Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deployment/install.sh failed #3

Open
yanruogu opened this issue Oct 30, 2019 · 3 comments
Open

deployment/install.sh failed #3

yanruogu opened this issue Oct 30, 2019 · 3 comments

Comments

@yanruogu
Copy link

environment:
os: centos 7.4
kubernetes: 1.11.2

lxcfs-daemonset.yaml can be executed normally

However, when I perform a deploy/install.sh installation:

[[email protected] ~/lxcfs-admission-webhook]deployment/install.sh
creating certs in tmpdir /tmp/tmp.Fp7lKhMGHo 
Generating RSA private key, 2048 bit long modulus
................................................+++
........+++
e is 65537 (0x10001)
certificatesigningrequest.certificates.k8s.io/lxcfs-admission-webhook-svc.default created
NAME                                  AGE       REQUESTOR          CONDITION
lxcfs-admission-webhook-svc.default   0s        kubernetes-admin   Pending
certificatesigningrequest.certificates.k8s.io/lxcfs-admission-webhook-svc.default approved
secret/lxcfs-admission-webhook-certs created
NAME                            TYPE      DATA      AGE
lxcfs-admission-webhook-certs   Opaque    2         0s
deployment.apps/lxcfs-admission-webhook-deployment created
service/lxcfs-admission-webhook-svc created
error: error validating "deployment/mutatingwebhook-ca-bundle.yaml": error validating data: ValidationError(MutatingWebhookConfiguration.webhooks[0].clientConfig.caBundle): invalid type for io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig.caBundle: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false

help
@xigang
Copy link
Contributor

xigang commented Oct 31, 2019
edited
Loading

@yanruogu https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/

Prerequisites

  • Ensure that the Kubernetes cluster is at least as new as v1.16 (to use admissionregistration.k8s.io/v1), or v1.9 (to use admissionregistration.k8s.io/v1beta1).

  • Ensure that MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers are enabled. Here is a recommended set of admission controllers to enable in general.

  • Ensure that the admissionregistration.k8s.io/v1 or admissionregistration.k8s.io/v1beta1 API is enabled.

@zijiwork
Copy link

zijiwork commented Dec 2, 2019

你好, kube-apiserver已经开启了MutatingAdmissionWebhook,ValidatingAdmissionWebhook
也是提示这个错误
error: error validating "mutatingwebhook-ca-bundle.yaml": error validating data: ValidationError(MutatingWebhookConfiguration.webhooks[0].clientConfig.caBundle): invalid type for io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig.caBundle: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false

@fjibj
Copy link

fjibj commented Jan 19, 2022

replace deployment/webhook-patch-ca-bundle.sh:
export CA_BUNDLE=$(kubectl config view --raw -o json | jq -r '.clusters[] | select(.name == "'$(kubectl config current-context)'") | .cluster."certificate-authority-data"')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xigang @yanruogu @fjibj @zijiwork