stackoom
  简体   繁体   中英

ApiVersions missing in updated Cert-manager. Cert-manager Conversion webhook for cert-manager.io/v1alpha2, Kind=ClusterIssuer failed

 原文  2022-10-04 08:19:04       kubernetes/ webhooks/ cert-manager

Question

When I am trying to get cluster issuers in my k8s cluster, I am receiving this error message. Can someone help me troubleshoot this?

kubectl get cluster issuers 

Output: Error from server: conversion webhook for cert-manager.io/v1alpha2, Kind=ClusterIssuer failed: an error on the server ("") has prevented the request from succeeding

Here's my clusterissuer.yml file:

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-dev-certificate
  namespace: cert-manager
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: my.email@org.co
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-dev-certificate
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

Here's the kube.netes version:

kubectl version --short

Output: Client Version: v1.23.1
        Server Version: v1.22.12-gke.2300

1 answers

solution1
 0  2022-10-10 05:29:12

Initially, I thought the problem was when I was trying to get ClusterIssuer or Certificates in Cert-Manager. But later after more troubleshooting, I found that after Cert-Manager 1.5.5, we cannot directly update to Cert-Manager 1.9.1 since some CRD resource gets missed out in between hence causing issue in getting resources like Certificates, ClusterIssuer which are defined as CRDs in Cert-Manager package.

Solution: I downgraded my cert-manager back to 1.5.5 then followed the steps from Cert-Manager's blog on making CRDs ready for Cert-Manager update. Then, updated Cert-Manager back to 1.9.1. And everything was working fine. Here're the steps that I followed:

  1. Downgrade back to Cert-Manager 1.5.5:
     kaf https://github.com/cert-manager/cert-manager/releases/download/v1.5.5/cert-manager.yaml
  1. Install cmctl for cert-manager:
    curl -sSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cmctl-linux-amd64.tar.gz
    tar xzf cmctl.tar.gz
    mv cmctl /usr/local/bin
    cmctl upgrade --help
  1. Upgrade api-versions before cert-manager updates:
    cmctl upgrade migrate-api-version

Now, its safe to upgrade cert-manager to 1.7.1 4. Upgrade to Cert-Manager 1.7.1 or 1.9.1:

    kaf https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/cert-manager.yaml
    kaf https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/cert-manager.yaml
  1. Verify by fetching the CRD resources:
    kubectl get clusterissuer
    kubectl get certificates

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error from server: conversion webhook for cert-manager.io/v1alpha2 for cert-manager ClusterIssuer How to avoid ClusterIssuer dependency on helm cert-manager CRDs in Terraform plan and apply? ("ClusterIssuer" not found in group "cert-manager.io") Cert-manager. Internal error occurred: failed calling webhook. Wrong cert-manager hook ID Issue with Cert-manager ClusterIssuer in AKS cert-manager.io/v1 Certificate no acme field Istio Kubernetes Ingress with Cert-Manager: no matches for kind "Certificate" in version "certmanager.k8s.io/v1alpha1" Kubernetes TLS Ingress route with cert-manager and SelfSigned ClusterIssuer not working Migrate Certificate from certmanager.k8s.io/v1alpha1 to cert-manager.io/v1 Kuberenetes cert-manager and nginx Kubernetes cert-manager issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM