https://rancher.com/ logo
Powered by
#k3d
Title
g

glamorous-engine-17369

05/07/2022, 1:54 PM
So I'm trying to deploy cert-manager on a bare k3d server, and I'm getting issues with cert-manager's ca-injector not being able to perform leader election, is this a known issue with k3d? I think I had it working before
w

wide-garage-9465

05/07/2022, 2:12 PM
Never heard of this being a problem... How could this be related to k3d?🤔 What do the error messages say specifically? Do you have a quorum?
g

glamorous-engine-17369

05/07/2022, 2:43 PM
Copy code
E0507 13:55:01.963801       1 leaderelection.go:330] error retrieving resource lock kube-system/cert-manager-cainjector-leader-election: <http://leases.coordination.k8s.io|leases.coordination.k8s.io> "cert-manager-cainjector-leader-election" is forbidden: User "system:serviceaccount:cert-manager:cert-manager-cainjector" cannot get resource "leases" in API group "<http://coordination.k8s.io|coordination.k8s.io>" in the namespace "kube-system"
I was thinking this could be a k3d thing because I believe GKS also has this issue?
So I was wondering if it might be just a "some kubernetes distributions have this problem" type thing
w

wide-garage-9465

05/07/2022, 2:46 PM
Which version of cert-manager are you using? I saw that an older version of the bitnami deployment had this issue (https://github.com/bitnami/charts/issues/6930) which was fixed. Anyway, k3d is not a Kubernetes distro, but K3s is. In k3d you can use the --image flag to choose whatever version of K3s you like, to try different ones.
g

glamorous-engine-17369

05/07/2022, 3:38 PM
@wide-garage-9465 I templated out the helm chart about 3 days ago? So it should be if not the latest then the second-to-latest
Anyways, I'll go ask this in the #cert-manager channel on the kube Slack instead, I just thought there might be something weird with k3d maybe.
w

wide-garage-9465

05/07/2022, 3:58 PM
Not that I know of. Please let me know if you figured it out 👍
👍 1
c

creamy-pencil-82913

05/07/2022, 6:03 PM
Looks to me like the rbac is missing from the install. Sometimes if you template out the chart and then install the rendered template instead of just letting helm directly install things, you can miss resources.
Probably an issue with the chart, or the args you gave to helm when templating it.
w

wide-garage-9465

05/07/2022, 6:12 PM
Yeah, an issue with the chart is what I thought of, that's how I got to that GitHub issue. I thought the templating part was more of an issue with CRDs and helm hooks though, so that's good to know 🤔
c

creamy-pencil-82913

05/07/2022, 7:42 PM
I have seen some charts that use the clusters Kubernetes version to decide what resources or versions of resources get rendered. Templating breaks that because it doesn't have that information available.
w

wide-garage-9465

05/07/2022, 7:51 PM
Ah yes that makes sense, didn't think of that
g

glamorous-engine-17369

05/08/2022, 4:15 PM
The RBAC resources have definitely been rendered out, sadly. I've asked in the other slack though so fingers crossed
22 Views
Powered by