Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to call webhook after attempt at creating new infinispan resource #2107

Open
mike-pt opened this issue Jun 6, 2024 · 6 comments
Open

Comments

@mike-pt
Copy link

mike-pt commented Jun 6, 2024

My gol is to deploy keyloak and infinispan with HA but I'm just starting with a simple resource

apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
  name: alpha-infinispan
  namespace: infinispan
spec:
  replicas: 3
  security:
    endpointAuthentication: false
  container:
    memory: 512Mi

I'm getting

ERROR   Reconciler error        {"controller": "infinispan", "controllerGroup": "infinispan.org", "controllerKind": "Infinispan", "infinispan": {"name":"alpha-infinispan","namespace":"infinispan"}, "namespace": "infinispan", "name": "alpha-infinispan", "reconcileID": "5fc84196-9573-436b-99c5-c4e4481f5031", "error": "Internal error occurred: failed calling webhook \"minfinispan.kb.io\": failed to call webhook: Post \"https://infinispan-operator-controller-manager-service.infinispan.svc:443/mutate-infinispan-org-v1-infinispan?timeout=10s\": context deadline exceeded"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.3/pkg/internal/controller/controller.go:273
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2

My guess is its because this is ofc a self signed cert, I see the service is in face running and when I wget from another pod's shell I can confirm it:

wget "https://infinispan-operator-controller-manager-service.infinispan.svc:443/mutate-infinispan-org-v1-infinispan?timeout=10s"
--2024-06-06 13:00:38--  https://infinispan-operator-controller-manager-service.infinispan.svc/mutate-infinispan-org-v1-infinispan?timeout=10s
Resolving infinispan-operator-controller-manager-service.infinispan.svc (infinispan-operator-controller-manager-service.infinispan.svc)... 10.236.6.190
Connecting to infinispan-operator-controller-manager-service.infinispan.svc (infinispan-operator-controller-manager-service.infinispan.svc)|10.236.6.190|:443... connected.
ERROR: The certificate of ‘infinispan-operator-controller-manager-service.infinispan.svc’ is not trusted.
ERROR: The certificate of ‘infinispan-operator-controller-manager-service.infinispan.svc’ doesn't have a known issuer.

Is there any pre-requisite to get this working? like cert-manager? or can I somehow have the operator use http not https? this is all local anyway so http would be fine.

@ryanemerson
Copy link
Contributor

@mike-pt How are you deploying the Operator?

In order for the webhooks to work as expected, the simplest solution is to install OLM and that will handle all the configuration for you:

  1. Install via OLM: https://operatorhub.io/how-to-install-an-operator
  2. Create an Infinispan Operator subscription: https://infinispan.org/docs/infinispan-operator/main/operator.html#install-operatorhub_install

@mike-pt
Copy link
Author

mike-pt commented Jun 10, 2024

I'm deploying exactly as you said, I belive the issue is that the service for the web hook uses https and the cert is self signed?

@mike-pt
Copy link
Author

mike-pt commented Jun 10, 2024

I'm deploying exactly as you said, and I use krew plug-in for operator install, I belive the issue is that the service for the web hook uses https and the cert is self signed?

@ryanemerson
Copy link
Contributor

I'm deploying exactly as you said, I belive the issue is that the service for the web hook uses https and the cert is self signed?

OLM should correctly handle the wiring of this so it's a non-issue.

Can you share the output of your Infinispan Subscription, InstallPlan and CSV?

@mike-pt
Copy link
Author

mike-pt commented Jun 13, 2024

kubectl get csv -n infinispan infinispan-operator.v2.4.2
NAME                         DISPLAY               VERSION   REPLACES                     PHASE
infinispan-operator.v2.4.2   Infinispan Operator   2.4.2     infinispan-operator.v2.4.1   Succeeded

infinispan-csv.yaml.txt

kubectl get subscription -n infinispan infinispan
NAME         PACKAGE      SOURCE                  CHANNEL
infinispan   infinispan   operatorhubio-catalog   stable

infinispan-sub.yaml.txt

kubectl get services -n infinispan 
NAME                                             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
infinispan-operator-controller-manager-service   ClusterIP   10.236.6.190   <none>        443/TCP   7d

cat infinispan-cluster.yaml

apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
  name: alpha-infinispan
  namespace: infinispan
spec:
  replicas: 3
  security:
    endpointAuthentication: false
  container:
    memory: 512Mi
kubectl apply -f infinispan-cluster.yaml
Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "minfinispan.kb.io": failed to call webhook: Post "https://infinispan-operator-controller-manager-service.infinispan.svc:443/mutate-infinispan-org-v1-infinispan?timeout=10s": context deadline exceeded

@ryanemerson
Copy link
Contributor

@mike-pt What Kubernetes environment are you deploying to?

Can you paste the output of:

kubectl -n infinispan get deployment/infinispan-operator-controller-manager -o yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants