="40e1ebfd-d907-42f4-bafa-8e1205069933"
I0419 10:05:21.979764       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="sync-pullsecret" "uid"="67ada599-6031-49eb-803c-14a0ad718589"
I0419 10:05:22.094316       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="disallow-privileged-containers" "uid"="faa2963f-a27d-4b36-9873-eda949f4df2b"
I0419 10:05:22.511818       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="require-default-proc-mount" "uid"="a22445ca-afe0-44cd-a6ab-8bb37d4cd0a4"
W0419 10:05:22.805956       1 warnings.go:70] apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
I0419 10:05:22.895175       1 validate_controller.go:198] PolicyController "msg"="policy created"  "kind"="ClusterPolicy" "name"="disallow-host-namespaces" "uid"="be14019d-5f8a-442f-aff0-458b486ecb14"
I0419 10:05:23.086309       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
I0419 10:05:23.281132       1 server.go:483] WebhookServer "msg"="starting service"  
W0419 10:05:24.043796       1 warnings.go:70] apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
I0419 10:05:24.482724       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
I0419 10:05:25.682486       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
I0419 10:05:26.101031       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-terraform" "namespace"="terraform"
I0419 10:05:27.282330       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
I0419 10:05:28.487196       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-argo-rollouts" "namespace"="argo-rollouts"
I0419 10:05:28.882699       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
I0419 10:05:30.487313       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:30.487348       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
I0419 10:05:30.926001       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-argocd" "namespace"="argocd"
E0419 10:05:31.289907       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:32.081190       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:32.882094       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
I0419 10:05:33.290725       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-default" "namespace"="default"
E0419 10:05:33.681180       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:34.482168       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:05:34.482211       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:35.081121       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
I0419 10:05:35.290569       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-ingress-nginx" "namespace"="ingress-nginx"
I0419 10:05:36.283075       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:36.283106       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:05:36.882096       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
I0419 10:05:37.092822       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-monitoring" "namespace"="monitoring"
E0419 10:05:37.480846       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:38.081607       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:38.681680       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
I0419 10:05:38.920602       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-gitlab-managed-apps" "namespace"="gitlab-managed-apps"
E0419 10:05:39.282220       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:05:39.282260       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:39.881618       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
I0419 10:05:40.689873       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-kubernetes-dashboard" "namespace"="kubernetes-dashboard"
I0419 10:05:41.082681       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:41.082731       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:05:41.682349       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:42.282050       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
I0419 10:05:42.494609       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-databases" "namespace"="databases"
E0419 10:05:42.881348       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:43.481582       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:44.081482       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:05:44.081544       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
I0419 10:05:44.290471       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-argo-events" "namespace"="argo-events"
E0419 10:05:44.681430       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
I0419 10:05:45.884223       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:45.884260       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
I0419 10:05:46.097292       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-argo" "namespace"="argo"
E0419 10:05:46.482682       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:47.081080       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:47.681193       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
I0419 10:05:47.892329       1 reportcontroller.go:325] PolicyReportGenerator/createReportIfNotPresent "msg"="successfully created policyReport"  "name"="polr-ns-cert-manager" "namespace"="cert-manager"
E0419 10:05:48.281706       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:48.882526       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:05:48.882579       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:49.481110       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
I0419 10:05:50.284255       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:50.284289       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:05:50.682830       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:51.080414       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:51.481102       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:51.881409       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:52.281385       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:05:52.281430       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:52.681201       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
I0419 10:05:53.281393       1 monitor.go:227] WebhookMonitor/statusCheck/skipWebhookCheck "msg"="unable to get Kyverno deployment"  "reason"="deployments.apps \"kyverno\" not found"
E0419 10:05:53.281431       1 monitor.go:137] WebhookMonitor "msg"="missing webhooks" "error"="mutatingwebhookconfigurations.admissionregistration.k8s.io \"kyverno-verify-mutating-webhook-cfg\" not found"  
I0419 10:05:53.483177       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:53.483211       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:05:54.082699       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
I0419 10:05:54.284453       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:54.284488       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:05:54.681272       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:54.881579       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:55.280780       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:55.481446       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:55.881369       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:56.081445       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:56.481417       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:05:56.481468       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:56.681702       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:57.083065       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
E0419 10:05:57.280989       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:05:57.281033       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:57.881239       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
E0419 10:05:57.881285       1 monitor.go:139] WebhookMonitor "msg"="failed to register webhooks" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-verify-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-policy-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-policy-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]"  
I0419 10:05:58.282528       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:05:58.282559       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:05:58.682648       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:59.081444       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:59.481638       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:05:59.881186       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:00.281955       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:06:00.282005       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:00.683721       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
I0419 10:06:01.482828       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:06:01.482858       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:06:01.885832       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:02.281179       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:02.681262       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:03.081952       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:03.482750       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:06:03.482798       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:03.882845       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
I0419 10:06:04.682698       1 registration.go:534] Register "msg"="Endpoint ready"  "name"="kyverno-f37b-svc" "ns"="kyverno"
I0419 10:06:04.682731       1 registration.go:296] Register "msg"="deleting all webhook configurations"  
E0419 10:06:05.082587       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:05.481898       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:05.883295       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:06.281849       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:06.683254       1 registration.go:218] Register "msg"="failed to create resource" "error"="ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="ValidatingWebhookConfiguration" "name"="kyverno-resource-validating-webhook-cfg" 
E0419 10:06:06.683297       1 common.go:61] Register "msg"="failed to construct OwnerReference" "error"="deployments.apps \"kyverno\" not found"  
E0419 10:06:07.082433       1 registration.go:192] Register "msg"="failed to create resource mutating webhook configuration" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]" "kind"="MutatingWebhookConfiguration" "name"="kyverno-resource-mutating-webhook-cfg"
E0419 10:06:07.082484       1 main.go:316] setup "msg"="Timeout registering admission control webhooks" "error"="MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-verify-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-policy-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-policy-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],ValidatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-validating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty],MutatingWebhookConfiguration.admissionregistration.k8s.io \"kyverno-resource-mutating-webhook-cfg\" is invalid: [metadata.ownerReferences.apiVersion: Invalid value: \"\": version must not be empty, metadata.ownerReferences.kind: Invalid value: \"\": kind must not be empty, metadata.ownerReferences.name: Invalid value: \"\": name must not be empty, metadata.ownerReferences.uid: Invalid value: \"\": uid must not be empty]"

