K8S operator webhook error x509: certificate is not valid for any names #188
Comments
所示webhook服务的available状态为True
|
|
@qchenzi It seems that Kubernetes API server is unable to verify the webhook's TLS certificate. Do you use cert manager or a self generated cert file? Please find it and check the cert info by following command: |
|
Hi @vettalwu , I've checked the TLS certificate using the openssl command, and it appears to be generated for the hostname
Despite the certificate seemingly correctly configured, I'm still encountering the x509 certificate error when applying configurations via kubectl. Do you have any suggestions on what steps I should take next to resolve this?
|
|
@qchenzi Can you try to restart the api-server? K8s api-server may create a self-generated certificate, which may be invalid. Refer to: kubernetes/kubernetes#86552. |
vettalwu
changed the title
|
Hi @vettalwu , I've restarted the api-server as you suggested, but the issue persists with the x509: certificate is not valid for any names error still occurring. Here are the steps I've taken:
Could there be other diagnostic steps to attempt? Or is there a possibility of a different configuration causing the certificate validation issue? Thank you for your assistance! |
|
@qchenzi Check the apiserver ca using following command:
|
apps@(datamars)mlpl70855-10.18.106.234 crds$ kubectl apply -f quick-start.yaml
Error from server (InternalError): error when creating "quick-start.yaml": Internal error occurred: failed calling webhook "polardbxcluster-mutate.polardbx.aliyun.com": failed to call webhook: Post "https://polardbx-admission-webhook.polardbx-operator-system.svc:443/apis/admission.polardbx.aliyun.com/v1/mutate-polardbx-aliyun-com-v1-polardbxcluster?timeout=10s": x509: certificate is not valid for any names, but wanted to match polardbx-admission-webhook.polardbx-operator-system.svc
The text was updated successfully, but these errors were encountered: