New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[kube-prometheus-stack] Prometheus Operator pod cannot come up when admission hook is disabled #1438
Comments
i am also encountering this when trying to deploy Prometheus-operator This is due to Prometheus-operator's deployment referencing the secret ( helm-charts/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml Line 125 in 0a55b73
A workaround (or maybe intended behaviour?) will be to set
This will prevent helm from generating the helm-charts/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml Line 116 in 0a55b73
However, this revealed another set of issues.
Workaround is to create rolebinding and role with permission matching what's stated here https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml.
Similar to above, workaround is to create role & rolebinding separately using this as reference https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml Question to maintainers:
I can help create a PR to fix this. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
+1 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
+1 |
Works for me. |
@monotek do you have the |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
Same issue with prometheusOperator:
enabled: true
admissionWebhooks:
enabled: false While looking at the code it seems conceptually wrong that the Workaround 1: Disable TLS (traffic to operator is now unencrypted?): tls:
enabled: false Workaround 2: Enable the generation of admission webhooks certificates with cert-manager despite it being disabled (generated by certmanager.yaml#L42): admissionWebhooks:
enabled: false
certManager:
enabled: true Workaround 3: Manually create the needed TLS secrets/certificates. |
+1 |
@gw0 thanks for recommending option 2, that seems to work for |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
recent activity |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
More recent activity |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
Even more recent activity |
@monotek can you or anyone take a look? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
Hello there |
I'm facing the same issue. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
remove stale |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
/remove-lifecycle stale |
This issue is being automatically closed due to inactivity. |
Re-opened as #2742 since it was closed by the bot. |
Describe the bug a clear and concise description of what the bug is.
Prometheus Operator pod cannot come up with a missing admission hook secret error if admission hook is disabled.
What's your helm version?
v3.7.0
What's your kubectl version?
v1.22.2
Which chart?
kube-prometheus-stack
What's the chart version?
19.0.2
What happened?
The operator pod cannot come up, with the following error message:
MountVolume.SetUp failed for volume "tls-secret" : secret "prometheus-kube-prometheus-admission" not found
. This message is displayed because admission hook is disabled and the secret is not present.What you expected to happen?
I expect the operator to come up.
How to reproduce it?
Install the chart with the values below
Enter the changed values of values.yaml?
Enter the command that you execute and failing/misfunctioning.
helm install prometheus prometheus-community/kube-prometheus-stack -n monitoring -f prometheus-values.yaml
Anything else we need to know?
No response
The text was updated successfully, but these errors were encountered: