Cannot create ClusterIssuer - kubernetes on premise

General Discussions
1

Hi all,

Cluster information:

Kubernetes version: v1.26.2
Cloud being used: bare-metal
Installation method: kubeadm init --v=5 --control-plane-endpoint k8s.mydomain.com:6443 --cri-socket unix:///var/run/crio/crio.sock
Host OS: Ubuntu latest
CNI and version: Calio latest
CRI and version: 1.26.1

I installed MetalLB successfully , ip address pool 192.168.7.190-192.168.7.195
I installed ingress-nginx successfully

kubectl get all -n ingress-nginx1
NAME                                             READY   STATUS    RESTARTS   AGE
pod/ingress-nginx1-controller-6475c75984-r9mmq   1/1     Running   0          94m

NAME                                          TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
service/ingress-nginx1-controller             LoadBalancer   10.96.183.103   192.168.7.190   80:30236/TCP,443:31661/TCP   94m
service/ingress-nginx1-controller-admission   ClusterIP      10.96.208.246   <none>          443/TCP                      94m

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx1-controller   1/1     1            1           94m

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx1-controller-6475c75984   1         1         1       94m

I installed cert-manager v1.11.0 successfully

kubectl get all -n cert-manager
NAME                                          READY   STATUS    RESTARTS   AGE
pod/cert-manager-6ffb79dfdb-khh5c             1/1     Running   0          52m
pod/cert-manager-cainjector-5fcd49c96-fh9tj   1/1     Running   0          52m
pod/cert-manager-webhook-796ff7697b-9gp2d     1/1     Running   0          52m

NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/cert-manager           ClusterIP   10.103.151.168   <none>        9402/TCP   52m
service/cert-manager-webhook   ClusterIP   10.105.7.106     <none>        443/TCP    52m

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/cert-manager              1/1     1            1           52m
deployment.apps/cert-manager-cainjector   1/1     1            1           52m
deployment.apps/cert-manager-webhook      1/1     1            1           52m

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/cert-manager-6ffb79dfdb             1         1         1       52m
replicaset.apps/cert-manager-cainjector-5fcd49c96   1         1         1       52m
replicaset.apps/cert-manager-webhook-796ff7697b     1         1         1       52m

I tried to install a ClusterIssuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
  namespace: cert-manager
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: myemail@mydomain.com
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
    - http01:
        ingress:
          class: nginx

and get error

kubectl apply -f issuer-letsencrypt-production.yaml
Error from server (InternalError): error when creating "issuer-letsencrypt-production.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": dial tcp 10.105.7.106:443: connect: no route to host

How can I fix it ? Please give me some advice, thank you very much.

2

I reinstalled cluster with docker CRI docker and Mirantis cri-dockerd as shim , CNI Flannel and it works now.