cert-manager: Internal error occurred: failed calling webhook. Wrong cert-manager hook ID.

Try to apply issuer to kubernetes and get this error: Error from server (InternalError): error when creating ".\\issuer.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post https://cert-manager-1575287841-webhook.cert-manager.svc:443/mutate?timeout=30s: service "cert-manager-1575287841-webhook" not found

Seems it try to call this “cert-manager-1575287841-webhook”, but in my kubernetes i have “cert-manager-1575353985-webhook”.

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 21
Comments: 17 (1 by maintainers)

Most upvoted comments

have the same issue

Error from server (InternalError): error when creating “test-resources.yaml”: Internal error occurred: failed calling webhook “webhook.cert-manager.io”: Post https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=30s: context deadline exceeded

chensoul on Feb 6, 2020

@robinmanuelthiel service "eve-dev-cert-manager-webhook" not found Did you update the name and namespace for this in all the manifests?

I had a similar error to this, but had to update the following annotation:

annotations:
    cert-manager.io/inject-ca-from-secret: "lb/cert-manager-webhook-tls"

adamdecaf on Feb 12, 2020

Hi guys i’ve got the same issue after following this tutorial

namespace/cert-manager-test unchanged
Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=30s: Service Unavailable
Error from server (InternalError): error when creating "test-resources.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=30s: Service Unavailable

Cluster status below

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-579d48dff8-86fl9              1/1     Running   0          168m
cert-manager-cainjector-789955d9b7-x7b29   1/1     Running   0          168m
cert-manager-webhook-64869c4997-l752v      1/1     Running   0          168m

I tried to follow instructions here but there is some information missing for my understanding. (I’m a beginner)

Ξ /tmp/HELM → k exec -n kube-system kube-apiserver-nodeserver -- kube-apiserver --enable-admission-plugins=MutatingAdmissionWebhook,ValidatingAdmissionWebhook


W0326 19:40:53.844980     133 services.go:37] No CIDR for service cluster IPs specified. Default value which was 10.0.0.0/24 is deprecated and will be removed in future releases. Please specify it using --service-cluster-ip-range on kube-apiserver.
I0326 19:40:53.845058     133 server.go:596] external host was not specified, using 172.24.112.36
W0326 19:40:53.845066     133 authentication.go:439] AnonymousAuth is not allowed with the AlwaysAllow authorizer. Resetting AnonymousAuth to false. You should use a different authorizer

Find below my configurations:

Kubernetes v1.17.3
Cert-manager v0.14.1

Please, if you can give me some help on that issue I’ll appreciate.

Regards.

jhonore on Mar 26, 2020

Had the exact same issue as you. Were running an older version (v0.5.0) - upgrades were failing. Decided to update to v. 0.12.0 (helm charts) and received your listed error.

After backup and helm chart cert-manager deleted and purged I kept getting the error with reference to an old webhook. I manually went through the below CRDs and removed old references before reinstalling.

v1/ClusterRole
v1/Deployment
v1/Pod(related)
v1/Service
v1/ServiceAccount
v1beta1/ClusterRole
v1beta1/ClusterRoleBinding
v1beta1/MutatingWebhookConfiguration
v1beta1/Role
v1beta1/RoleBinding
v1beta1/ValidatingWebhookConfiguration

I’m running on AKS so I’ve actually also updated all nodes to newst version trying to get the cluster to forget the old references - not sure this actually helped though.

Hope this helps you.

alltho on Dec 10, 2019