Secret "capi-operator-webhook-service-cert" is not automatically created

[henrypham67]

What steps did you take and what happened: [A clear and concise description on how to REPRODUCE the bug.] I followed the Quick Start Operator and got the secret "capi-operator-webhook-service-cert" not found error from pod of capi-operator-cluster-api-operator deployment

What did you expect to happen: The operator chart should be installed successfully

Environment:

• Cluster-api-operator version: 0.10.1
• Cluster-api version: N/A
• Minikube/KIND version: v0.22.0 go1.20.13 linux/amd64
• Kubernetes version: (use kubectl version): v1.29.2
• OS (e.g. from /etc/os-release): Ubuntu 22.04.4 LTS

/kind bug

[k8s-ci-robot]

This issue is currently awaiting triage.

If CAPI Operator contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[mxmxchere]

Hi @henrypham67 you said that you deployed like it was described in the quickstart guide. I assume that you deployed cert-manager with the capi-operator. Maybe this is a timing issue that you can fix by deploying cert-manager manually upfront (for test) kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml. Then wait for all cert-manager pods to be ready and afterwards deploy the cluster-api-operator chart with helm install capi-operator capi-operator/cluster-api-operator --create-namespace -n capi-operator-system --set infrastructure=docker --set cert-manager.enabled=false --set configSecret.name=${CREDENTIALS_SECRET_NAME} --set configSecret.namespace=${CREDENTIALS_SECRET_NAMESPACE} --wait --timeout 90s The important part here is that i disabled the cert-manager chart with --set cert-manager.enabled=false

[henrypham67]

Hi @mxmxchere thank you for your response, I gave it a try and am still getting the issue https://gist.github.com/henrypham67/b353c5a3c940696428e3d4a4345deb81

[mxmxchere]

okay, the missing secret should be generated by the cert-manager. I think you have to find out what is stuck there. You can start to look for errors by inspecting the cert resource

kubectl describe -n capi-operator-system certificate capi-operator-serving-cert

[henrypham67]

It's weird because I can not find any certificate using the command kubectl get certificate -A

[mxmxchere]

Ok, as far as i can see the cert is defined in the file operator-components.yaml i was not able to find it in the repo, but it is in the release in the helmrepo. Maybe you can try:

helm install capi-operator https://github.com/kubernetes-sigs/cluster-api-operator/releases/download/v0.10.1/cluster-api-operator-0.10.1.tgz --create-namespace -n capi-operator-system --set infrastructure=docker --set cert-manager.enabled=false --set configSecret.name=${CREDENTIALS_SECRET_NAME} --set configSecret.namespace=${CREDENTIALS_SECRET_NAMESPACE} --wait --timeout 90s

[henrypham67]

Thank you for your recommendation, I am now able to install CAPI Operator. I installed the v0.10.0 unintentionally which is the reason it did not work. But I still have to install cert-manager separately

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale