Blog RSS Twitter Google+ Source

cert-manager failing to start

Feb 17, 2019 • admin • Category: Coreos Cert-manager

Whilst verifying cert-manager I was finding it was crashing.

kubectl get pods -n cert-manager

returns

NAME                                    READY     STATUS             RESTARTS   AGE
cert-manager-688b97b9f4-jdlkf           1/1       Running            0          41m
cert-manager-webhook-859cfcbc57-z4tcf   0/1       CrashLoopBackOff   12         41m
cert-manager-webhook-ca-sync-rnhhp      0/1
kubectl log cert-manager-webhook-859cfcbc57-z4tcf -n cert-manager

returns

Error: cluster doesn't provide requestheader-client-ca-file
Usage:
   [flags]

Flags:

   :

F0216 20:41:33.345307       1 cmd.go:42] cluster doesn't provide requestheader-client-ca-file

resolved by adding

    - --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
    - --requestheader-allowed-names=aggregator
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User

to /etc/kubernetes/manifests/kube-apiserver.yml

kubectl get pods -n cert-manager

now returns (after deleteing the pod)

NAME                                    READY     STATUS        RESTARTS   AGE
cert-manager-688b97b9f4-jdlkf           1/1       Running       0          1h
cert-manager-webhook-859cfcbc57-sjrdz   1/1       Running       0          9s
cert-manager-webhook-859cfcbc57-z4tcf   0/1       Terminating   16         1h
cert-manager-webhook-ca-sync-rnhhp      0/1       Completed     0          1h

Not sure what consequences this has, but so far no further issues with my Kubernetes instance

Avatar

Assembled by Nicholas Irving

CTO and founder at DarkEdges
Loading Google+ Comments ...