Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
g
glamorous-engine-17369
05/07/2022, 1:54 PMSo I'm trying to deploy cert-manager on a bare k3d server, and I'm getting issues with cert-manager's ca-injector not being able to perform leader election, is this a known issue with k3d? I think I had it working before
w
wide-garage-9465
05/07/2022, 2:12 PMNever heard of this being a problem... How could this be related to k3d?🤔
What do the error messages say specifically?
Do you have a quorum?
g
glamorous-engine-17369
05/07/2022, 2:43 PME0507 13:55:01.963801 1 leaderelection.go:330] error retrieving resource lock kube-system/cert-manager-cainjector-leader-election: <http://leases.coordination.k8s.io|leases.coordination.k8s.io> "cert-manager-cainjector-leader-election" is forbidden: User "system:serviceaccount:cert-manager:cert-manager-cainjector" cannot get resource "leases" in API group "<http://coordination.k8s.io|coordination.k8s.io>" in the namespace "kube-system"I was thinking this could be a k3d thing because I believe GKS also has this issue?
So I was wondering if it might be just a "some kubernetes distributions have this problem" type thing
w
wide-garage-9465
05/07/2022, 2:46 PMWhich version of cert-manager are you using?
I saw that an older version of the bitnami deployment had this issue (https://github.com/bitnami/charts/issues/6930) which was fixed.
Anyway, k3d is not a Kubernetes distro, but K3s is. In k3d you can use the --image flag to choose whatever version of K3s you like, to try different ones.
g
glamorous-engine-17369
05/07/2022, 3:38 PM@wide-garage-9465 I templated out the helm chart about 3 days ago? So it should be if not the latest then the second-to-latest
Anyways, I'll go ask this in the #cert-manager channel on the kube Slack instead, I just thought there might be something weird with k3d maybe.
w
wide-garage-9465
05/07/2022, 3:58 PMNot that I know of. Please let me know if you figured it out 👍
👍 1
c
creamy-pencil-82913
05/07/2022, 6:03 PMLooks to me like the rbac is missing from the install. Sometimes if you template out the chart and then install the rendered template instead of just letting helm directly install things, you can miss resources.
Probably an issue with the chart, or the args you gave to helm when templating it.
w
wide-garage-9465
05/07/2022, 6:12 PMYeah, an issue with the chart is what I thought of, that's how I got to that GitHub issue.
I thought the templating part was more of an issue with CRDs and helm hooks though, so that's good to know 🤔
c
creamy-pencil-82913
05/07/2022, 7:42 PMI have seen some charts that use the clusters Kubernetes version to decide what resources or versions of resources get rendered. Templating breaks that because it doesn't have that information available.
w
wide-garage-9465
05/07/2022, 7:51 PMAh yes that makes sense, didn't think of that
g
glamorous-engine-17369
05/08/2022, 4:15 PMThe RBAC resources have definitely been rendered out, sadly. I've asked in the other slack though so fingers crossed