cert-manager: cainjector failing frequently

Describe the bug: cainjector 0.11.0 fails frequently with message:

I1114 12:05:33.699752       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.networking.k8s.io"}
I1114 12:05:33.699805       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1alpha1.kubeapps.com"}
I1114 12:05:33.699814       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="customresourcedefinition" "request"={"Namespace":"","Name":"issuers.cert-manager.io"}
I1114 12:05:33.699916       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1beta1.metrics.k8s.io"}
I1114 12:05:33.700003       1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled"  "controller"="apiservice" "request"={"Namespace":"","Name":"v1.apiextensions.k8s.io"}
E1114 12:25:09.735275       1 leaderelection.go:365] Failed to update lock: etcdserver: request timed out
I1114 12:25:10.923019       1 leaderelection.go:287] failed to renew lease kube-system/cert-manager-cainjector-leader-election: failed to tryAcquireOrRenew context deadline exceeded
F1114 12:25:10.923143       1 start.go:127] error running manager: leader election lost

$ kubectl -n cert-manager get pod cert-manager-cainjector-576978ffc8-mtg7b -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    cni.projectcalico.org/podIP: 10.2.0.178/32
  creationTimestamp: "2019-11-07T11:02:50Z"
  generateName: cert-manager-cainjector-576978ffc8-
  labels:
    app: cainjector
    app.kubernetes.io/instance: cert-manager
    app.kubernetes.io/managed-by: Tiller
    app.kubernetes.io/name: cainjector
    helm.sh/chart: cainjector-v0.11.0
    pod-template-hash: 576978ffc8
  name: cert-manager-cainjector-576978ffc8-mtg7b
  namespace: cert-manager
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: cert-manager-cainjector-576978ffc8
    uid: 4f7bbfc9-dfda-4264-bd06-b722bd88d21b
  resourceVersion: "6158194385"
  selfLink: /api/v1/namespaces/cert-manager/pods/cert-manager-cainjector-576978ffc8-mtg7b
  uid: 052447f0-59af-4a93-bfef-c09c8727610e
spec:
  containers:
  - args:
    - --v=2
    - --leader-election-namespace=kube-system
    env:
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    image: quay.io/jetstack/cert-manager-cainjector:v0.11.0
    imagePullPolicy: Always
    name: cainjector
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: cert-manager-cainjector-token-vbfw7
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: kubernetes-internal-node0
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: cert-manager-cainjector
  serviceAccountName: cert-manager-cainjector
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: cert-manager-cainjector-token-vbfw7
    secret:
      defaultMode: 420
      secretName: cert-manager-cainjector-token-vbfw7
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2019-11-07T11:02:50Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2019-11-14T12:25:14Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2019-11-14T12:25:14Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2019-11-07T11:02:50Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://5b2521cd7d0fe3c6a5516aaf90e20a5589e47ef8c04134e51974b724ea7aaff3
    image: quay.io/jetstack/cert-manager-cainjector:v0.11.0
    imageID: docker-pullable://quay.io/jetstack/cert-manager-cainjector@sha256:cf77d14d1c825190a38ac6b593f591998e3b34464f626f24479eb3e21dd589b3
    lastState:
      terminated:
        containerID: docker://dcba9c63711b87cd1ce348577546ee9d2cde557b0c993866997fb8f24028c9bc
        exitCode: 255
        finishedAt: "2019-11-14T12:25:10Z"
        reason: Error
        startedAt: "2019-11-14T12:05:16Z"
    name: cainjector
    ready: true
    restartCount: 323
    started: true
    state:
      running:
        startedAt: "2019-11-14T12:25:13Z"
  hostIP: 51.83.15.9
  phase: Running
  podIP: 10.2.0.178
  podIPs:
  - ip: 10.2.0.178
  qosClass: BestEffort
  startTime: "2019-11-07T11:02:50Z"

Happens quite frequently:

$ kubectl get pods -A|grep cert-manager
cert-manager           cert-manager-55c44f98f-dghd7                       1/1     Running   0          7d1h
cert-manager           cert-manager-cainjector-576978ffc8-mtg7b           1/1     Running   323        7d1h
cert-manager           cert-manager-webhook-c67fbc858-gbn8w               1/1     Running   1          7d1h

Expected behaviour: cainjector container should run without frequent failures/restarts.

Steps to reproduce the bug: Install cert-manager following official documentation instructions, configure letsencrypt, use it for some ingresses.

