集群信息:
Kubernetes版本:v1.24.7+k3s1
安装方法:Rancher 2.7
主机操作系统:RHEL8
我尝试了什么:
使用 kubectl 重新部署 cert-manager;
我试图调试问题并找到了官方的证书管理器指南:https://cert-manager.io/v1.2-docs/installation/kubernetes/#verifying-the-installation。遇到同样的错误:
Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded
描述:
我已经使用 Rancher 部署了一个 K3S 集群,并在其之上使用 yaml 文件安装了 cert-manager v1.11.0。在该文件中,我已将“图像”值从默认值更改为神器中的远程存储库。所有 Pod 都在运行,但是当我安装 Helm Chart 或部署某些内容时,我收到此错误消息:
Error: Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded )
此外,cert-manager-webhook pod 正在记录一些错误:
Trace[1068908304]: [30.003276269s] [30.003276269s] ENDE0314 15:02:02.236947 1 reflector.go:140] k8s.io/[email protected]/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: Get "https://10.43.0.1:443/api/v1/namespaces/cert-manager/secrets?fieldSelector=metadata.name%3Dcert-manager-webhook-ca&resourceVersion=360915": dial tcp 10.43.0.1:443: i/o timeout
W0314 15:03:28.953687 1 reflector.go:424] k8s.io/[email protected]/tools/cache/reflector.go:169: failed to list *v1.Secret: Get "https://10.43.0.1:443/api/v1/namespaces/cert-manager/secrets?fieldSelector=metadata.name%3Dcert-manager-webhook-ca&resourceVersion=360915": dial tcp 10.43.0.1:443: i/o timeout
I0314 15:03:28.953816 1 trace.go:219] Trace[516939538]: "Reflector ListAndWatch" name:k8s.io/[email protected]/tools/cache/reflector.go:169 (14-Mar-2023 15:02:58.949) (total time: 30004ms):Trace[516939538]: ---"Objects listed" error:Get "https://10.43.0.1:443/api/v1/namespaces/cert-manager/secrets?fieldSelector=metadata.name%3Dcert-manager-webhook-ca&resourceVersion=360915": dial tcp 10.43.0.1:443: i/o timeout 30004ms
(15:03:28.953)Trace[516939538]: [30.004226263s] [30.004226263s] ENDE0314 15:03:28.953837 1 reflector.go:140] k8s.io/[email protected]/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: Get "https://10.43.0.1:443/api/v1/namespaces/cert-manager/secrets?fieldSelector=metadata.name%3Dcert-manager-webhook-ca&resourceVersion=360915": dial tcp 10.43.0.1:443: i/o timeout
W0314 15:04:44.919380 1 reflector.go:424] k8s.io/[email protected]/tools/cache/reflector.go:169: failed to list *v1.Secret: Get "https://10.43.0.1:443/api/v1/namespaces/cert-manager/secrets?fieldSelector=metadata.name%3Dcert-manager-webhook-ca&resourceVersion=360915": dial tcp 10.43.0.1:443: i/o timeout
I0314 15:04:44.919458 1 trace.go:219] Trace[430405071]: "Reflector ListAndWatch" name:k8s.io/[email protected]/tools/cache/reflector.go:169 (14-Mar-2023 15:04:14.918) (total time: 30000ms):Trace[430405071]: ---"Objects listed" error:Get "https://10.43.0.1:443/api/v1/namespaces/cert-manager/secrets?fieldSelector=metadata.name%3Dcert-manager-webhook-ca&resourceVersion=360915": dial tcp 10.43.0.1:443: i/o timeout 30000ms (15:04:44.919)Trace[430405071]: [30.000964846s] [30.000964846s] ENDE0314 15:04:44.919472 1 reflector.go:140] k8s.io/[email protected]/tools/cache/reflector.go:169: Failed to watch *v1.Secret: failed to list *v1.Secret: Get "https://10.43.0.1:443/api/v1/namespaces/cert-manager/secrets?fieldSelector=metadata.name%3Dcert-manager-webhook-ca&resourceVersion=360915": dial tcp 10.43.0.1:443: i/o timeout
以下是我使用 helm 部署的 actions-runner-controller pod 中的一些日志:
Warning FailedMount 17m kubelet Unable to attach or mount volumes: unmounted volumes=[cert], unattached volumes=[kube-api-access-v48zj secret tmp cert]: timed out waiting for the condition
Warning FailedMount 8m32s kubelet Unable to attach or mount volumes: unmounted volumes=[cert], unattached volumes=[tmp cert kube-api-access-v48zj secret]: timed out waiting for the condition
Warning FailedMount 6m18s (x5 over 19m) kubelet Unable to attach or mount volumes: unmounted volumes=[cert], unattached volumes=[secret tmp cert kube-api-access-v48zj]: timed out waiting for the condition
Warning FailedMount 103s (x2 over 4m1s) kubelet Unable to attach or mount volumes: unmounted volumes=[cert], unattached volumes=[cert kube-api-access-v48zj secret tmp]: timed out waiting for the condition
Warning FailedMount 86s (x18 over 21m) kubelet MountVolume.SetUp failed for volume "cert" : secret "actions-runner-controller-serving-cert" not found
我已经在本地电脑上测试了 minikube 中的所有内容,并且工作正常。然而,值得一提的是,K3S 集群是在隔离环境中运行的,但情况可能不应该如此。
提前致谢,
我也有同样的问题,请问你找到解决办法了吗??????