Cert-manager安装失败

barfi · 2025 年6 月 4 日 02:00

环境信息:
Rancher Server 设置
Rancher 版本：2.7.9
安装选项 (Docker install/Helm Chart): Helm Chart
k3s版本：v1.26.9+k3s1
在线或离线部署：离线部署
**主机操作系统：三台ubtuntu22.04.6，两台server，一台agent，都已关闭防火墙

问题描述:
安装后metrics-server异常，具体看下方日志

安装 K3s 的命令:

已经有离线文件，拷贝离线数据
mkdir -p /var/lib/rancher/k3s/agent/images/
cp ./k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/

主：
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_VERSION=v1.26.9+k3s1 INSTALL_K3S_MIRROR=cn INSTALL_K3S_SKIP_DOWNLOAD=true sh -s - server --cluster-init

副主
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_SKIP_DOWNLOAD=true INSTALL_K3S_VERSION=v1.26.9+k3s1 K3S_URL=https://k3s-master:6443 sh -s - server --cluster-init --token “xxxxx”

代理

curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_SKIP_DOWNLOAD=true K3S_URL=https://k3s-master:6443 INSTALL_K3S_VERSION=v1.26.9+k3s1 K3S_TOKEN=“xxx” sh -

修改离线镜像库为本地
vi /etc/rancher/k3s/registries.yaml

拷贝配置文件，并对127.0.0.1的server为自定义的局域域名
cp /etc/rancher/k3s/k3s.yaml ~/.kube/config

查看状态
kubectl --kubeconfig ~/.kube/config get pods --all-namespaces

重启服务
systemctl daemon-reload
systemctl restart k3s
systemctl restart k3s-agent.service

-----添加证书管理----
创建命名空间
kubectl create namespace cert-manager
每个节点下载离线镜像
k3s crictl pull 本地库/rancher/cert-manager-ctl:v1.13.2
k3s crictl pull 本地库/rancher/cert-manager-webhook:v1.13.2
k3s crictl pull 本地库/rancher/cert-manager-cainjector:v1.13.2
k3s crictl pull 本地库/rancher/cert-manager-controller:v1.13.2
k3s crictl pull 本地库/rancher/cert-manager-acmesolver:v1.13.2
添加本地仓库
helm repo add --insecure-skip-tls-verify rancher https://本地仓库/chartrepo/rancher
安装证书管理
helm install cert-manager ./cert-manager-v1.13.2.tgz --namespace cert-manager --timeout 20m --wait --set image.repository=harbor.biaopunet.com/rancher/cert-manager-controller --set webhook.image.repository=harbor.biaopunet.com/rancher/cert-manager-webhook --set cainjector.image.repository=harbor.biaopunet.com/rancher/cert-manager-cainjector --set startupapicheck.image.repository=harbor.biaopunet.com/rancher/cert-manager-ctl --set acmesolver.image.repository=harbor.biaopunet.com/rancher/cert-manager-acmesolver

预期结果:
安装成功

实际结果:
安装失败

附加上下文/日志:

.image.repository=Harbor
Error: INSTALLATION FAILED: failed post-install: 1 error occurred:
* job failed: BackoffLimitExceeded

日志

查看所有nodes
 kubectl get nodes -o wide
NAME         STATUS   ROLES                       AGE   VERSION        INTERNAL-IP     EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION       CONTAINER-RUNTIME
k3s-agent1   Ready    <none>                      31m   v1.26.9+k3s1   172.18.11.248   <none>        Ubuntu 20.04.6 LTS   5.15.0-139-generic   containerd://1.7.6-k3s1.26
k3s-master   Ready    control-plane,etcd,master   32m   v1.26.9+k3s1   172.18.11.247   <none>        Ubuntu 20.04.6 LTS   5.4.0-216-generic    containerd://1.7.6-k3s1.26
k3s-server   Ready    control-plane,etcd,master   31m   v1.26.9+k3s1   172.18.11.249   <none>        Ubuntu 20.04.6 LTS   5.4.0-216-generic    containerd://1.7.6-k3s1.26

