Rancher Server 设置
- Rancher 版本:2.7.5
- 安装选项 (Docker install): docker run -d --restart=unless-stopped
-p 8480:80 -p 443:443
–privileged
rancher/rancher:latest
下游集群信息
- Kubernetes 版本: 1.23.4
**主机操作系统:centos7
**问题描述:创建名称空间报错,网上教程是删除掉两个名称空间即可,但是查看mutatingwebhookconfigurations没有创建,删除掉rancher.cattle.io validatingwebhookconfigurations后会自动创建,查看pod日志,rancher-webhook报错,MutatingWebhookConfiguration.admissionregistration.k8s.io无法创建。
猜测是因为MutatingWebhookConfiguration没有创建成功,所以会一直重新创建 validatingwebhookconfigurations和MutatingWebhookConfiguration,导致namespace无法创建。
重现步骤:
[root@master /]# kubectl create ns test1
kubectl create ns test1
Error from server (InternalError): Internal error occurred: failed calling webhook “rancher.cattle.io.namespaces.create-non-kubesystem”: failed to call webhook: Post “https://rancher-webhook.cattle-system.svc:443/v1/webhook/validation/namespaces?timeout=10s”: dial tcp 10.106.133.123:443: connect: connection refused
-
查看准入控制器
[root@master /]# kubectl get mutatingwebhookconfigurations
No resources found
[root@master /]# kubectl get validatingwebhookconfigurations
NAME WEBHOOKS AGE
rancher.cattle.io 7 9m48s -
删除准入控制器
[root@master /]# kubectl delete validatingwebhookconfigurations rancher.cattle.io
validatingwebhookconfiguration.admissionregistration.k8s.io “rancher.cattle.io” deleted -
再次查看准入控制器
[root@master /]# kubectl get validatingwebhookconfigurations
NAME WEBHOOKS AGE
rancher.cattle.io 7 1s -
再次创建命名空间,依旧报错
[root@master /]# kubectl create ns test1
Error from server (InternalError): Internal error occurred: failed calling webhook “rancher.cattle.io.namespaces.create-non-kubesystem”: failed to call webhook: Post “https://rancher-webhook.cattle-system.svc:443/v1/webhook/validation/namespaces?timeout=10s”: dial tcp 10.106.133.123:443: connect: connection refused -
查看cattle-system的pod
[root@master ~]# kubectl get pod -n cattle-system
NAME READY STATUS RESTARTS AGE
cattle-cluster-agent-6c8dd4d955-hdq78 1/1 Running 0 3d23h
cattle-cluster-agent-6c8dd4d955-lbdh7 1/1 Running 0 3d23h
rancher-webhook-578cb7b8b5-j6xwc 0/1 Running 772 (16s ago) 3d23h -
查看失败pod日志
time=“2023-08-04T01:39:51Z” level=info msg=“Sleeping for 15 seconds then applying webhook config”
time=“2023-08-04T01:40:06Z” level=error msg=“error syncing ‘cattle-system/cattle-webhook-ca’: handler secrets: failed to create mutating configuration: MutatingWebhookConfiguration.admissionregistration.k8s.io “” is invalid: metadata.name: Required value: name or generateName is required, requeuing”
time=“2023-08-04T01:40:26Z” level=info msg=“Sleeping for 15 seconds then applying webhook config”
time=“2023-08-04T01:40:41Z” level=error msg=“error syncing ‘cattle-system/cattle-webhook-ca’: handler secrets: failed to create mutating configuration: MutatingWebhookConfiguration.admissionregistration.k8s.io “” is invalid: metadata.name: Required value: name or generateName is required, requeuing”
time=“2023-08-04T01:41:11Z” level=info msg=“Sleeping for 15 seconds then applying webhook config”
time=“2023-08-04T01:41:26Z” level=error msg=“error syncing ‘cattle-system/cattle-webhook-ca’: handler secrets: failed to create mutating configuration: MutatingWebhookConfiguration.admissionregistration.k8s.io “” is invalid: metadata.name: Required value: name or generateName is required, requeuing”
**结果:名称空间创建失败
**预期结果:MutatingWebhookConfiguration.admissionregistration.k8s.io能创建成功,或者namespace能正常创建和删除
**截图:
