Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error /tmp/k8s-webhook-server/serving-certs/tls.crt: no such file or directory" has been faced #1501

Closed
camilamacedo86 opened this issue May 8, 2020 · 18 comments
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@camilamacedo86
Copy link
Member

Error:

$ kubectl logs deployment.apps/project-v3-multigroup-controller-manager -n project-v3-multigroup-system manager
2020-05-08T01:36:20.968Z	INFO	controller-runtime.metrics	metrics server is starting to listen	{"addr": "127.0.0.1:8080"}
2020-05-08T01:36:20.968Z	INFO	controller-runtime.builder	Registering a mutating webhook	{"GVK": "crew.testproject.org/v1, Kind=Captain", "path": "/mutate-crew-testproject-org-v1-captain"}
2020-05-08T01:36:20.968Z	INFO	controller-runtime.webhook	registering webhook	{"path": "/mutate-crew-testproject-org-v1-captain"}
2020-05-08T01:36:20.968Z	INFO	controller-runtime.builder	Registering a validating webhook	{"GVK": "crew.testproject.org/v1, Kind=Captain", "path": "/validate-crew-testproject-org-v1-captain"}
2020-05-08T01:36:20.968Z	INFO	controller-runtime.webhook	registering webhook	{"path": "/validate-crew-testproject-org-v1-captain"}
2020-05-08T01:36:20.969Z	INFO	controller-runtime.builder	skip registering a mutating webhook, admission.Defaulter interface is not implemented	{"GVK": "ship.testproject.org/v1beta1, Kind=Frigate"}
2020-05-08T01:36:20.969Z	INFO	controller-runtime.builder	skip registering a validating webhook, admission.Validator interface is not implemented	{"GVK": "ship.testproject.org/v1beta1, Kind=Frigate"}
2020-05-08T01:36:20.969Z	INFO	setup	starting manager
I0508 01:36:20.969662       1 leaderelection.go:242] attempting to acquire leader lease  project-v3-multigroup-system/14be1926.testproject.org...
2020-05-08T01:36:20.969Z	INFO	controller-runtime.manager	starting metrics server	{"path": "/metrics"}
2020-05-08T01:36:20.970Z	INFO	controller-runtime.webhook.webhooks	starting webhook server
2020-05-08T01:36:20.970Z	DEBUG	controller-runtime.manager	non-leader-election runnable finished	{"runnable type": "*webhook.Server"}
2020-05-08T01:36:20.970Z	ERROR	setup	problem running manager	{"error": "open /tmp/k8s-webhook-server/serving-certs/tls.crt: no such file or directory"}
github.com/go-logr/zapr.(*zapLogger).Error
	/go/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128
main.main
	/workspace/main.go:153
runtime.main
	/usr/local/go/src/runtime/proc.go:203
@camilamacedo86
Copy link
Member Author

/kind bug

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label May 8, 2020
@camilamacedo86 camilamacedo86 changed the title Error /tmp/k8s-webhook-server/serving-certs/tls.crt: no such file or directory" to run testdata with webhooks Error /tmp/k8s-webhook-server/serving-certs/tls.crt: no such file or directory" has been faced May 8, 2020
@camilamacedo86
Copy link
Member Author

camilamacedo86 commented May 8, 2020

Shows that it was already addressed before: kubernetes-sigs/controller-runtime#491

I will keep it open in order to check and see if has anything else that should be addressed here. E.g could we customize. the testdata mocks generated by the scripts to allow users to tun the projects which are examples?

@camilamacedo86
Copy link
Member Author

/assign @camilamacedo86

@camilamacedo86
Copy link
Member Author

documented already; https://github.com/kubernetes-sigs/kubebuilder/pull/776/files

@CatherineF-dev
Copy link

I commented SetupWebhookWithManager in main.go, which works for me.

// if err = (&batchv1.CronJob2{}).SetupWebhookWithManager(mgr); err != nil {
// ▏setupLog.Error(err, "unable to create webhook", "webhook", "CronJob2")
// ▏os.Exit(1)
// }

@libratiger
Copy link

export ENABLE_WEBHOOKS=false can works

@plaffitt
Copy link

@libratiger how to do if I want to use webhooks ?

@adeniyistephen
Copy link

@libratiger & @camilamacedo86 I similar errors, how would I go about it, while I want to use webhook.
I'm actually following the kubebuilder tutorial https://book.kubebuilder.io/cronjob-tutorial/running.html

@jgillich
Copy link

Check default/kustomization.yaml and crd/kustomization.yaml for [WEBHOOK] and [CERTMANAGER], we only need to uncomment some lines to get it to work. Also need to have cert-manager installed.

@moza88
Copy link

moza88 commented Apr 29, 2022

I am having the same issue, I uncommented the webhook and certmanager comments in the default/customize.

