Verifying Install: "failed calling admission webhook" (Azure, GKE private cluster) #1425
Description
Describe the bug:
Upon re-installing cert-manager and trying to verify the install, the admission api is failing with the following description:
kubectl describe APIService v1beta1.admission.certmanager.k8s.io
Name: v1beta1.admission.certmanager.k8s.io
Namespace:
Labels: app=webhook
chart=webhook-v0.6.4
heritage=Tiller
release=cert-manager
Annotations: <none>
API Version: apiregistration.k8s.io/v1
Kind: APIService
Metadata:
Creation Timestamp: 2019-03-01T10:08:13Z
Resource Version: 13956808
Self Link: /apis/apiregistration.k8s.io/v1/apiservices/v1beta1.admission.certmanager.k8s.io
UID: ecc47923-3c09-11e9-bae6-6e4899a3d5f0
Spec:
Ca Bundle: LS0tLS1<removed for brevity>LS0tCg==
Group: admission.certmanager.k8s.io
Group Priority Minimum: 1000
Service:
Name: cert-manager-webhook
Namespace: cert-manager
Version: v1beta1
Version Priority: 15
Status:
Conditions:
Last Transition Time: 2019-03-01T10:08:13Z
Message: no response from https://10.0.233.160:443: Get https://10.0.233.160:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Reason: FailedDiscoveryCheck
Status: False
Type: Available
Events: <none>
This manifests when trying to apply the test-resources.yaml for verifying the install, with the following output:
kubectl apply -f test-resources.yaml
namespace "cert-manager-test" created
Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling admission webhook "issuers.admission.certmanager.k8s.io": the server is currently unable to handle the request
Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling admission webhook "certificates.admission.certmanager.k8s.io": the server is currently unable to handle the request
Expected behaviour:
Test Resources should be created successfully with no errors.
Steps to reproduce the bug:
Note: I have removed all other items from my cluster and following the install of the CRD's, created the name space, labelled the name space, then tried the install via helm using the following commands:
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/v0.6.2/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
helm install --name cert-manager --namespace cert-manager --version v0.6.6 stable/cert-manager
Anything else we need to know?:
I have previously installed cert-manager successfully on this cluster. I was then trying to get the nginx-ingress working but got into a bit of a mess. So I deleted all resources created (via helm), and tidied up any orphaned objects - so I could start from scratch again. However, I'm now running into this issue.
The only similar issue I've seen is this helm/charts#10869. But I'm unsure what the resolution to this is.
All other objects appear to have been created and started successfully. I haven't been able to see any other error messages having gone through the logs for the different pods.
Environment details::
- Kubernetes version (e.g. v1.10.2): v1.11.3
- Cloud-provider/provisioner (e.g. GKE, kops AWS, etc): Azure
- cert-manager version (e.g. v0.4.0): 0.6.6
- Install method (e.g. helm or static manifests): Helm
/kind bug