查看pod
root@k3s-master:/data/install/cert-manager# kubectl --kubeconfig ~/.kube/config get pods --all-namespaces
NAMESPACE      NAME                                       READY   STATUS      RESTARTS        AGE
cert-manager   cert-manager-c784f745d-8dls5               1/1     Running     0               19m
cert-manager   cert-manager-cainjector-55bd44989c-z4k97   1/1     Running     3 (3m46s ago)   19m
cert-manager   cert-manager-webhook-f5dffdfdf-ts87k       1/1     Running     0               19m
kube-system    coredns-59b4f5bbd5-nqhll                   1/1     Running     0               37m
kube-system    helm-install-traefik-5rrnl                 0/1     Completed   1               37m
kube-system    helm-install-traefik-crd-qdvrc             0/1     Completed   0               37m
kube-system    local-path-provisioner-76d776f6f9-wrhfj    1/1     Running     0               37m
kube-system    metrics-server-68cf49699b-qhl7f            1/1     Running     0               37m
kube-system    svclb-traefik-8c1d5fbf-c42dv               2/2     Running     0               36m
kube-system    svclb-traefik-8c1d5fbf-g9rnl               2/2     Running     0               36m
kube-system    svclb-traefik-8c1d5fbf-qs6rs               2/2     Running     0               36m
kube-system    traefik-57c84cf78d-npnnz                   1/1     Running     0               36m

代理服务其上k3s日志
Jun  4 09:50:22 k3s-agent1 systemd[1207]: run-k3s-containerd-io.containerd.runtime.v2.task-k8s.io-63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4-rootfs.mount: Succeeded.
Jun  4 09:50:22 k3s-agent1 systemd[1]: run-k3s-containerd-io.containerd.runtime.v2.task-k8s.io-63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4-rootfs.mount: Succeeded.
Jun  4 09:50:22 k3s-agent1 systemd[1645]: run-k3s-containerd-io.containerd.runtime.v2.task-k8s.io-63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4-rootfs.mount: Succeeded.
Jun  4 09:50:22 k3s-agent1 k3s[3169]: I0604 09:50:22.995463    3169 scope.go:115] "RemoveContainer" containerID="62614063f15916cdbf2067ae4f1e1efff90c93cdc2c39cc1ec3f99a72b6cd9ce"
Jun  4 09:50:22 k3s-agent1 k3s[3169]: I0604 09:50:22.995701    3169 scope.go:115] "RemoveContainer" containerID="63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4"
Jun  4 09:50:22 k3s-agent1 k3s[3169]: E0604 09:50:22.995912    3169 pod_workers.go:965] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"cert-manager-cainjector\" with CrashLoopBackOff: \"back-off 40s restarting failed container=cert-manager-cainjector pod=cert-manager-cainjector-55bd44989c-z4k97_cert-manager(01288e85-8e34-4dee-b2f7-ef016d2ba337)\"" pod="cert-manager/cert-manager-cainjector-55bd44989c-z4k97" podUID=01288e85-8e34-4dee-b2f7-ef016d2ba337
Jun  4 09:50:34 k3s-agent1 k3s[3169]: I0604 09:50:34.540193    3169 scope.go:115] "RemoveContainer" containerID="63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4"
Jun  4 09:50:34 k3s-agent1 k3s[3169]: E0604 09:50:34.540442    3169 pod_workers.go:965] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"cert-manager-cainjector\" with CrashLoopBackOff: \"back-off 40s restarting failed container=cert-manager-cainjector pod=cert-manager-cainjector-55bd44989c-z4k97_cert-manager(01288e85-8e34-4dee-b2f7-ef016d2ba337)\"" pod="cert-manager/cert-manager-cainjector-55bd44989c-z4k97" podUID=01288e85-8e34-4dee-b2f7-ef016d2ba337
Jun  4 09:50:47 k3s-agent1 k3s[3169]: I0604 09:50:47.540795    3169 scope.go:115] "RemoveContainer" containerID="63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4"
Jun  4 09:50:47 k3s-agent1 k3s[3169]: E0604 09:50:47.541026    3169 pod_workers.go:965] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"cert-manager-cainjector\" with CrashLoopBackOff: \"back-off 40s restarting failed container=cert-manager-cainjector pod=cert-manager-cainjector-55bd44989c-z4k97_cert-manager(01288e85-8e34-4dee-b2f7-ef016d2ba337)\"" pod="cert-manager/cert-manager-cainjector-55bd44989c-z4k97" podUID=01288e85-8e34-4dee-b2f7-ef016d2ba337
Jun  4 09:50:58 k3s-agent1 k3s[3169]: I0604 09:50:58.539925    3169 scope.go:115] "RemoveContainer" containerID="63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4"
Jun  4 09:50:58 k3s-agent1 k3s[3169]: E0604 09:50:58.540158    3169 pod_workers.go:965] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"cert-manager-cainjector\" with CrashLoopBackOff: \"back-off 40s restarting failed container=cert-manager-cainjector pod=cert-manager-cainjector-55bd44989c-z4k97_cert-manager(01288e85-8e34-4dee-b2f7-ef016d2ba337)\"" pod="cert-manager/cert-manager-cainjector-55bd44989c-z4k97" podUID=01288e85-8e34-4dee-b2f7-ef016d2ba337
Jun  4 09:51:09 k3s-agent1 k3s[3169]: I0604 09:51:09.540450    3169 scope.go:115] "RemoveContainer" containerID="63dbb96564fc7a0e113faf56991afb9dc4d68fe0b8a03b3df7f9acd9ad63f4c4"
Jun  4 09:51:09 k3s-agent1 systemd[1645]: data-k3s-rancher-k3s-agent-containerd-tmpmounts-containerd\x2dmount836522282.mount: Succeeded.
Jun  4 09:51:09 k3s-agent1 systemd[1]: Started libcontainer container 3647130ac5fc0778c5e96df91961d1f2c03b0a64f78cc582228294d2a103a4b3.


