search

admiraltyio / admiralty

A system of Kubernetes controllers that intelligently schedules workloads across clusters.
https://admiralty.io
Apache License 2.0
673 stars 87 forks source link

docs/quickstart: cert-manager webhook CrashLoopBackOff on Apple M1 #170

Closed nicksome168 closed 10 months ago

nicksome168 commented 1 year ago

Scenario

helm repo add admiralty https://charts.admiralty.io
helm repo update

for CLUSTER_NAME in cd us eu
do
  helm install admiralty admiralty/multicluster-scheduler \
    --kube-context kind-$CLUSTER_NAME \
    --namespace admiralty --create-namespace \
    --version 0.15.1 \
    --wait --debug
  # --wait to ensure release is ready before next steps
  # --debug to show progress, for lack of a better way,
  # as this may take a few minutes
done

I further inspected the pods in cert-manager namespace, and it says the webhook pod is getting CrashLoopBackOff.

NAME                                           READY   STATUS             RESTARTS         AGE
pod/cert-manager-6d6769565c-ffsd6              1/1     Running            22 (3m13s ago)   22h
pod/cert-manager-cainjector-744bb89575-fvs9c   1/1     Running            10               22h
pod/cert-manager-webhook-759d6dcbf7-kpdfz      0/1     CrashLoopBackOff   78 (106s ago)    22h

The errors from the logs of the pod

kubectl -n cert-manager logs cert-manager-webhook-759d6dcbf7-kpdfz                                                          [08:19]
I0613 15:18:39.933153       1 feature_gate.go:249] feature gates: &{map[]}
W0613 15:18:39.948695       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0613 15:18:48.914128       1 webhook.go:129] cert-manager "msg"="using dynamic certificate generating using CA stored in Secret resource" "secret_name"="cert-manager-webhook-ca" "secret_namespace"="cert-manager"
I0613 15:18:49.270537       1 server.go:133] cert-manager/webhook "msg"="listening for insecure healthz connections" "address"=":6080"
I0613 15:18:49.281633       1 server.go:197] cert-manager/webhook "msg"="listening for secure connections" "address"=":10250"
I0613 15:18:53.212245       1 server.go:340] cert-manager/webhook "msg"="Health check failed as CertificateSource is unhealthy"
E0613 15:18:53.470520       1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
E0613 15:18:54.502654       1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
E0613 15:18:55.395037       1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
I0613 15:18:56.589091       1 server.go:340] cert-manager/webhook "msg"="Health check failed as CertificateSource is unhealthy"
E0613 15:18:56.696951       1 dynamic_source.go:85] cert-manager/webhook "msg"="Failed to generate initial serving certificate, retrying..." "error"="failed verifying CA keypair: tls: failed to find any PEM data in certificate input" "interval"=1000000000
I0613 15:18:58.558021       1 dynamic_source.go:266] cert-manager/webhook "msg"="Updated cert-manager webhook TLS certificate" "DNSNames"=["cert-manager-webhook","cert-manager-webhook.cert-manager","cert-manager-webhook.cert-manager.svc"]

I did properly cleanup the cluster, so shouldnt be simlar to this cert-manager issue? Wonder what issue would be here. Thank you.

adrienjt commented 10 months ago

I tested 0.16 on M1 without any issue. Closing this.