Kubernetes: v1.19.9-gke.1900
Helm actions-runner-controller: 0.12.7
我有Github Actions Controller创建的 CRD :
❯ kubectl api-resources | grep summerwind.dev
horizontalrunnerautoscalers actions.summerwind.dev/v1alpha1 true HorizontalRunnerAutoscaler
runnerdeployments actions.summerwind.dev/v1alpha1 true RunnerDeployment
runnerreplicasets actions.summerwind.dev/v1alpha1 true RunnerReplicaSet
runners actions.summerwind.dev/v1alpha1 true Runner
runnersets actions.summerwind.dev/v1alpha1 true RunnerSet
而且我还有一个包含两个简化资源的示例文件:pod 和 runner
❯ cat test.yml
apiVersion: v1
kind: Pod
metadata:
name: pod-1
spec:
containers:
- name: main
image: busybox
---
apiVersion: actions.summerwind.dev/v1alpha1
kind: Runner
metadata:
name: runner-1
spec:
organization: my-org
env: []
现在,当我对这两个资源运行 apply 时,Pod运行良好,但Runner失败:
❯ kubectl apply -f test.yml
pod/pod-1 created
Error from server (InternalError): error when creating "test.yml": Internal error occurred: failed calling webhook "mutate.runner.actions.summerwind.dev": Post "https://actions-runner-controller-webhook.tools.svc:443/mutate-actions-summerwind-dev-v1alpha1-runner?timeout=30s": x509: certificate signed by unknown authority
如您所见,此调用转到 MutatingWebhookConfiguration。这个 webhook 向只打印的控制器发送请求:
❯ kubectl -n tools logs actions-runner-controller-6cd6fbdd56-qlzrd -c manager
...
http: TLS handshake error from 10.128.0.3:59736: remote error: tls: bad certificate
问题:故障排除的下一步是什么?