And then it crashes...
Is it because it waits for some hardcoded deployment name?
@chipzoller
Copy link
Member

It's looking for a name called kyverno which instead looks to be kyverno-f37b-svc.

@realshuting realshuting self-assigned this Apr 19, 2021
@realshuting realshuting added this to the Kyverno Release 1.3.6 milestone Apr 19, 2021
@realshuting
Copy link
Member

Hi @unb9rn - how did you install Kyverno using Helm? Can you share the steps?

@ghost
Copy link
Author

ghost commented Apr 20, 2021

@chipzoller yep, you were right, changing release name kinda solved this problem. Shouldn't it be fixed? Or documented at least? Hardcoding release name is counter-intuitive and required modifying my terraform script with helm =)
Anyway, this workaround helps and now Kyverno runs like a charm!

@ghost
Copy link
Author

ghost commented Apr 20, 2021

@realshuting I am installing everything with terraform helm provider. First I am generating some random string to distinguish installs between projects and teams and make them unique, then I append it to resource name and to release name as well. Looks like Kyverno helm chart just waits for hardocded release name to generate hardocded svc name and then constructs OwnerReference by accesing this service...

@chipzoller
Copy link
Member

Yes, this has been a common pain point for many and needs to be resolved. Kyverno should not look for any hard-coded names in anything.

@realshuting
Copy link
Member

Hi @unb9rn - sorry for the late response.

I append it to resource name and to release name as well.

Can you point me to the exact names that were changed?

We'll have to investigate how can Kyverno takes custom names, as webhook configurations are created with the certificate that has these Subject Alternate Names, including Kyverno service's name, namespace, and resource's name kyverno-svc.(namespace).svc.kyverno-tls-ca, kyverno-svc.kyverno.svc.kyverno-tls-pair.

@realshuting realshuting added the helm Issues dealing with the Helm chart label May 4, 2021
@MarcusNoble MarcusNoble mentioned this issue Jun 24, 2021
Merged
1 task
@realshuting
Copy link
Member

The deployment's name is now configurable after #2066.

Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@realshuting realshuting

Labels
helm Issues dealing with the Helm chart
Projects
None yet
Milestone
Kyverno Release 1.4.2
Development

No branches or pull requests
2 participants
@realshuting @chipzoller