查看 cert-manager  pod的日志
root@k3s-master:/data/install/cert-manager# kubectl  logs -f -n  cert-manager cert-manager-c784f745d-8dls5  --since=1h
I0604 01:29:41.046242       1 controller.go:251] "cert-manager/controller/build-context: configured acme dns01 nameservers" nameservers=["10.43.0.10:53"]
W0604 01:29:41.046329       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0604 01:29:41.047305       1 controller.go:72] "cert-manager/controller: enabled controllers: [certificaterequests-approver certificaterequests-issuer-acme certificaterequests-issuer-ca certificaterequests-issuer-selfsigned certificaterequests-issuer-vault certificaterequests-issuer-venafi certificates-issuing certificates-key-manager certificates-metrics certificates-readiness certificates-request-manager certificates-revision-manager certificates-trigger challenges clusterissuers ingress-shim issuers orders]"
I0604 01:29:41.047594       1 controller.go:145] "cert-manager/controller: starting leader election"
I0604 01:29:41.047615       1 controller.go:93] "cert-manager/controller: starting metrics server" address="[::]:9402"
I0604 01:29:41.047648       1 controller.go:138] "cert-manager/controller: starting healthz server" address="[::]:9403"
I0604 01:29:41.048002       1 leaderelection.go:250] attempting to acquire leader lease kube-system/cert-manager-controller...
I0604 01:29:41.057526       1 leaderelection.go:260] successfully acquired lease kube-system/cert-manager-controller
I0604 01:29:41.058271       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificaterequests-issuer-venafi"
I0604 01:29:41.058564       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificates-key-manager"
I0604 01:29:41.059005       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificates-readiness"
I0604 01:29:41.059279       1 controller.go:192] "cert-manager/controller: not starting controller as it's disabled" controller="certificatesigningrequests-issuer-vault"
I0604 01:29:41.059310       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificates-revision-manager"
I0604 01:29:41.059750       1 controller.go:215] "cert-manager/controller: starting controller" controller="clusterissuers"
I0604 01:29:41.059995       1 controller.go:192] "cert-manager/controller: not starting controller as it's disabled" controller="gateway-shim"
I0604 01:29:41.060012       1 controller.go:192] "cert-manager/controller: not starting controller as it's disabled" controller="certificatesigningrequests-issuer-venafi"
I0604 01:29:41.060090       1 controller.go:215] "cert-manager/controller: starting controller" controller="orders"
I0604 01:29:41.060415       1 controller.go:215] "cert-manager/controller: starting controller" controller="issuers"
I0604 01:29:41.060832       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificaterequests-approver"
I0604 01:29:41.061110       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificaterequests-issuer-ca"
I0604 01:29:41.063667       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificates-issuing"
I0604 01:29:41.063972       1 controller.go:192] "cert-manager/controller: not starting controller as it's disabled" controller="certificatesigningrequests-issuer-selfsigned"
I0604 01:29:41.064087       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificates-metrics"
I0604 01:29:41.064463       1 controller.go:215] "cert-manager/controller: starting controller" controller="ingress-shim"
I0604 01:29:41.064715       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificaterequests-issuer-vault"
I0604 01:29:41.065108       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificaterequests-issuer-selfsigned"
I0604 01:29:41.065433       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificates-request-manager"
I0604 01:29:41.065745       1 controller.go:192] "cert-manager/controller: not starting controller as it's disabled" controller="certificatesigningrequests-issuer-acme"
I0604 01:29:41.065762       1 controller.go:192] "cert-manager/controller: not starting controller as it's disabled" controller="certificatesigningrequests-issuer-ca"
I0604 01:29:41.065794       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificates-trigger"
I0604 01:29:41.066134       1 controller.go:215] "cert-manager/controller: starting controller" controller="challenges"
I0604 01:29:41.066681       1 controller.go:215] "cert-manager/controller: starting controller" controller="certificaterequests-issuer-acme"
W0604 01:29:41.067395       1 reflector.go:535] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: failed to list *v1.ClusterIssuer: the server could not find the requested resource (get clusterissuers.cert-manager.io)
E0604 01:29:41.067425       1 reflector.go:147] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: Failed to watch *v1.ClusterIssuer: failed to list *v1.ClusterIssuer: the server could not find the requested resource (get clusterissuers.cert-manager.io)
W0604 01:29:41.067536       1 reflector.go:535] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: failed to list *v1.CertificateRequest: the server could not find the requested resource (get certificaterequests.cert-manager.io)
E0604 01:29:41.067574       1 reflector.go:147] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: Failed to watch *v1.CertificateRequest: failed to list *v1.CertificateRequest: the server could not find the requested resource (get certificaterequests.cert-manager.io)
W0604 01:29:41.067615       1 reflector.go:535] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: failed to list *v1.Order: the server could not find the requested resource (get orders.acme.cert-manager.io)
E0604 01:29:41.067630       1 reflector.go:147] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: Failed to watch *v1.Order: failed to list *v1.Order: the server could not find the requested resource (get orders.acme.cert-manager.io)
W0604 01:29:41.068217       1 reflector.go:535] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: failed to list *v1.Challenge: the server could not find the requested resource (get challenges.acme.cert-manager.io)
E0604 01:29:41.068238       1 reflector.go:147] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: Failed to watch *v1.Challenge: failed to list *v1.Challenge: the server could not find the requested resource (get challenges.acme.cert-manager.io)
W0604 01:29:41.068403       1 reflector.go:535] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: failed to list *v1.Certificate: the server could not find the requested resource (get certificates.cert-manager.io)
E0604 01:29:41.068445       1 reflector.go:147] k8s.io/client-go@v0.28.1/tools/cache/reflector.go:229: Failed to watch *v1.Certificate: failed to list *v1.Certificate: the server could not find the requested resource (get certificates.cert-manager.io)