Environment details::

  • Kubernetes version (e.g. v1.10.2):
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.3", GitCommit:"b3cbbae08ec52a7fc73d334838e18d17e8512749", GitTreeState:"clean", BuildDate:"2019-11-13T11:23:11Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:09:08Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}
  • Cloud-provider/provisioner (e.g. GKE, kops AWS, etc): OVH Managed Kubernetes on public cloud (https://www.ovh.com/world/public-cloud/kubernetes/)
  • cert-manager version (e.g. v0.4.0): 0.11.0
  • Install method (e.g. helm or static manifests): manifests (CustomResourceDefinition, namespace) + helm

/kind bug

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 17
  • Comments: 31 (7 by maintainers)

Most upvoted comments

We saw the same issue, when we set the --leader-elect flag to false the error doesn’t occur. We are running cainjector with a replica count of 1. The relevant part from the values file for the Helm chart looks as follows:

cainjector:
  enabled: true
  replicaCount: 1

  extraArgs:
    - --leader-elect=false

  image:
    repository: quay.io/jetstack/cert-manager-cainjector
    tag: v0.14.2
    pullPolicy: IfNotPresent

Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.2", GitCommit:"52c56ce7a8272c798dbc29846288d7cd9fbae032", GitTreeState:"clean", BuildDate:"2020-04-16T23:35:15Z", GoVersion:"go1.14.2", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T20:55:23Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}

Maybe this helps someone. Does someone have an idea how to solve this for a higher replica count?

+13
ricoberger on Apr 21, 2020

I have the same issue using cert manager v0.13.1 when etcd has long timeout. Turning off leader election seems to fix the issue but is there any down side of doing that?

+2
yuzliu on Jun 1, 2021

Just throwing it out, but I am running v1.5.3 straight from the Helm chart and I found this crash.

I1203 15:42:40.911615       1 controller.go:178] cert-manager/secret/validatingwebhookconfiguration/generic-inject-reconciler "msg"="updated object" "resource_kind"="ValidatingWebhookConfiguration" "resource_name"="cert-manager-webhook" "resource_namespace"="" "resource_version"="v1"
E1203 16:45:07.501896       1 leaderelection.go:361] Failed to update lock: resource name may not be empty
I1203 16:45:07.504185       1 leaderelection.go:278] failed to renew lease kube-system/cert-manager-cainjector-leader-election: timed out waiting for the condition
I1203 16:45:07.504292       1 recorder.go:104] cert-manager/controller-runtime/manager/events "msg"="Normal"  "message"="cert-manager-cainjector-856d4df858-6plfh_0c4b1cea-f174-462a-9ff5-ee7177b77755 stopped leading" "object"={"kind":"ConfigMap","namespace":"kube-system","name":"cert-manager-cainjector-leader-election","uid":"0a503156-4eba-48d4-966d-8559261bdc00","apiVersion":"v1","resourceVersion":"19329220"} "reason"="LeaderElection"
I1203 16:45:07.504331       1 recorder.go:104] cert-manager/controller-runtime/manager/events "msg"="Normal"  "message"="cert-manager-cainjector-856d4df858-6plfh_0c4b1cea-f174-462a-9ff5-ee7177b77755 stopped leading" "object"={"kind":"Lease","apiVersion":"coordination.k8s.io/v1"} "reason"="LeaderElection"
E1203 16:45:07.618945       1 start.go:139] cert-manager/ca-injector "msg"="manager goroutine exited" "error"="error running manager: leader election lost"
I1203 16:45:07.628115       1 controller.go:227] cert-manager/certificate/apiservice/controller/controller-for-certificate-apiservice "msg"="Shutdown signal received, waiting for all workers to finish"
I1203 16:45:07.628389       1 controller.go:227] cert-manager/certificate/mutatingwebhookconfiguration/controller/controller-for-certificate-mutatingwebhookconfiguration "msg"="Shutdown signal received, waiting for all workers to finish"
I1203 16:45:07.628560       1 controller.go:227] cert-manager/certificate/customresourcedefinition/controller/controller-for-certificate-customresourcedefinition "msg"="Shutdown signal received, waiting for all workers to finish"
I1203 16:45:07.628759       1 controller.go:227] cert-manager/certificate/validatingwebhookconfiguration/controller/controller-for-certificate-validatingwebhookconfiguration "msg"="Shutdown signal received, waiting for all workers to finish"
I1203 16:45:07.629360       1 controller.go:229] cert-manager/certificate/apiservice/controller/controller-for-certificate-apiservice "msg"="All workers finished"
I1203 16:45:07.629613       1 controller.go:229] cert-manager/certificate/validatingwebhookconfiguration/controller/controller-for-certificate-validatingwebhookconfiguration "msg"="All workers finished"
I1203 16:45:07.630215       1 controller.go:229] cert-manager/certificate/mutatingwebhookconfiguration/controller/controller-for-certificate-mutatingwebhookconfiguration "msg"="All workers finished"
I1203 16:45:07.630366       1 controller.go:229] cert-manager/certificate/customresourcedefinition/controller/controller-for-certificate-customresourcedefinition "msg"="All workers finished"
I1203 16:45:07.630581       1 controller.go:227] cert-manager/secret/customresourcedefinition/controller/controller-for-secret-customresourcedefinition "msg"="Shutdown signal received, waiting for all workers to finish" 
I1203 16:45:07.630968       1 controller.go:227] cert-manager/secret/apiservice/controller/controller-for-secret-apiservice "msg"="Shutdown signal received, waiting for all workers to finish"
I1203 16:45:07.631137       1 controller.go:227] cert-manager/secret/validatingwebhookconfiguration/controller/controller-for-secret-validatingwebhookconfiguration "msg"="Shutdown signal received, waiting for all workers to finish"
I1203 16:45:07.631346       1 controller.go:227] cert-manager/secret/mutatingwebhookconfiguration/controller/controller-for-secret-mutatingwebhookconfiguration "msg"="Shutdown signal received, waiting for all workers to finish"
I1203 16:45:07.631568       1 controller.go:229] cert-manager/secret/mutatingwebhookconfiguration/controller/controller-for-secret-mutatingwebhookconfiguration "msg"="All workers finished"
I1203 16:45:07.632152       1 controller.go:229] cert-manager/secret/apiservice/controller/controller-for-secret-apiservice "msg"="All workers finished"
I1203 16:45:07.632305       1 controller.go:229] cert-manager/secret/validatingwebhookconfiguration/controller/controller-for-secret-validatingwebhookconfiguration "msg"="All workers finished"
I1203 16:45:07.632602       1 controller.go:229] cert-manager/secret/customresourcedefinition/controller/controller-for-secret-customresourcedefinition "msg"="All workers finished"
Error: error running manager: leader election lost

The strange thing is, I just discovered this issue today, but it appears this pod crashed ~6 months ago and did not realize it, nor did it restart properly. I’m NOT running more than one pod of anything:

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-856d4df858-6plfh   1/1     Running   0          252d
cert-manager-webhook-5fd7d458f7-6m4d4      1/1     Running   0          252d
cert-manager-66b6d6bf59-9mntj              1/1     Running   0          201d

I’m going to upgrade to the current version and cross my fingers this is solved. But from what I’ve seen, most of the time restarting is enough to get things running again (for a while).

Thanks!

+1
jhughes2112 on Jun 22, 2022

I also noticed some other error messages in caininjector container logs.

I1114 13:25:13.862928       1 start.go:82] starting ca-injector v0.11.0 (revision b030b7eb4)
I1114 13:25:14.482306       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="mutatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.482783       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="mutatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"secretName":"","issuerRef":{"name":""}},"status":{}}}
I1114 13:25:14.483209       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="mutatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.483953       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="validatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.484164       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="validatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"secretName":"","issuerRef":{"name":""}},"status":{}}}
I1114 13:25:14.484271       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="validatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
E1114 13:25:14.484308       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_depth" "queue"="mutatingwebhookconfiguration"
E1114 13:25:14.484405       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_adds_total" "queue"="mutatingwebhookconfiguration"
E1114 13:25:14.484450       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_queue_duration_seconds" "queue"="mutatingwebhookconfiguration"
E1114 13:25:14.484485       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_work_duration_seconds" "queue"="mutatingwebhookconfiguration"
E1114 13:25:14.484533       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_unfinished_work_seconds" "queue"="mutatingwebhookconfiguration"
E1114 13:25:14.484568       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_longest_running_processor_seconds" "queue"="mutatingwebhookconfiguration"
E1114 13:25:14.484613       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_retries_total" "queue"="mutatingwebhookconfiguration"
I1114 13:25:14.484659       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="mutatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.484709       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="mutatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
E1114 13:25:14.484943       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_depth" "queue"="validatingwebhookconfiguration"
I1114 13:25:14.484979       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="apiservice" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"service":null,"groupPriorityMinimum":0,"versionPriority":0},"status":{}}}
E1114 13:25:14.484981       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_adds_total" "queue"="validatingwebhookconfiguration"
E1114 13:25:14.485160       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_queue_duration_seconds" "queue"="validatingwebhookconfiguration"
I1114 13:25:14.485109       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="apiservice" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"secretName":"","issuerRef":{"name":""}},"status":{}}}
E1114 13:25:14.485196       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_work_duration_seconds" "queue"="validatingwebhookconfiguration"
E1114 13:25:14.485240       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_unfinished_work_seconds" "queue"="validatingwebhookconfiguration"
E1114 13:25:14.485277       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_longest_running_processor_seconds" "queue"="validatingwebhookconfiguration"
E1114 13:25:14.485318       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_retries_total" "queue"="validatingwebhookconfiguration"
I1114 13:25:14.485359       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="validatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.485352       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="apiservice" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.485395       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="validatingwebhookconfiguration" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
E1114 13:25:14.485564       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_depth" "queue"="apiservice"
