我收到以下错误:
Error from server (InternalError): error when creating "/root/patched_issuer.yml": Internal error occurred: failed calling admission webhook "issuers.admission.certmanager.k8s.io": the server is currently unable to handle the request
Exited with code 1
这是我的工作负载的样子。
Name Status Type Pods Namespace Cluster
staging-cert-manager OK Deployment 1/1 default staging
staging-webhook Does not have minimum availability Deployment 0/1 default staging
知道什么可能导致这种情况吗?
First make sure you when through the cert-manager troubleshooting page:
https://docs.cert-manager.io/en/latest/getting-started/troubleshooting.html
Since you mention you're using GKE (so there is a change that you're a GKE private cluster) I would suggest that you also take a look at this:
http://docs.cert-manager.io/en/latest/getting-started/webhook.html#running-on-private-gke-clusters
In my case I had to create a firewall rule to allow traffic from master nodes to the private instances. This is the command I had to run:
gcloud compute firewall-rules create allow-connect-cert-manager-webhook \ --action ALLOW \ --direction INGRESS \ --source-ranges 172.16.0.0/28 \ --rules tcp:6443 \ --target-tags gke-platform-staging-5d5216f8-node --network platform-staging-vpc-network
The --network parameter is crucial and it must target the network that's being used by your cluster.