aws-load-balancer-controller: MountVolume.SetUp failed for volume "cert" : secret "aws-load-balancer-webhook-tls" not found

Describe the bug

`  Warning  FailedMount  13m   kubelet            MountVolume.SetUp failed for volume "cert" : secret "aws-load-balancer-webhook-tls" not found
  Normal   Pulling      13m   kubelet            Pulling image "amazon/aws-alb-ingress-controller:v2.3.0"
  Normal   Pulled       13m   kubelet            Successfully pulled image "amazon/aws-alb-ingress-controller:v2.3.0" in 24.291651828s
  Normal   Created      13m   kubelet            Created container controller
  Normal   Started      13m   kubelet            Started container controller`

Steps to reproduce

Expected outcome A concise description of what you expected to happen.

Environment

AWS Load Balancer controller version aws-alb-ingress-controller:v2.3.0

 Kubernetes version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.4", GitCommit:"e87da0bd6e03ec3fea7933c4b5263d151aafd07c", GitTreeState:"clean", BuildDate:"2021-02-18T16:12:00Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.2-eks-06eac09", GitCommit:"5f6d83fe4cb7febb5f4f4e39b3b2b64ebbbe3e97", GitTreeState:"clean", BuildDate:"2021-09-13T14:20:15Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}

Using EKS (yes/no), if so version?


eks

Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.4", GitCommit:"e87da0bd6e03ec3fea7933c4b5263d151aafd07c", GitTreeState:"clean", BuildDate:"2021-02-18T16:12:00Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.2-eks-06eac09", GitCommit:"5f6d83fe4cb7febb5f4f4e39b3b2b64ebbbe3e97", GitTreeState:"clean", BuildDate:"2021-09-13T14:20:15Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}

eksctl version   
0.67.0

Additional Context:

china cn-northwest-1

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 17

Most upvoted comments

I have a shell script that runs after the cluster is set up.

kubectl apply \
  --validate=false \
  -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml

kubectl wait \
  --request-timeout=300s \
  -n cert-manager \
  --for=condition=Available deployment/cert-manager-webhook 

#.. then prep https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.3.0/v2_3_0_full.yaml with cluster name and apply that

BKnights on Nov 29, 2021

I am installing using YAML, facing same issue! Even after waiting for some time after applying cert manager I get the error while applying controller YAML

Error from server (InternalError): error when creating "./config/alb_prepped.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": no endpoints available for service "cert-manager-webhook"
Error from server (InternalError): error when creating "./config/alb_prepped.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": no endpoints available for service "cert-manager-webhook"

The aws controller is stuck in ContainerCreating state when I describe pod

  Warning  FailedMount  6m33s                 kubelet, ip-10-20-2-158.us-west-1.compute.internal  Unable to attach or mount volumes: unmounted volumes=[cert], unattached volumes=[aws-iam-token cert aws-load-balancer-controller-token-pl2kp]: timed out waiting for the condition
  Warning  FailedMount  2m2s (x2 over 4m19s)  kubelet, ip-10-20-2-158.us-west-1.compute.internal  Unable to attach or mount volumes: unmounted volumes=[cert], unattached volumes=[cert aws-load-balancer-controller-token-pl2kp aws-iam-token]: timed out waiting for the condition
  Warning  FailedMount  22s (x12 over 8m36s)  kubelet, ip-10-20-2-158.us-west-1.compute.internal  MountVolume.SetUp failed for volume "cert" : secret "aws-load-balancer-webhook-tls" not found

Any solution?

arundathi-nirmata on Nov 29, 2021

@arundathi-nirmata, can you ensure that the cert-manager is installed and running first before applying the lb controller manifests?

kishorj on Dec 1, 2021