Getting issues when installing Rancher HA on Kubernetes with Cert-Manager

Rancher 2.x
1

Hi there,

I have been following along with the guide here: https://rancher.com/docs/rancher/v2.x/en/installation/k8s-install/helm-rancher/ and choose Cert-Manager as my SSL configuration. However, I got an issue as below:

helm install rancher rancher-stable/rancher   --namespace cattle-system   --s
et hostname=example.com
Error: Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post https://cert-manager-webhook
.cert-manager.svc:443/mutate?timeout=30s: dial tcp 10.43.189.166:443: i/o timeout

Even the cert-manager was installed successfully:

kubectl get pods --namespace cert-manager
NAME                                      READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-85fbdf788-zxr4p   1/1     Running   0          23m
cert-manager-754d9b75d9-25k28             1/1     Running   0          23m
cert-manager-webhook-76f9b64b45-r8lwg     1/1     Running   0          23m

Please advise!

Thanks

Sang

2

Hi! I have the same issue trying the stable and latest version of Rancher, have you found how to install it?

3

I had the exact same issue and fixed it somehow. Unfortunately, I don’t remember what exactly fixed it, because the installation did and still does output so many errors that I partially fixed already, that it is really hard to keep track of every fix, even though I’ve been documenting my changes pretty detailed.

Here is what I think was the solution:

  1. Wipe all previous versions of cert-manager. This step is absolutely crucial – DON’T SKIP IT!
  2. Ignore the cert-manager installation part in the official Rancher documentation. It sucks and is partially wrong. Use the actual cert-manager documentation, which is correct, up-to-date and actually works. Follow every step in the order you see and don’t skip a step. Do everything as described, precisely in the same way as described.
  3. When you arrive at the " Verifying the installation" section, then wait 5 minutes for the cert-manager to finish setting up.

The first step is pretty much the most important one. You have to clean up ALL previous versions or they will block any newer version.

1 Like
4

Any update on this topic ? I’m getting same issue when setting up HA RKE cluster.

5

Did you try my workaround?

If yes, how was it? What exactly did not work?

6

Hi, first of all thanks for showing your workaround. I’ve tried your method, but it was same output, same error. I’ve waited even more than 5 minutes, deleted and created many times cattle-system and cert-manager workspaces, but still same error.

7

I know I’m very late in the game, but I hope the solution I found will eventually help others facing the same issue.

I simply passed the --cni=calico to the ExecStart of the rke2-server.service to solve this issue.