certmanager seems to be broke somehow

[tibers]

Describe the bug

Error: UPGRADE FAILED: Internal error occurred: failed calling admission webhook "issuers.admission.certmanager.k8s.io": the server is currently unable to handle the request

To Reproduce

tk8 cluster install aws
tk8 addon install rancher

Expected behavior

Rancher should Just Work.

Additional Information

I don't even understand how cert-manager is in play here since it's not in the main.yaml.

A quick google implies to me that the cert-manager CRDs might have to be installed first which is absent from the main.yaml but I'm not sure if this is a rancher problem or a tk8 problem: https://github.com/jetstack/cert-manager/issues/1149

[arashkaffamanesh]

Just tried on one bare-metal rancher kubernetes engine and another k8s cluster running on OpenStack, it works. I had to run tk8 addon install rancher twice. As you mentioned we don't have cert-manager in the main.yaml. But cert-manager was already installed on the clusters.

Another way is to use helm to install cert-manager first and then Rancher on any K8s cluster:

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm install stable/cert-manager   --name cert-manager   --namespace kube-system
kubectl -n kube-system rollout status deploy/cert-manager

helm install rancher-stable/rancher \ 
--name rancher \  
--namespace cattle-system \  
--set hostname=rancher.kubernauts.io \  
--set ingress.tls.source=letsEncrypt \  
--set letsEncrypt.email=xyz@kubernauts.io

[arashkaffamanesh]

If using the tk8 addon for rancher, tk8 shall take care about installing cert-manager in advance!

[tibers]

I trashed my cluster and I can't reproduce this so.... good? :\

[arashkaffamanesh]

Ok, we create a new issue to have cert-manager support out of the box, not only for rancher.