search

gardener-attic / landscape-setup2

[DEPRECATED] Scripts for setting up a Gardener landscape
https://github.com/gardener/garden-setup
Other
12 stars 8 forks source link

certmanager deployment doesn't work #12

Closed Diaphteiros closed 6 years ago

Diaphteiros commented 6 years ago

Currently, the deployment of the certmanager doesn't work. It will run without errors, but it leaves the gardener without or with invalid certificates. The dashboard becomes inaccessible.

A temporary workaround would be to skip the deployment of the certmanager - it's optional. Everything works with the self-signed certificates.

Diaphteiros commented 6 years ago

The gardener will actually get valid certificates, and it's not (only) the dashboard that makes problems afterwards. This issue seems to be connected to some session affinity settings that can cause a deadlock in the kube-controller-managers, see https://github.com/kubernetes/kubernetes/commit/f2405cf2942739996af2bb76347c2cb0641153aa

Until the mentioned commit is included in a Kubernetes release, the following workaround can be used:

After the cluster has been started, run kubectl edit svc kubernetes. Delete the following lines:

  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800

Kubernetes will automatically add sessionAffinity: None if you remove these lines. After that, installing the certmanager should work as intended.