And I installed the cert-manager tool (cmctl) but I am not sure what to do with it. How am I supposed to inject a cert? Does the make run handle that using the certificate yaml?

Below is my default/kustomization.yaml:

# Adds namespace to all resources.
namespace: cronjob-kubebuilder-tutorial-system

# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: cronjob-kubebuilder-tutorial-

# Labels to add to all resources and selectors.
#commonLabels:
#  someName: someValue

bases:
- ../crd
- ../rbac
- ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 crd/kustomization.yaml
- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
- ../certmanager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus

patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml

# Mount the controller config file for loading manager configurations
# through a ComponentConfig type
#- manager_config_patch.yaml

# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 crd/kustomization.yaml
- manager_webhook_patch.yaml

# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
- webhookcainjection_patch.yaml

# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
  objref:
    kind: Certificate
    group: cert-manager.io
    version: v1
    name: serving-cert # this name should match the one in certificate.yaml
  fieldref:
    fieldpath: metadata.namespace
- name: CERTIFICATE_NAME
  objref:
    kind: Certificate
    group: cert-manager.io
    version: v1
    name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
#  objref:
#    kind: Service
#    version: v1
#    name: webhook-service
#  fieldref:
#    fieldpath: metadata.namespace
#- name: SERVICE_NAME
#  objref:
#    kind: Service
#    version: v1
#    name: webhook-service


@jgillich
Copy link

@moza88 You need to install cert-manager onto your cluster. cmctl x install with the cli
Once it's running it will generate certs for your webhook

@pedroaccamara
Copy link

I commented SetupWebhookWithManager in main.go, which works for me.

// if err = (&batchv1.CronJob2{}).SetupWebhookWithManager(mgr); err != nil {
// ▏setupLog.Error(err, "unable to create webhook", "webhook", "CronJob2")
// ▏os.Exit(1)
// }

Don't think that's a recommendable solution, but to your point, that if statement shouldn't be run when ENABLE_WEBHOOKS is false, so you should wrap all those lines inside another if statement

if os.Getenv("ENABLE_WEBHOOKS") != "false" {
    // that code
}

That in combination with running
$ make run ENABLE_WEBHOOKS=false
should stop it trying to even setup any webhook. The guide does include this code, though its unlikely most ppl will see it, as they decided to put it under a hidden section nominated "old stuff" at the end of step 1.7.1 even though its the first time they're showing it as its not included in the actual old stuff of step 1.2

@rewanthtammana
Copy link

rewanthtammana commented Aug 29, 2022

I'm also facing the same issue. Despite trying make run ENABLE_WEBHOOKS=false, I'm getting the same error! Couldn't find any flag with name, ENABLE_WEBHOOKS in the Makefile. Not sure how it can help.

@fanux
Copy link

fanux commented Oct 13, 2022

@jgillich

I tried to develop a webhook for sealos (a kubernetes distribution) :

make install && make run

1.665652837451995e+09	ERROR	setup	problem running manager	{"error": "open /var/folders/nx/k9_xcrpd1pg0m1vq1p5jqy800000gn/T/k8s-webhook-server/serving-certs/tls.crt: no such file or directory"}
main.main
	/Users/fanux/work/src/github.com/labring/sealos/webhooks/witelist/main.go:116
runtime.main
	/usr/local/go/src/runtime/proc.go:250
exit status 1
make: *** [run] Error 1

When I deploy the controller, cert manager will work, but how can I fixed this issue in dev env?

@jgillich
Copy link

Uncomment the lines in your config. #1501 (comment)

@breuerfelix
Copy link

@jgillich we are talking about the go binary here, you just can't run it in http mode (in order to use an https proxy in front of it for example)

the WebHookServer just won't run in http mode.

@dabao-zhao
Copy link

in main.go,it works for me.

	if os.Getenv("ENABLE_WEBHOOKS") != "false" {
		if err = (&batchv1.CronJob{}).SetupWebhookWithManager(mgr); err != nil {
			setupLog.Error(err, "unable to create webhook", "webhook", "CronJob")
			os.Exit(1)
		}
	}

@greatgeek
Copy link

for minikube example

1. ssh to minikube node

2. find the location of .cert file and .key file used by apiserver ps -ef | grep apiserver

3. new tls.cert file and tls.key in /tmp/k8s-webhook-server/serving-certs dir, and paste the content from step 2.

raukadah added a commit to raukadah/watcher-operator that referenced this issue Nov 28, 2024
watcher-operator-controller-manager is entering into crashloopbackoff
state due to missing /tmp/k8s-webhook-server/serving-certs/tls.crt.

Based on the suggestion
kubernetes-sigs/kubebuilder#1501 (comment),
it fixes the issue.

Signed-off-by: Chandan Kumar <raukadah@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

No branches or pull requests