cert-manager: unable to retrieve the complete list of server APIs: webhook.cert-manager.io/v1beta1

My problem was that I was applying the full cert-manager.yaml before running the helm chart, not the CRDs-only version. Most of you appear not to have made this mistake, but I’m posting this here because this is the first result I hit when trying to find answers.

“Good” one for helm: https://raw.githubusercontent.com/jetstack/cert-manager/v0.11.0/deploy/manifests/00-crds.yaml

What worked for me:

1. helm delete --purge cert-manager (if there’s any form of it there, FAILED or otherwise)
2. kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager.yaml
3. kubectl get crd to make sure there aren’t any cert-manager.io or certmanager.k8s.io Custom Resource Definitions hanging around
4. kubect get pods -A to make sure there aren’t any cert-manager-* pods (to make sure you didn’t accidentally install them in a different namespace)
5. kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/v0.11.0/deploy/manifests/00-crds.yaml --validate=false
6. Create a namespace.yaml with these contents:

apiVersion: v1
kind: Namespace
metadata:
  name: cert-manager
  labels:
    cert-manager.io/disable-validation: "true"

1. kubectl apply -f namespace.yaml
2. helm upgrade cert-manager jetstack/cert-manager --install --namespace cert-manager --version v0.11.0 --wait. This took nearly 3 minutes, because the cert-manager-webhook pod takes a long time to be created.
3. Add your desired ClusterIssuers with kubectl apply. I’m using the acme issuer with Let’s Encrypt and chose the http01 solver.

Same issue here:

$ helm version
version.BuildInfo{Version:"v3.0.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.3", GitCommit:"b3cbbae08ec52a7fc73d334838e18d17e8512749", GitTreeState:"clean", BuildDate:"2019-11-13T11:23:11Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.8", GitCommit:"211047e9a1922595eaa3a1127ed365e9299a6c23", GitTreeState:"clean", BuildDate:"2019-10-15T12:02:12Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}

I was able to solve the problem by deleting resource kubectl delete apiservices v1beta1.webhook.cert-manager.io

After I also performed full clean up of previously installed cert-manager by looping through all the resources and looking for resources with my release name.

RELEASE_NAME="myrelease-"
kubectl api-resources | 
awk '{ print $1}' | 
while read a
do 
   echo "############$a"
   kubectl g $a --all-namespaces | grep $RELEASE_NAME
done

After that everything seems to work fine.

Same issue while installing cert-manager 0.11.0 with helm v3.0.0-rc.3:

$ kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
$ helm install cert-manager jetstack/cert-manager --version 0.11.0 --namespace ingress                                                                           
Error: could not get apiVersions from Kubernetes: unable to retrieve the complete list of server APIs: webhook.cert-manager.io/v1beta1: the server is currently unable to handle the request

I also had to remove other global objects before the uninstall was complete, and I could reinstall:

kubectl delete apiservice v1beta1.webhook.cert-manager.io # find not available one
kubectl delete psp cert-manager-cainjector
kubectl delete psp cert-manager-webhook
kubectl delete psp cert-manager

kubectl get clusterrole | grep cert-manager | cut -f 1 -d ' ' | xargs kubectl delete clusterrole
kubectl get clusterrolebinding | grep cert-manager  | cut -f 1 -d ' ' | xargs kubectl delete clusterrolebinding
kubectl delete role -n kube-system cert-manager-cainjector:leaderelection cert-manager:leaderelection 
kubectl delete rolebinding -n kube-system cert-manager-cainjector:leaderelection cert-manager:leaderelection cert-manager-webhook:webhook-authentication-reader
kubectl delete MutatingWebhookConfiguration cert-manager-webhook
kubectl delete ValidatingWebhookConfiguration cert-manager-webhook

I’m seeing this on a brand-new cluster setup (no previously installed CRDs):

helm version:

Client: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}

@imkane :

$ kubectl delete -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml

$ kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml

I am having the same issue as @pavdmyt with helm v3.0.0-rc.3. Anyone got any ideas?

https://stackoverflow.com/questions/62442679/could-not-get-apiversions-from-kubernetes-unable-to-retrieve-the-complete-list