Getting issues when installing Rancher HA on Kubernetes with Cert-Manager

Hi there,

I have been following along with the guide here: https://rancher.com/docs/rancher/v2.x/en/installation/k8s-install/helm-rancher/ and choose Cert-Manager as my SSL configuration. However, I got an issue as below:

helm install rancher rancher-stable/rancher   --namespace cattle-system   --s
et hostname=example.com
Error: Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post https://cert-manager-webhook
.cert-manager.svc:443/mutate?timeout=30s: dial tcp 10.43.189.166:443: i/o timeout

Even the cert-manager was installed successfully:

kubectl get pods --namespace cert-manager
NAME                                      READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-85fbdf788-zxr4p   1/1     Running   0          23m
cert-manager-754d9b75d9-25k28             1/1     Running   0          23m
cert-manager-webhook-76f9b64b45-r8lwg     1/1     Running   0          23m

Please advise!

Thanks

Sang

Hi! I have the same issue trying the stable and latest version of Rancher, have you found how to install it?

I had the exact same issue and fixed it somehow. Unfortunately, I don’t remember what exactly fixed it, because the installation did and still does output so many errors that I partially fixed already, that it is really hard to keep track of every fix, even though I’ve been documenting my changes pretty detailed.

Here is what I think was the solution:

  1. Wipe all previous versions of cert-manager. This step is absolutely crucial – DON’T SKIP IT!
  2. Ignore the cert-manager installation part in the official Rancher documentation. It sucks and is partially wrong. Use the actual cert-manager documentation, which is correct, up-to-date and actually works. Follow every step in the order you see and don’t skip a step. Do everything as described, precisely in the same way as described.
  3. When you arrive at the " Verifying the installation" section, then wait 5 minutes for the cert-manager to finish setting up.

The first step is pretty much the most important one. You have to clean up ALL previous versions or they will block any newer version.

1 Like

Any update on this topic ? I’m getting same issue when setting up HA RKE cluster.

Did you try my workaround?

If yes, how was it? What exactly did not work?

Hi, first of all thanks for showing your workaround. I’ve tried your method, but it was same output, same error. I’ve waited even more than 5 minutes, deleted and created many times cattle-system and cert-manager workspaces, but still same error.

I know I’m very late in the game, but I hope the solution I found will eventually help others facing the same issue.

I simply passed the --cni=calico to the ExecStart of the rke2-server.service to solve this issue.