cert-manager: cainjector fails to start: MutatingWebhookConfiguration not found

Describe the bug: The cainjector Pod crashloops with the following message:

I0418 04:57:58.542065       1 start.go:82] starting ca-injector v0.14.2 (revision 8bc03dc303d0e4267e44dab0a68607f35786919e)
F0418 05:04:33.634423       1 start.go:147] error registering core-only controllers: no matches for kind "MutatingWebhookConfiguration" in version "admissionregistration.k8s.io/v1beta1"

There is a MutatingWebhookConfiguration present in the “admissionregistration.k8s.io/v1” apigroup since it was promoted to v1 in 1.17.0… The Behavior is not always the same. I had the problem last week the first time and after a full reinstall of cert-manager with Helm, it worked great since yesterday. I didn’t change anything on the setup these days…

Expected behaviour: The cainjector-Pod does start normally.

Steps to reproduce the bug: The bug is not really “reproducable” since I don’t know when and why the error-loop starts again. If there are any logs or information I should look for, I can do.

Anything else we need to know?:

Environment details::

Kubernetes version 1.18.1 (on microk8s on Ubuntu 18.04.4):
Cloud-provider/provisioner (e.g. GKE, kops AWS, etc): no
cert-manager version (e.g. v0.4.0): 0.14.2
Install method (e.g. helm or static manifests): Official Helm-Chart

/kind bug

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 1
Comments: 24 (6 by maintainers)

Most upvoted comments

Try

k apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml

I am using kubectl 1.22. And there is no “admissionregistration.k8s.io/v1beta1”. So I tried to apply a higher version of cert-manager. v1.2.0 already moved to use “admissionregistration.k8s.io/v1”. But to be safe, I bumped up to 1.4.0. And it works for me now.

+22

vreamer on Nov 17, 2021

Got the same behavior. But in my case

>kubectl api-versions | grep admissionregistration
admissionregistration.k8s.io/v1

BTW, I’ve got kubelet v1.22.3 What can I change to make error disappear?

rcmonitor on Nov 10, 2021

Just found this. It got removed in 1.22. I went back to 1.21 and it’s all working now.

https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/#api-changes

cisco1115 on Nov 18, 2021

would be nice if cmctl check api was more sophisticated and could check for issues like this.

mpechner-akasa on Mar 1, 2023

Try

k apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml

I am using kubectl 1.22. And there is no “admissionregistration.k8s.io/v1beta1”. So I tried to apply a higher version of cert-manager. v1.2.0 already moved to use “admissionregistration.k8s.io/v1”. But to be safe, I bumped up to 1.4.0. And it works for me now.

This worked for me

nishokvg on Jul 22, 2023

Updating to 1.4.0 worked for me as well!

omarsumadi on Aug 10, 2023

Hm, this is definitely something to look into. I suspect something weird going on in controller-runtime but I think it may be a tough one to find… 😅

/priority important-longterm /remove-triage needs-information

munnerz on Apr 24, 2020