Closed maylukas closed 2 months ago
We're also seeing issues with the "routing-serving-certs" issuance:
Failed to wait for order resource "routing-serving-certs-1-422265175" to become ready: order is in "errored" state: Failed to create Order: 400 urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Cannot issue for "kn-routing": Domain name needs at least one dot
cc @pierDipi
I think these comments are relevant here https://github.com/knative/pkg/issues/2560#issuecomment-1195840564 and https://github.com/knative/pkg/issues/2560#issuecomment-1195842825, in particular these parts
I'm curious what cert is the webhook presenting and see what's defined in your CA bundle of the configured webhook (ie. ValidatingWebhookConfiguration and MutatingWebhookConfiguration)
and
The typical misconfiguration we see is if the liveness probe timeout of the webhook deployment is too low - it never gets a chance to become the leader and create the certificate. This is because K8s kills the container.
We could solve this issue by increasing the memory limits & requests
Describe the bug Clean installation using the operator fails. The eventing-webhook is in a crash loop.
Logs of the eventing webhook:
Knative Eventing Resource
Expected behavior Installation of Knative Eventing should be successful
To Reproduce Installation of cert-manager (1.14.5) Installation of trust-manager (0.7.1) Installation of istio (1.21.2) Installation of Knative operator (1.14.0) Installation of Knative Serving (1.14.0) Installation of Knative Eventing (1.14.0)
Knative release version 1.14.0
Additional context Add any other context about the problem here such as proposed priority