查看cert-manager-cainjector   pod的日志
root@k3s-master:/data/install/cert-manager# kubectl  logs -f -n  cert-manager cert-manager-cainjector-55bd44989c-z4k97  --since=1h
I0604 01:51:09.639741       1 start.go:182] "starting" version="v1.13.2" revision="432a489f5be77e3f4e2043564991a80e3bff6047"
I0604 01:51:09.646547       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:09.647957       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:10.650136       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:11.650146       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:12.650124       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:13.650318       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:14.650642       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:15.650914       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:16.651692       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:17.651023       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."
I0604 01:51:18.651440       1 start.go:275] "cert-manager/cainjector: cainjector has been configured to watch certificates, but certificates.cert-manager.io CRD not found, retrying with a backoff..."

查看cert-manager-webhook  pod日志
root@k3s-master:/data/install/cert-manager# kubectl  logs -f -n  cert-manager cert-manager-webhook-f5dffdfdf-ts87k  --since=1h
W0604 01:29:41.032202       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0604 01:29:41.039030       1 webhook.go:128] "cert-manager/webhook: using dynamic certificate generating using CA stored in Secret resource" secret_namespace="cert-manager" secret_name="cert-manager-webhook-ca"
I0604 01:29:41.039220       1 server.go:133] "cert-manager: listening for insecure healthz connections" address=":6080"
I0604 01:29:41.039271       1 server.go:197] "cert-manager: listening for secure connections" address=":10250"
E0604 01:29:41.156979       1 authority.go:143] "cert-manager: error ensuring CA" err="secrets \"cert-manager-webhook-ca\" already exists"
I0604 01:29:42.044247       1 dynamic_source.go:255] "cert-manager: Updated cert-manager webhook TLS certificate" DNSNames=["cert-manager-webhook","cert-manager-webhook.cert-manager","cert-manager-webhook.cert-manager.svc"]


