Cluster linter messages point to missing docs section

[liarco]

I have a cluster with two helm charts on it (almost default values):

1. ingress-nginx/ingress-nginx
2. jetstack/cert-manager

The cluster linter from the dashboard is pointing out some problems for future upgrades (I know there are duplicates but but this is the exact output that I'm getting):

• Validating webhook is configured in such a way that it may be problematic during upgrades. validating webhook configuration: nginx-ingress-ingress-nginx-admission
• Validating webhook is configured in such a way that it may be problematic during upgrades. validating webhook configuration: nginx-ingress-ingress-nginx-admission
• Mutating webhook is configured in such a way that it may be problematic during upgrades. mutating webhook configuration: cert-manager-webhook
• Validating webhook with a TimeoutSeconds value greater than 29 seconds will block upgrades. validating webhook configuration: nginx-ingress-ingress-nginx-admission
• Mutating webhook with a TimeoutSeconds value greater than 29 seconds will block upgrades. mutating webhook configuration: cert-manager-webhook

All links point to missing anchors inside the target page and I can't find much online about the given messages (I even checked the TimeoutSeconds values of my resources but it seems to be set to 1).

Do you have any suggestion?

Thank you for your time.

[timoreimann]

@varshavaradarajan

[liarco]

Maybe related to #100?

[varshavaradarajan]

@liarco - the duplicate values for the objects nginx-ingress-ingress-nginx-admission is due to #90 . On DOKS, we are still on v0.2.2 and that's why you're seeing it. We're updating to v0.2.3 which contains the fix.

In the meantime I suggest you run the latest version of clusterlint cli with your kubeconfig and then, fix your configs. Sorry about the oncovenience. As for the docs, please take a look at https://github.com/digitalocean/clusterlint/blob/master/checks.md to find more about admission-controller-webhook-replacement and admission-controller-webhook-timeout checks. Thanks for pointing out the missing docs. We will look into it.

[varshavaradarajan]

@liarco - about the cert-manager webhook being related to #100 - That fix hasn't made into DOKS yet also. Please run the latest version of clusterlint on your own and let us know if you still have issues. In the meantime, we will vendor to latest clusterlint on DOKS.

[liarco]

Hi @varshavaradarajan, thank you for your feedback.

I run both master and v0.2.4 and got the following errors:

[error] /validating webhook configuration/cert-manager-webhook: Validating webhook with a TimeoutSeconds value greater than 29 seconds will block upgrades.
[error] /mutating webhook configuration/cert-manager-webhook: Mutating webhook with a TimeoutSeconds value greater than 29 seconds will block upgrades.

Looking at the cert-manager chart repo I found this commit: https://github.com/jetstack/cert-manager/commit/5aa87267ab57728f22558bd6c1c0154af3b0ed99

It hasn't been released yet but the commit message says:

... The default values from Kubernetes are, however, too large. For admissionregistration.k8s.io/v1 the default value is 10 seconds while for admissionregistration.k8s.io/v1beta1 is 30 seconds! ...

So I guess that since I installed my chart some time ago, the old default value was used and now it is kept even if I run helm upgrade ... (probably because the custom timeoutSeconds feature is not released yet).

I decided to uninstall the chart and install it again and now my cert-manager-webhook has a timeoutSeconds value of 10 so it passes the checks.

Thank you for your support.