rancher: unable to recognize "": no matches for kind "Issuer" in version "certmanager.k8s.io/v1alpha1"

What kind of request is this (question/bug/enhancement/feature request): Bug

Steps to reproduce (least amount of steps as possible): We have cert-manager 0.12 deployed via helm. Upgrading rancher from 2.3.5 to 2.3.6:

helm upgrade rancher rancher-stable/rancher   --namespace cattle-system   --set ingress.tls.source=secret   --set hostname=rancher.example.com

fails with: Result:

UPGRADE FAILED
ROLLING BACK
Error: failed decoding reader into objects: unable to recognize "": no matches for kind "Issuer" in version "certmanager.k8s.io/v1alpha1"
Error: UPGRADE FAILED: failed decoding reader into objects: unable to recognize "": no matches for kind "Issuer" in version "certmanager.k8s.io/v1alpha1"

helm list
NAME        	REVISION	UPDATED                 	STATUS  	CHART               	APP VERSION	NAMESPACE
cert-manager	1       	Fri Apr 17 09:43:06 2020	DEPLOYED	cert-manager-v0.12.0	v0.12.0    	cert-manager
rancher     	13      	Fri Apr 17 11:11:15 2020	FAILED  	rancher-2.3.6       	v2.3.6     	cattle-system

Other details that may be helpful:

kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml

kubectl get clusterissuers.cert-manager.io
NAME               READY   AGE
letsencrypt-prod   True    31d

kubectl get issuers.cert-manager.io -A
NAMESPACE       NAME                            READY   AGE
cattle-system   rancher                         True    31d
cert-manager    cert-manager-webhook-ca         True    31d
cert-manager    cert-manager-webhook-selfsign   True    31d

*name redacted

kubectl get certificate -
NAMESPACE       NAME                                   READY   SECRET                                 AGE
cattle-system   rancher.example.com                      True    tls-rancher-ingress                    31d
cattle-system   tls-rancher-ingress                    False   tls-rancher-ingress                    60m
cert-manager    cert-manager-webhook-ca                True    cert-manager-webhook-ca                31d
cert-manager    cert-manager-webhook-webhook-tls       True    cert-manager-webhook-webhook-tls       31d

Environment information

  • Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI):
  • Installation option (single install/HA): HA

Cluster information

  • Cluster type (Hosted/Infrastructure Provider/Custom/Imported): Imported
  • Machine type (cloud/VM/metal) and specifications (CPU/memory): VM
  • Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:02:58Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
  • Docker version (use docker version):
Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b
 Built:             Wed Mar 11 01:27:04 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b
  Built:            Wed Mar 11 01:25:42 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683
  • cert-manager version:
NAME        	REVISION	UPDATED                 	STATUS  	CHART               	APP VERSION	NAMESPACE
cert-manager	1       	Fri Apr 17 09:43:06 2020	DEPLOYED	cert-manager-v0.12.0	v0.12.0    	cert-manager

Any hints how to fix this? Thanks

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 24 (7 by maintainers)

Most upvoted comments

Rancher helm chart doesn’t work properly with cert-manager v0.16.0+ due to api version update. Support to it will be provided with PR #29017

+3
rawmind0 on Sep 21, 2020

to be clear no version works, not even 0.12 anymore…

+1
wzrdtales on Oct 3, 2020

Thanks Rancher folks for making a very useful project! I can confirm that this issue occurs when installing Rancher from scratch, and using the latest cert-manager. Which I acknowledge is not a supported configuration (I think).

I have a completely “clean” Kubernetes cluster brought up with rke no rancher installed.

kubectl --kubeconfig ./kube_config_cluster.yml get pods --all-namespaces
NAMESPACE       NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx   default-http-backend-5bcc9fd598-dbm4w       1/1     Running     0          21h
ingress-nginx   nginx-ingress-controller-9sc9k              1/1     Running     0          21h
ingress-nginx   nginx-ingress-controller-fr2xr              1/1     Running     0          21h
ingress-nginx   nginx-ingress-controller-r8qjl              1/1     Running     0          21h
kube-system     coredns-799dffd9c4-4qzsf                    1/1     Running     0          21h
kube-system     coredns-autoscaler-84766fbb4-9xvhp          1/1     Running     0          21h
kube-system     kube-flannel-7glvw                          2/2     Running     0          21h
kube-system     kube-flannel-rndpk                          2/2     Running     0          21h
kube-system     kube-flannel-t4jss                          2/2     Running     0          21h
kube-system     metrics-server-59c6fd6767-4qvs9             1/1     Running     0          21h
kube-system     rke-coredns-addon-deploy-job-89gbk          0/1     Completed   0          21h
kube-system     rke-ingress-controller-deploy-job-5q4ds     0/1     Completed   0          21h
kube-system     rke-metrics-addon-deploy-job-j6scd          0/1     Completed   0          21h
kube-system     rke-user-includes-addons-deploy-job-5wrzs   0/1     Completed   0          21h

Following the instructions given here: https://rancher.com/docs/rancher/v2.x/en/installation/k8s-install/helm-rancher/

helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
"rancher-latest" has been added to your repositories

Followed by:

kubectl --kubeconfig ./kube_config_cluster.yml create namespace cattle-system
namespace/cattle-system created

Then install the cert-manager CRDs:

kubectl --kubeconfig ./kube_config_cluster.yml apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.0/cert-manager-legacy.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created

Now install cert-manager namespace:

kubectl --kubeconfig ./kube_config_cluster.yml create namespace cert-manager
namespace/cert-manager created

Now use helm to install cert-manager (version 1.0.0):

helm repo add jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "rancher-latest" chart repository
Update Complete. ⎈ Happy Helming!⎈
$ helm --kubeconfig ./kube_config_cluster.yml install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.0.0
NAME: cert-manager
LAST DEPLOYED: Wed Sep  2 12:45:22 2020
...
...
cert-manager has been deployed successfully!

Wait for cert-manager to finish coming up:

kubectl --kubeconfig ./kube_config_cluster.yml get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-7689f6664-rj9x4               1/1     Running   0          2m19s
cert-manager-cainjector-84d896cfbc-qnxl6   1/1     Running   0          2m19s
cert-manager-webhook-6566df9594-nl4fw      1/1     Running   0          2m19s

Now install Rancher via helm:

helm --kubeconfig ./kube_config_cluster.yml install rancher rancher-latest/rancher --namespace cattle-system --set hostname=192.168.57.100.xip.io
Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Issuer" in version "certmanager.k8s.io/v1alpha1"

I understand that Rancher 2.4.6 doesn’t support cert-manager > 0.16.0. If you please, when might such support be slated to occur?

Thanks again!

+1
rajha-korithrien on Sep 2, 2020

I’ve re-installed the rancher chart. That seems to do the trick.

+1
chuegel on May 8, 2020
Read more comments on GitHub
← rancher: Unable to provision K8s 1.19 cluster with firewalld enabled when using Calico, Canal, or Flannel
rancher: Unable to run rancher host/agent on same machine that rancher/server container on →