Hi,
I am trying to edit permissions of a user from the Rancher UI, but keep getting the error
Internal error occurred: failed calling webhook "rancherauth.cattle.io": Post "https://rancher-webhook.cattle-system.svc:443/v1/webhook/validation?timeout=10s": x509: certificate has expired or is not yet valid: current time 2023-01-02T11:17:08Z is after 2022-05-26T02:13:59Z Save
How do I fix this? Other services are working fine. User are able to log in and make changes to the clusters.
It’s failing due to an expired certificate. I’d advise to check the expiry of the certificates on your rancher cluster.
Depending on the version of Rancher you are running, for the cattle-webhook certificates, you can follow this guide:
Thanks for sharing the link @mikeh89 The guide is suggesting to run some delete commands
kubectl delete secret -n cattle-system cattle-webhook-tls
kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io --ignore-not-found=true rancher.cattle.io
kubectl delete pod -n cattle-system -l app=rancher-webhook
Just doing this will be enough or is there a further step that I need to take to create the deleted resources? And what impact will this step have? I am a bit afraid of running any delete commands as I don’t want to risk production going down.
No problem.
I’d recommend to run these commands first on a test environment.
My understanding of how this works is that the rancher-webhook container checks for the presence of both the mutatingwebhookconfiguration and the secret. When these are not present, the container will create both the new secret and mutatingwebhookconfiguration
There should also be a replicaSet to ensure that the rancher-webhook container is recreated after deletion.