Closed liarco closed 3 years ago
@varshavaradarajan
Maybe related to #100?
@liarco - the duplicate values for the objects nginx-ingress-ingress-nginx-admission
is due to #90 . On DOKS, we are still on v0.2.2 and that's why you're seeing it. We're updating to v0.2.3 which contains the fix.
In the meantime I suggest you run the latest version of clusterlint cli with your kubeconfig and then, fix your configs. Sorry about the oncovenience. As for the docs, please take a look at https://github.com/digitalocean/clusterlint/blob/master/checks.md to find more about admission-controller-webhook-replacement
and admission-controller-webhook-timeout
checks. Thanks for pointing out the missing docs. We will look into it.
@liarco - about the cert-manager webhook being related to #100 - That fix hasn't made into DOKS yet also. Please run the latest version of clusterlint on your own and let us know if you still have issues. In the meantime, we will vendor to latest clusterlint on DOKS.
Hi @varshavaradarajan, thank you for your feedback.
I run both master
and v0.2.4
and got the following errors:
[error] /validating webhook configuration/cert-manager-webhook: Validating webhook with a TimeoutSeconds value greater than 29 seconds will block upgrades.
[error] /mutating webhook configuration/cert-manager-webhook: Mutating webhook with a TimeoutSeconds value greater than 29 seconds will block upgrades.
Looking at the cert-manager
chart repo I found this commit: https://github.com/jetstack/cert-manager/commit/5aa87267ab57728f22558bd6c1c0154af3b0ed99
It hasn't been released yet but the commit message says:
... The default values from Kubernetes are, however, too large. For
admissionregistration.k8s.io/v1
the default value is 10 seconds while foradmissionregistration.k8s.io/v1beta1
is 30 seconds! ...
So I guess that since I installed my chart some time ago, the old default value was used and now it is kept even if I run helm upgrade ...
(probably because the custom timeoutSeconds
feature is not released yet).
I decided to uninstall the chart and install it again and now my cert-manager-webhook
has a timeoutSeconds
value of 10
so it passes the checks.
Thank you for your support.
I have a cluster with two helm charts on it (almost default values):
The cluster linter from the dashboard is pointing out some problems for future upgrades (I know there are duplicates but but this is the exact output that I'm getting):
validating webhook configuration: nginx-ingress-ingress-nginx-admission
validating webhook configuration: nginx-ingress-ingress-nginx-admission
mutating webhook configuration: cert-manager-webhook
validating webhook configuration: nginx-ingress-ingress-nginx-admission
mutating webhook configuration: cert-manager-webhook
All links point to missing anchors inside the target page and I can't find much online about the given messages (I even checked the
TimeoutSeconds
values of my resources but it seems to be set to1
).Do you have any suggestion?
Thank you for your time.