cert-manager-webhook-ovh fails with k8s 1.22

baarde / cert-manager-webhook-ovh

OVH Webhook for Cert Manager

Apache License 2.0

93 stars 62 forks source link

cert-manager-webhook-ovh fails with k8s 1.22 #11

Closed SukramJ closed 2 years ago

SukramJ commented 3 years ago

Hi,

after migrating to microk8s 1.22.0 cert-manager-webhook-ovh fails and the container is crash looping:

E0829 09:03:06.143077       1 webhook.go:196] Failed to make webhook authorizer request: the server could not find the requested resource
E0829 09:03:06.143182       1 errors.go:77] the server could not find the requested resource
E0829 09:03:06.150878       1 webhook.go:196] Failed to make webhook authorizer request: the server could not find the requested resource
E0829 09:03:06.150949       1 errors.go:77] the server could not find the requested resource

I already updated cert-manager to version 1.53 to be compatible with k8s 1.22, but that didn't fix the issue.

I had no issue with k8s < 1.22.

BR Markus

krumka commented 2 years ago

Hi !

I have the same problem, could you find a solution ? Can someone post a fix ?

SukramJ commented 2 years ago

I don't have a solution.

Dr-Shadow commented 2 years ago

You're probably missing something like in this PR

https://github.com/baarde/cert-manager-webhook-ovh/pull/12

Maybe the rbac permissions are missing ?

https://github.com/baarde/cert-manager-webhook-ovh/pull/12/files#diff-3275b8f917438cc1129c11d7ffbcbb96d59b0d779ec88e2beea05e923eacbdb1

SukramJ commented 2 years ago

I already saw your PR and cloned your git repo locally. After installing it by helm the pod is still crash looping. git clone https://github.com/Dr-Shadow/cert-manager-webhook-ovh cd cert-manager-webhook-ovh microk8s.helm3 upgrade --install acme-ovh ./deploy/cert-manager-webhook-ovh --set groupName='acme.xxx.de' -n cert-manager --set certManager.namespace="cert-manager"

rbac permissions are set.

Dr-Shadow commented 2 years ago

Probably because you didn't build your own image (check image.repository to set your own repository+image url which could be either public or private).

My own build of cert-manager-webhook-ovh image isn't available in a public repository (I'm in an air-gapped environment) and I should not override the current repository provided by @baarde in my PR.

I set my custom values through a values.yaml

helm install -f values.yaml [...]

Do not forget to tag the built image when you push it on an image repository.

I can build one and host it in a public repository if you really need it, let me know about it.

SukramJ commented 2 years ago

That's it. I forgot to build the image.

Thanks a lot.

krumka commented 2 years ago

Yup, I successfully launched it too ! Thanks for the PR !

baarde commented 2 years ago

Hello. I'm glad the issue has been solved. Thanks @Dr-Shadow for the PR.

I've pushed a new image and updated the chart.