查看traefik-57c84cf78d-npnnz    pod日志
root@k3s-master:/data/install/cert-manager# kubectl  logs -f -n kube-system   traefik-57c84cf78d-npnnz   --since=1h
time="2025-06-04T01:11:49Z" level=info msg="Configuration loaded from flags."
W0604 01:19:58.185998       1 reflector.go:441] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: watch of *v1.Ingress ended with: very short watch: k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Unexpected watch close - watch lasted less than a second and no items received
W0604 01:19:58.186043       1 reflector.go:441] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: watch of *v1.IngressClass ended with: very short watch: k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Unexpected watch close - watch lasted less than a second and no items received
E0604 01:20:00.391342       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.IngressClass: failed to list *v1.IngressClass: Get "https://10.43.0.1:443/apis/networking.k8s.io/v1/ingressclasses?resourceVersion=913": dial tcp 10.43.0.1:443: connect: connection refused
E0604 01:20:00.566286       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Ingress: failed to list *v1.Ingress: Get "https://10.43.0.1:443/apis/networking.k8s.io/v1/ingresses?resourceVersion=913": dial tcp 10.43.0.1:443: connect: connection refused
E0604 01:20:00.991661       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Service: the server is currently unable to handle the request (get services)
E0604 01:20:00.998228       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Endpoints: the server is currently unable to handle the request (get endpoints)
E0604 01:20:01.059789       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.IngressRouteUDP: the server is currently unable to handle the request (get ingressrouteudps.traefik.containo.us)
E0604 01:20:01.524009       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.TLSOption: the server is currently unable to handle the request (get tlsoptions.traefik.containo.us)
E0604 01:20:01.579713       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.IngressRouteTCP: the server is currently unable to handle the request (get ingressroutetcps.traefik.containo.us)
E0604 01:20:01.757661       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.ServersTransport: the server is currently unable to handle the request (get serverstransports.traefik.containo.us)
E0604 01:20:01.781456       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.MiddlewareTCP: the server is currently unable to handle the request (get middlewaretcps.traefik.containo.us)
E0604 01:20:01.829290       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Secret: the server is currently unable to handle the request (get secrets)
E0604 01:20:02.203378       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Service: failed to list *v1.Service: apiserver not ready
E0604 01:20:02.292118       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.IngressRouteUDP: failed to list *v1alpha1.IngressRouteUDP: apiserver not ready
E0604 01:20:02.441978       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.TLSOption: failed to list *v1alpha1.TLSOption: apiserver not ready
E0604 01:20:02.592732       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Endpoints: the server is currently unable to handle the request (get endpoints)
E0604 01:20:02.598218       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Endpoints: failed to list *v1.Endpoints: apiserver not ready
E0604 01:20:02.667910       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1.Secret: the server is currently unable to handle the request (get secrets)
E0604 01:20:02.861823       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.IngressRoute: the server is currently unable to handle the request (get ingressroutes.traefik.containo.us)
E0604 01:20:02.894699       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.IngressRouteTCP: failed to list *v1alpha1.IngressRouteTCP: apiserver not ready
E0604 01:20:03.063612       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.MiddlewareTCP: failed to list *v1alpha1.MiddlewareTCP: apiserver not ready
E0604 01:20:03.093449       1 reflector.go:138] k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha1.ServersTransport: failed to list *

ksd · 2025 年6 月 4 日 02:08

哪失败了？

barfi · 2025 年6 月 4 日 02:18

执行命令
helm install cert-manager ./cert-manager-v1.13.2.tgz --namespace cert-manager --timeout 20m --wait --set image.repository=harbor.biaopunet.com/rancher/cert-manager-controller --set webhook.image.repository=harbor.biaopunet.com/rancher/cert-manager-webhook --set cainjector.image.repository=harbor.biaopunet.com/rancher/cert-manager-cainjector --set startupapicheck.image.repository=harbor.biaopunet.com/rancher/cert-manager-ctl --set acmesolver.image.repository=harbor.biaopunet.com/rancher/cert-manager-acmesolver
后提示
.image.repository=Harbor
Error: INSTALLATION FAILED: failed post-install: 1 error occurred:
* job failed: BackoffLimitExceeded

ksd · 2025 年6 月 4 日 02:25

这个是安装 cert-manager 的问题，这块超纲了

barfi · 2025 年6 月 4 日 02:37

也没输入啥特殊东西呀，而且提前下载了镜像