Installing rancher form docs

Rancher 2.x
1

While installing rancher from docs I encounter this issue, I noticed that ingress-nginx pods aren’t running.

 helm install rancher rancher-stable/rancher \
>   --namespace cattle-system \
>   --set hostname=rancher.my.org \
>   --set replicas=3
Error: INSTALLATION FAILED: Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1beta1/ingresses?timeout=10s": dial tcp 10.43.197.58:443: connect: connection refused

kubectl get pods -n ingress-nginx
NAME                             READY   STATUS              RESTARTS   AGE
nginx-ingress-controller-sbmw9   0/1     ContainerCreating   0          15m
nginx-ingress-controller-vrgsf   0/1     ContainerCreating   0          15m

  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    11m                  default-scheduler  Successfully assigned ingress-nginx/nginx-ingress-controller-sbmw9 to xxxxxxxxx
  Warning  FailedMount  78s (x13 over 11m)   kubelet            MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
  Warning  FailedMount  21s (x5 over 9m31s)  kubelet            Unable to attach or mount volumes: unmounted volumes=[webhook-cert], unattached volumes=[webhook-cert kube-api-access-8ffmz]: timed out waiting for the condition

kubectl describe pods -n ingress-nginx
Name:           nginx-ingress-controller-sbmw9
Namespace:      ingress-nginx
Priority:       0
Node:           xxxxxxxx/xxxxxxxxx
Start Time:     Wed, 13 Oct 2021 08:13:54 +0000
Labels:         app=ingress-nginx
                app.kubernetes.io/component=controller
                app.kubernetes.io/instance=ingress-nginx
                app.kubernetes.io/name=ingress-nginx
                app.kubernetes.io/version=0.48.1
                controller-revision-hash=777f49798f
                pod-template-generation=1
Annotations:    <none>
Status:         Pending
IP:
IPs:            <none>
Controlled By:  DaemonSet/nginx-ingress-controller
Containers:
  nginx-ingress-controller:
    Container ID:
    Image:         rancher/nginx-ingress-controller:nginx-0.48.1-rancher1
    Image ID:
    Ports:         8443/TCP, 80/TCP, 443/TCP
    Host Ports:    0/TCP, 80/TCP, 443/TCP
    Args:
      /nginx-ingress-controller
      --election-id=ingress-controller-leader
      --ingress-class=nginx
      --configmap=$(POD_NAMESPACE)/nginx-configuration
      --validating-webhook=:8443
      --validating-webhook-certificate=/usr/local/certificates/cert
      --validating-webhook-key=/usr/local/certificates/key
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5
    Readiness:      http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
    Environment:
      POD_NAME:       nginx-ingress-controller-sbmw9 (v1:metadata.name)
      POD_NAMESPACE:  ingress-nginx (v1:metadata.namespace)
      LD_PRELOAD:     /usr/local/lib/libmimalloc.so
    Mounts:
      /usr/local/certificates/ from webhook-cert (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-8ffmz (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  webhook-cert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  ingress-nginx-admission
    Optional:    false
  kube-api-access-8ffmz:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 :NoExecute op=Exists
                             :NoSchedule op=Exists
                             node.kubernetes.io/disk-pressure:NoSchedule op=Exists
                             node.kubernetes.io/memory-pressure:NoSchedule op=Exists
                             node.kubernetes.io/not-ready:NoExecute op=Exists
                             node.kubernetes.io/pid-pressure:NoSchedule op=Exists
                             node.kubernetes.io/unreachable:NoExecute op=Exists
                             node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    11m                  default-scheduler  Successfully assigned ingress-nginx/nginx-ingress-controller-sbmw9 to xxxxxxxxx
  Warning  FailedMount  78s (x13 over 11m)   kubelet            MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
  Warning  FailedMount  21s (x5 over 9m31s)  kubelet            Unable to attach or mount volumes: unmounted volumes=[webhook-cert], unattached volumes=[webhook-cert kube-api-access-8ffmz]: timed out waiting for the condition
2

Facing the same. Could you fix the problem?

3

Did you verify cert-manager is healthy and that all the install steps and troubleshooting related to it are fine? Just my first guess with certificate problems.