Closed jowko closed 1 year ago
@jowko the error message is caused by RABC rule: https://github.com/IBM/cert-manager-webhook-ibmcis/blob/d0aad3120d150c07e82a0f56bf12e67572b429b1/deploy/cert-manager-webhook-ibmcis/templates/rbac.yaml#L106
what's your k8s version, API Priority and Fairness is enabled by default in Kubernetes 1.20: https://kubernetes.io/docs/concepts/cluster-administration/flow-control/
I installed this on IBM Cloud Kubernetes cluster in version 1.21. I Don't recall that we changed kube settings there, since this cluster is provided by IBM. We just upgraded clusters to kubernetes 1.24 and there logs disappeared.
I have multiple clusters and in one of them I had cert-manager v1.1.0 in one cluster and cert-manager v1.5.3 in other cluster. I also used unofficial version of this plugin: https://github.com/jb-dk/cert-manager-webhook-ibmcis
I removed old plugin, updated cert-manager to v1.7.3 and installed this plugin in all clusters. It looks that issuing new certificates works correctly but in cert-manager-webhook-ibmcis container there are such logs printed regularly:
The same occurs on cert-manager v1.9.1. I do not know if this causes any issues in certificate generation, but I found such thing in cert-manager docs for v1.6 version:
See: https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6 This does not mention v1beta2 but maybe this was removed too or this was not present in cert-manager in the first place? I could not find mention of v1beta2 in official docs.
I think that this should be investigated and removed in this is not needed.