No rancher-webhook pod present (Rancher 2.5.5)

I have started seeing errors that prevents me to create new and manage existing users. The server is fully functioning and working fine for all existing users.

The error in question is:

Internal error occurred: failed calling webhook “rancherauth.cattle.io”: Post https://rancher-webhook.cattle-system.svc:443/v1/webhook/validation?timeout=10s: x509: certificate has expired or is not yet valid

I have read a bit about it and it seems that is caused by the need for rotating the secrets.
I’ve followed the solution on the official docs about expired webhooks certificates, but to my dismay on the last line where I should:

kubectl delete pod -n cattle-system -l app=rancher-webhook

I’ve realized this pod doesn’t even exist for me. Which tbh explains a lot.

My question is: can I manually start it? Is there a YAML file for it somewhere? I cannot do a fresh install of the server since it is being actively used…

I appreciate any help possible

1 Like

Any update on this?
We are facing same issue

Go to racnher pod
run below commands:

k3s kubectl delete secret -n cattle-system cattle-webhook-tls
k3s kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io --ignore-not-found=true rancher.cattle.io
k3s kubectl delete pod -n cattle-system -l app=rancher-webhook

Hello,

I have the same problem as @Flavsditz.

The certificate was expired, so I have try to follow official documentation (Rancher Docs: Rotation of Expired Webhook Certificates), but ressources (secret cattle-webhook-tls and pod rancher-webhook) doesn’t exist on my cluster.

So I have check and there is no deployment for Rancher-webhook :cry: So my question is the same, can I install it manually ?

Versions :

  • Kube : 1.20
  • Rancher : 2.5.8

I found my mistake :slight_smile:

I wasn’t in the Rancher managment cluster.

So remember if you found this topics : make sure you are using the right cluster