ingress-nginx: MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
NGINX Ingress controller version:0.34.1
Kubernetes version (use kubectl version):1.18.1
Environment:
Cloud provider or hardware configuration:baremetal
OS (e.g. from /etc/os-release):ubuntu16.04
Kernel (e.g. uname -a):4.4.0-184-generic.x86_64
Install tools:deploy.yaml
What happened: ingress-nginx-admission-create and ingress-nginx-admission-patch started intially but Ingress-nginx controller failed to start
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx ingress-nginx-admission-create-6sph6 1/1 Running 2 86s
ingress-nginx ingress-nginx-admission-patch-ks2cm 1/1 Running 2 86s
ingress-nginx ingress-nginx-controller-7fd7d8df56-wpdnp 0/1 ContainerCreating 0 96s
What you expected to happen: Ingress-nginx controller should start successfully
How to reproduce it:
Install kubernetes cluster using kubeadm
Install the ingress controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/deploy.yaml
Anything else we need to know:
vagrant@k8s-head:~$ kubectl describe pod ingress-nginx-controller-7fd7d8df56-wpdnp -n ingress-nginx
Name: ingress-nginx-controller-7fd7d8df56-wpdnp
Namespace: ingress-nginx
Priority: 0
Node: k8s-node-1/192.168.205.11
Start Time: Fri, 24 Jul 2020 01:49:42 +0000
Labels: app.kubernetes.io/component=controller
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/name=ingress-nginx
pod-template-hash=7fd7d8df56
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Controlled By: ReplicaSet/ingress-nginx-controller-7fd7d8df56
Containers:
controller:
Container ID:
Image: us.gcr.io/k8s-artifacts-prod/ingress-nginx/controller:v0.34.1@sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
Image ID:
Ports: 80/TCP, 443/TCP, 8443/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP
Args:
/nginx-ingress-controller
--election-id=ingress-controller-leader
--ingress-class=nginx
--configmap=ingress-nginx/ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Requests:
cpu: 100m
memory: 90Mi
Liveness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5
Readiness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
POD_NAME: ingress-nginx-controller-7fd7d8df56-wpdnp (v1:metadata.name)
POD_NAMESPACE: ingress-nginx (v1:metadata.namespace)
Mounts:
/usr/local/certificates/ from webhook-cert (ro)
/var/run/secrets/kubernetes.io/serviceaccount from ingress-nginx-token-4t6nq (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
webhook-cert:
Type: Secret (a volume populated by a Secret)
SecretName: ingress-nginx-admission
Optional: false
ingress-nginx-token-4t6nq:
Type: Secret (a volume populated by a Secret)
SecretName: ingress-nginx-token-4t6nq
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m1s default-scheduler Successfully assigned ingress-nginx/ingress-nginx-controller-7fd7d8df56-wpdnp to k8s-node-1
Warning FailedMount 57s (x8 over 2m) kubelet, k8s-node-1 MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 19
- Comments: 57 (10 by maintainers)
I managed to fix this by modifying --ingress-class=nginx to - --ingress-class=nginx2 in apply.yaml file so it was because there was an ingress class with the same name “nginx”
Still stucked. K8s 1.21 … MountVolume.SetUp failed for volume “webhook-cert” : secret “ingress-nginx-admission” not found
Finally, this worked for me. Run
kubectl edit configmap kube-proxy -n kube-systemand setmaxPerCoreunderconntrackto0fromnull.I am also get same issue, you can refer to my solution.
Just ran into this too on EKS 1.17 (latest AMI) with helm chart v3.20.0
I am getting same issue with ingress-nginx-admission secret, tried editing create and patch job with ingress-ingress-nginx-admission-token-xxxxx still same error. Anyone have solution for this, i am using Chart version 3.11.1 ingress-nginx. Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. {“err”:“secrets "ingress-nginx-admission-token-xxxxx" is forbidden: User "system:serviceaccount:ingress-nginx:ingress-nginx-admission" cannot get resource "secrets" in API group "" in the namespace "ingress-nginx"”,“level”:“fatal”,“msg”:“error getting secret”,“source”:“k8s/k8s.go:109”,“time”:“2021-11-23T22:05:01Z”}
When deploying with helm job are not deploying but ingress-controller is up and running, if you are using template of this chart then everything gets crashed
The secret is created after these two jobs finish. After that, the pod will start. Keep in mind this only happens the first time you start the ingress controller
I change the yaml file . secretName: ingress-nginx-admission secretName: ingress-nginx-admission-token-l2nx8
IT can work!!
This fix solve the issue for me: < --ingress-class=nginx> renamed to < --ingress-class=nginx2 > by editing the deployment as told by @AliBeddah
still happend in v0.45.0,somebody help
I encountered the same problem in version 1.18. My solution was to restart the Docker of the machine where Webhook is located, and the problem was solved. I felt that there was a problem with docker’s network bridge
in my case, if i install the ingress controller in control-plane, everthing looks good but i have no idea why
Anyone got this working? I am stuck in this same issue and not able to resolve …read almost all the related issues/solutions
怎么搞,没找到问题点啊,没找到答案啊
add, at the second date . I find a ture answaer, i belive.
delete all the svc. pods deployment , secret ,rs, cs, use yaml file when you apply except kube-system namespace like the under. kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/cloud/deploy.yaml and apply the new kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/cloud/deploy.yaml and everthing looks like good .
@aliencrash @FreddieMcHeart @yexk please use v0.41.0
Same