Sourcecert-manager failing to start
Whilst verifying cert-manager I was finding it was crashing.
kubectl get pods -n cert-manager
returns
NAME READY STATUS RESTARTS AGE
cert-manager-688b97b9f4-jdlkf 1/1 Running 0 41m
cert-manager-webhook-859cfcbc57-z4tcf 0/1 CrashLoopBackOff 12 41m
cert-manager-webhook-ca-sync-rnhhp 0/1
kubectl log cert-manager-webhook-859cfcbc57-z4tcf -n cert-manager
returns
Error: cluster doesn't provide requestheader-client-ca-file
Usage:
[flags]
Flags:
:
F0216 20:41:33.345307 1 cmd.go:42] cluster doesn't provide requestheader-client-ca-file
resolved by adding
- --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
- --requestheader-allowed-names=aggregator
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
to /etc/kubernetes/manifests/kube-apiserver.yml
kubectl get pods -n cert-manager
now returns (after deleteing the pod)
NAME READY STATUS RESTARTS AGE
cert-manager-688b97b9f4-jdlkf 1/1 Running 0 1h
cert-manager-webhook-859cfcbc57-sjrdz 1/1 Running 0 9s
cert-manager-webhook-859cfcbc57-z4tcf 0/1 Terminating 16 1h
cert-manager-webhook-ca-sync-rnhhp 0/1 Completed 0 1h
Not sure what consequences this has, but so far no further issues with my Kubernetes instance