E1114 13:25:14.485601       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_adds_total" "queue"="apiservice"
E1114 13:25:14.485646       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_queue_duration_seconds" "queue"="apiservice"
E1114 13:25:14.485686       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_work_duration_seconds" "queue"="apiservice"
E1114 13:25:14.485727       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_unfinished_work_seconds" "queue"="apiservice"
E1114 13:25:14.485892       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_longest_running_processor_seconds" "queue"="apiservice"
E1114 13:25:14.486002       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_retries_total" "queue"="apiservice"
I1114 13:25:14.486115       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="apiservice" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"service":null,"groupPriorityMinimum":0,"versionPriority":0},"status":{}}}
I1114 13:25:14.486186       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="apiservice" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
E1114 13:25:14.486536       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_depth" "queue"="customresourcedefinition"
E1114 13:25:14.486607       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_adds_total" "queue"="customresourcedefinition"
E1114 13:25:14.486698       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_queue_duration_seconds" "queue"="customresourcedefinition"
E1114 13:25:14.486773       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_work_duration_seconds" "queue"="customresourcedefinition"
E1114 13:25:14.486862       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_unfinished_work_seconds" "queue"="customresourcedefinition"
E1114 13:25:14.486934       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_longest_running_processor_seconds" "queue"="customresourcedefinition"
E1114 13:25:14.487017       1 workqueue.go:37] cert-manager/controller-runtime/metrics "msg"="failed to register metric" "error"="duplicate metrics collector registration attempted"  "name"="workqueue_retries_total" "queue"="customresourcedefinition"
I1114 13:25:14.487578       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="customresourcedefinition" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"group":"","names":{"plural":"","kind":""},"scope":""},"status":{"conditions":null,"acceptedNames":{"plural":"","kind":""},"storedVersions":null}}}
I1114 13:25:14.487606       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="customresourcedefinition" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"group":"","names":{"plural":"","kind":""},"scope":""},"status":{"conditions":null,"acceptedNames":{"plural":"","kind":""},"storedVersions":null}}}
I1114 13:25:14.487663       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="customresourcedefinition" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.487688       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="customresourcedefinition" "source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{"secretName":"","issuerRef":{"name":""}},"status":{}}}
I1114 13:25:14.487739       1 leaderelection.go:241] attempting to acquire leader lease  kube-system/cert-manager-cainjector-leader-election-core...
I1114 13:25:14.487746       1 controller.go:121] cert-manager/controller-runtime/controller "level"=0 "msg"="Starting EventSource"  "controller"="customresourcedefinition" "source"={"Type":{"metadata":{"creationTimestamp":null}}}
I1114 13:25:14.487844       1 leaderelection.go:241] attempting to acquire leader lease  kube-system/cert-manager-cainjector-leader-election...
E1114 13:25:14.603789       1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"quickstart-example-tls\" not found" "certificate"={"Namespace":"default","Name":"quickstart-example-tls"} "secret"={"Namespace":"default","Name":"quickstart-example-tls"} 
E1114 13:25:14.603802       1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"quickstart-example-tls\" not found" "certificate"={"Namespace":"default","Name":"quickstart-example-tls"} "secret"={"Namespace":"default","Name":"quickstart-example-tls"} 
E1114 13:25:14.603832       1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"quickstart-example-tls\" not found" "certificate"={"Namespace":"default","Name":"quickstart-example-tls"} "secret"={"Namespace":"default","Name":"quickstart-example-tls"} 
E1114 13:25:14.703879       1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"quickstart-example-tls\" not found" "certificate"={"Namespace":"default","Name":"quickstart-example-tls"} "secret"={"Namespace":"default","Name":"quickstart-example-tls"} 
I1114 13:25:30.267601       1 leaderelection.go:251] successfully acquired lease kube-system/cert-manager-cainjector-leader-election-core
+1
vkukk on Nov 14, 2019
Read more comments on GitHub
← cert-manager: ca.crt is empty after generating tls secret
cert-manager: cainjector fails to start: MutatingWebhookConfiguration not found →