search

improbable-eng / etcd-cluster-operator

A controller to deploy and manage etcd clusters inside of Kubernetes
MIT License
128 stars 35 forks source link

Create Etcd cluster failed due to X509 error #119

Closed jie-bao closed 4 years ago

jie-bao commented 4 years ago

Versions of relevant software used etcd-cluster-operator: v0.1.0 kubernetes version: v1.13.10 cert-manager: v0.9.0

What happened Deploy etcd-cluster failed due to X509 error

kubectl apply -f config/samples/etcd_v1alpha1_etcdcluster.yaml Error from server (InternalError): error when creating "config/samples/etcd_v1alpha1_etcdcluster.yaml": Internal error occurred: failed calling webhook "default.etcdclusters.etcd.improbable.io": Post https://eco-webhook-service.eco-system.svc:443/mutate-etcd-improbable-io-v1alpha1-etcdcluster?timeout=30s: x509: certificate signed by unknown authority

What you expected to happen etcd-cluster successfully deployed

How to reproduce it (as minimally and precisely as possible):

  1. deploy etcd-cluster-operator through below yaml
  2. deploy etcd-cluster in config/samples/etcd_v1alpha1_etcdcluster.yaml

Full logs to relevant components Etcd-operator deploy yaml: deploy.yaml.txt

Anything else we need to know

wallrj commented 4 years ago

@jie-bao Please check that the cert-manager ca-injector is running and if it is running, check that it has updated the {Mutating,Validating}WebhookConfiguration.webhooks[].clientConfig.caBundle field.

See:

Find me on Slack if you want to discuss further.

jie-bao commented 4 years ago

We don't deploy cert-manager-cainjector in our environment. So I diabled webhook so far. Will close this issue.