Giter Site home page Giter Site logo

Comments (14)

traxanos avatar traxanos commented on May 25, 2024 2

same problem here

from webhook-example.

michael-cico avatar michael-cico commented on May 25, 2024 1

I was able to work around this issue and pin the k8s versions at 0.25.4 by doing this:

replace (
	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.4
	k8s.io/apimachinery => k8s.io/apimachinery v0.25.4
	k8s.io/apiserver => k8s.io/apiserver v0.25.4
	k8s.io/client-go => k8s.io/client-go v0.25.4
	k8s.io/component-base => k8s.io/component-base v0.25.4
)

from webhook-example.

irbekrm avatar irbekrm commented on May 25, 2024 1

We released v1.12.1 and v1.11.3 with APF controller disabled https://github.com/cert-manager/cert-manager/releases

Do let us know if bumping to those cert-manager versions in your webhook helps.

(The solution will need to be reworked in the future when APF hits GA and can no longer be disabled using the same mechanism, but should hopefully solve the problems for now)

from webhook-example.

atsai1220 avatar atsai1220 commented on May 25, 2024

That depends on the K8s version you're running the webhook in.

from webhook-example.

aureq avatar aureq commented on May 25, 2024

I'm not sure this issue belongs in this repository (though it does affect webhooks). The webhook I maintain only relies on cert-manager own packages where I think the error messages are coming from.

"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"

from webhook-example.

PRAJINPRAKASH avatar PRAJINPRAKASH commented on May 25, 2024

facing same issue

Client Version: v1.26.1
Kustomize Version: v4.5.7
Server Version: v1.26.1

any solution ?

from webhook-example.

traxanos avatar traxanos commented on May 25, 2024

You must downgrade client.

from webhook-example.

lagunary avatar lagunary commented on May 25, 2024

Hi there,
Do you have info about this issue?

Thanks

from webhook-example.

michael-cico avatar michael-cico commented on May 25, 2024

I'm also hitting this issue.

I tried downgrading the client to 0.25.4, but go mod tidy keeps updating it to 0.26.

If I use a replace like this

replace (
	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.4
	k8s.io/apimachinery => k8s.io/apimachinery v0.25.4
	k8s.io/client-go => k8s.io/client-go v0.25.4
)

I get

	k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3: module k8s.io/client-go@latest found (v0.0.0-00010101000000-000000000000, replaced by k8s.io/[email protected]), but does not contain package k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3
gitlab-odx.oracledx.com/verrazzano/cert-manager-ocidns imports
	github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd imports
	github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd/server imports
	k8s.io/apiserver/pkg/server imports
	k8s.io/apiserver/pkg/util/flowcontrol imports
	k8s.io/client-go/listers/flowcontrol/v1beta3: module k8s.io/client-go@latest found (v0.0.0-00010101000000-000000000000, replaced by k8s.io/[email protected]), but does not contain package k8s.io/client-go/listers/flowcontrol/v1beta3

Unless I'm downgrading it wrong?

from webhook-example.

michael-cico avatar michael-cico commented on May 25, 2024

Aside from the challenge API I'm only using the command to start the API server provided by CM:

	cmd.RunWebhookServer(GroupName,
           ...
	)

from webhook-example.

lagunary avatar lagunary commented on May 25, 2024

@michael-cico which version of cert-manager go package was able to get deps for these replaced packages? thanks.

from webhook-example.

irbekrm avatar irbekrm commented on May 25, 2024

We've disabled the APF in cert-manager/cert-manager#6085 which should fix these issues. We're still to release a patch with this change and bump it in this project

(Additionally- we're not APF experts so if any of the folks here who implement the DNS webhook can think of a reason why it should not be disabled, please give a shout)

from webhook-example.

peytonyip avatar peytonyip commented on May 25, 2024

still facing same issue in k8s 1.27.3 use v1.12.3. look like the flowcontrol.apiserver.k8s.io/v1beta1 API version of FlowSchema and PriorityLevelConfiguration is no longer served as of v1.26

from webhook-example.

rome-user avatar rome-user commented on May 25, 2024

I can reproduce this issue using Cert Manager v1.12.2. The webhook I am using works as intended and passes conformance tests for dns01 challenges. But I still see tons of error logs in the webhook pod itself. The patterns are as follows.

W0916 07:21:34.786064       1 reflector.go:424] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: failed to list *v1beta3.FlowSchema: flowschemas.flowcontrol.apiserver.k8s.io is forbidden: User "system:serviceaccount:cert-manager:porkbun-webhook" cannot list resource "flowschemas" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
W0916 07:21:34.786053       1 reflector.go:424] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: failed to list *v1beta3.PriorityLevelConfiguration: prioritylevelconfigurations.flowcontrol.apiserver.k8s.io is forbidden: User "system:serviceaccount:cert-manager:porkbun-webhook" cannot list resource "prioritylevelconfigurations" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
E0916 07:21:34.786457       1 reflector.go:140] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: Failed to watch *v1beta3.PriorityLevelConfiguration: failed to list *v1beta3.PriorityLevelConfiguration: prioritylevelconfigurations.flowcontrol.apiserver.k8s.io is forbidden: User "system:serviceaccount:cert-manager:porkbun-webhook" cannot list resource "prioritylevelconfigurations" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
E0916 07:21:34.786520       1 reflector.go:140] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:169: Failed to watch *v1beta3.FlowSchema: failed to list *v1beta3.FlowSchema: flowschemas.flowcontrol.apiserver.k8s.io is forbidden: User "system:serviceaccount:cert-manager:porkbun-webhook" cannot list resource "flowschemas" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope

from webhook-example.

Related Issues (19)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.