When I tried to install Admiralty in each cluster, I got context deadline exceeded errors from the cert-manager. The exact installation step:
helm repo add admiralty https://charts.admiralty.io
helm repo update
for CLUSTER_NAME in cd us eu
do
helm install admiralty admiralty/multicluster-scheduler \
--kube-context kind-$CLUSTER_NAME \
--namespace admiralty --create-namespace \
--version 0.15.1 \
--wait --debug
# --wait to ensure release is ready before next steps
# --debug to show progress, for lack of a better way,
# as this may take a few minutes
done
I further inspected the pods in cert-manager namespace, and it says the webhook pod is getting CrashLoopBackOff.
NAME READY STATUS RESTARTS AGE
pod/cert-manager-6d6769565c-ffsd6 1/1 Running 22 (3m13s ago) 22h
pod/cert-manager-cainjector-744bb89575-fvs9c 1/1 Running 10 22h
pod/cert-manager-webhook-759d6dcbf7-kpdfz 0/1 CrashLoopBackOff 78 (106s ago) 22h
The errors from the logs of the pod
kubectl -n cert-manager logs cert-manager-webhook-759d6dcbf7-kpdfz [08:19]
I0613 15:18:39.933153 1 feature_gate.go:249] feature gates: &{map[]}
W0613 15:18:39.948695 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0613 15:18:48.914128 1 webhook.go:129] cert-manager "msg"="using dynamic certificate generating using CA stored in Secret resource" "secret_name"="cert-manager-webhook-ca" "secret_namespace"="cert-manager"
I0613 15:18:49.270537 1 server.go:133] cert-manager/webhook "msg"="listening for insecure healthz connections" "address"=":6080"
I0613 15:18:49.281633 1 server.go:197] cert-manager/webhook "msg"="listening for secure connections" "address"=":10250"
I0613 15:18:53.212245 1 server.go:340] cert-manager/webhook "msg"="Health check failed as CertificateSource is unhealthy"
E0613 15:18:53.470520 1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
E0613 15:18:54.502654 1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
E0613 15:18:55.395037 1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
I0613 15:18:56.589091 1 server.go:340] cert-manager/webhook "msg"="Health check failed as CertificateSource is unhealthy"
E0613 15:18:56.696951 1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
I0613 15:18:58.558021 1 dynamic_source.go:266] cert-manager/webhook "msg"="Updated cert-manager webhook TLS certificate" "DNSNames"=["cert-manager-webhook","cert-manager-webhook.cert-manager","cert-manager-webhook.cert-manager.svc"]
I did properly cleanup the cluster, so shouldnt be simlar to this cert-manager issue? Wonder what issue would be here. Thank you.
Scenario
Problem Description
When I tried to install Admiralty in each cluster, I got context deadline exceeded errors from the cert-manager. The exact installation step:
I further inspected the pods in cert-manager namespace, and it says the webhook pod is getting CrashLoopBackOff.
The errors from the logs of the pod
I did properly cleanup the cluster, so shouldnt be simlar to this cert-manager issue? Wonder what issue would be here. Thank you.