policy-webhook-certs secrets are not getting created

[MageshSrinivasulu]

Can someone please provide details on how these secrets are getting populated? I my case its not showing. webhook-certs are working fine

policy-webhook-certs :

kubectl describe secret policy-webhook-certs
Name:         policy-webhook-certs
Namespace:    genesys-system
Labels:       app.kubernetes.io/instance=policy-controller
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=policy-controller
              app.kubernetes.io/version=1.9.0
              control-plane=policy-controller-policy-webhook
              helm.sh/chart=policy-controller-0.1.25
Annotations:  meta.helm.sh/release-name: policy-controller
              meta.helm.sh/release-namespace: genesys-system

Type:  Opaque

Data
====

webhook-certs :

kubectl describe secret webhook-certs
Name:         webhook-certs
Namespace:    genesys-system
Labels:       app.kubernetes.io/instance=policy-controller
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=policy-controller
              app.kubernetes.io/version=1.9.0
              control-plane=policy-controller-webhook
              helm.sh/chart=policy-controller-0.1.25
Annotations:  meta.helm.sh/release-name: policy-controller
              meta.helm.sh/release-namespace: genesys-system

Type:  Opaque

Data
====
server-cert.pem:  794 bytes
server-key.pem:   241 bytes
ca-cert.pem:      855 bytes

[hectorj2f]

Those are created during the installation. It is done using knative. I tried increasing the delay of the probes, but it seems it is happening. Have you tried the latest char version?

[hectorj2f]

It is done using this functionality https://knative.dev/docs/serving/using-auto-tls/

[MageshSrinivasulu]

Those are created during the installation. It is done using knative. I tried increasing the delay of the probes, but it seems it is happening. Have you tried the latest char version?

@hectorj2f Yes I am using the latest available chart only. Is the delay configurable in the helm some how ?

version: 0.1.25
appVersion: 1.9.0

[hectorj2f]

The certificates are not created because the leases (kubectl get leases) are not cleaned up for the webhooks. I managed to reproduce it by installing and deleting the chart.

I feel the solution could be one of these three:

• delete the namespace where you installed the policy-controller chart when uninstalling it, if possible.
• delete the leases before every re-installation.
• wait until the leases expire (approx. 10min after creation)
• create your own certs instead of relying on the auto-TLS

[MageshSrinivasulu]

@hectorj2f Thanks, After clearing up the leases from the namespace. Chart got deployed successfully.