deployment/install.sh failed

yanruogu commented 5 years ago

environment： os： centos 7.4 kubernetes: 1.11.2

lxcfs-daemonset.yaml can be executed normally

However, when I perform a deploy/install.sh installation：

[root@ctnr.a254-34-98.prod.ali-bj-e ~/lxcfs-admission-webhook]deployment/install.sh
creating certs in tmpdir /tmp/tmp.Fp7lKhMGHo 
Generating RSA private key, 2048 bit long modulus
................................................+++
........+++
e is 65537 (0x10001)
certificatesigningrequest.certificates.k8s.io/lxcfs-admission-webhook-svc.default created
NAME                                  AGE       REQUESTOR          CONDITION
lxcfs-admission-webhook-svc.default   0s        kubernetes-admin   Pending
certificatesigningrequest.certificates.k8s.io/lxcfs-admission-webhook-svc.default approved
secret/lxcfs-admission-webhook-certs created
NAME                            TYPE      DATA      AGE
lxcfs-admission-webhook-certs   Opaque    2         0s
deployment.apps/lxcfs-admission-webhook-deployment created
service/lxcfs-admission-webhook-svc created
error: error validating "deployment/mutatingwebhook-ca-bundle.yaml": error validating data: ValidationError(MutatingWebhookConfiguration.webhooks[0].clientConfig.caBundle): invalid type for io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig.caBundle: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false

help

xigang commented 5 years ago

@yanruogu https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/

Prerequisites

Ensure that the Kubernetes cluster is at least as new as v1.16 (to use admissionregistration.k8s.io/v1), or v1.9 (to use admissionregistration.k8s.io/v1beta1).
Ensure that MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers are enabled. Here is a recommended set of admission controllers to enable in general.
Ensure that the admissionregistration.k8s.io/v1 or admissionregistration.k8s.io/v1beta1 API is enabled.

zijiwork commented 4 years ago

你好， kube-apiserver已经开启了MutatingAdmissionWebhook,ValidatingAdmissionWebhook 也是提示这个错误 error: error validating "mutatingwebhook-ca-bundle.yaml": error validating data: ValidationError(MutatingWebhookConfiguration.webhooks[0].clientConfig.caBundle): invalid type for io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig.caBundle: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false

fjibj commented 2 years ago

replace deployment/webhook-patch-ca-bundle.sh: export CA_BUNDLE=$(kubectl config view --raw -o json | jq -r '.clusters[] | select(.name == "'$(kubectl config current-context)'") | .cluster."certificate-authority-data"')

denverdino / lxcfs-admission-webhook

deployment/install.sh failed #3