cert-manager deployment - unable to deploy ClusterIssuer because webhooks aren't running

mlbiam commented 6 months ago

When installing cert manager the cluster-selfsigned-issuer ClusterIssuer fails to create because the cert-manager webhooks aren't up yet. Need to wait until the webhooks are ready before creating this object. Here's the logs:

kubernetes:cert-manager.io/v1:ClusterIssuer (cluster-selfsigned-issuer-root):
    error: resource "urn:pulumi:localkargo::kargo::kubernetes:cert-manager.io/v1:ClusterIssuer::cluster-selfsigned-issuer-root" was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-b86abdb0-webhook.cert-manager.svc:443/mutate?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority

  pulumi:pulumi:Stack (kargo-localkargo):
    2024-03-14 14:30:59,136 - INFO - Fetching URL: https://raw.githubusercontent.com/cilium/charts/master/index.yaml
    2024-03-14 14:30:59,775 - INFO - Fetching URL: https://raw.githubusercontent.com/cilium/charts/master/index.yaml
    2024-03-14 14:31:00,813 - INFO - Fetching URL: https://charts.jetstack.io/index.yaml

    error: update failed

usrbinkat commented 6 months ago

Exploring issue on this isolated exercise repository https://github.com/usrbinkat/pulumi-examples-cert-manager

usrbinkat commented 5 months ago

remediated

ContainerCraft / Kargo

cert-manager deployment - unable to deploy ClusterIssuer because webhooks aren't running #29