FailedMount. MountVolume.SetUp failed for volume "cert"

Good day community,

Hope someone could help me to resolve the issue that I’ve faced :blush:

I have created a K3S cluster using Rancher and on top of it installed cert-manager (it’s a requirement for actions-runner-controller).
Then, as the second step I installed actions-runner-controller using Helm in the namespace ‘actions-runner-system’.

However, I see that pod is stuck:

$ k --kubeconfig .kube\config.yaml get pods -n actions-runner-system

NAME                                         READY   STATUS              RESTARTS   AGE
actions-runner-controller-5b8c8c8c8d-8cp9p   0/2     ContainerCreating   0          14m

I checked that pod:

$ k --kubeconfig .kube\config.yaml describe pod actions-runner-controller-5455b9f4d6-2nvbt -n actions-runner-system

Name:             actions-runner-controller-5455b9f4d6-2nvbt
Namespace:        actions-runner-system
Priority:         0
Service Account:  actions-runner-controller
Node:             host1.saitama.net/10.158.146.19
Start Time:       Wed, 15 Mar 2023 13:24:35 +0100
Labels:           app.kubernetes.io/instance=actions-runner-controller
                  app.kubernetes.io/name=actions-runner-controller
                  pod-template-hash=5455b9f4d6
Annotations:      cattle.io/timestamp: 2023-03-15T12:24:35Z
Status:           Pending
IP:
IPs:              <none>
Controlled By:    ReplicaSet/actions-runner-controller-5455b9f4d6
Containers:
  manager:
    Container ID:
    Image:         summerwind/actions-runner-controller:v0.27.0
    Image ID:
    Port:          9443/TCP
    Host Port:     0/TCP
    Command:
      /manager
    Args:
      --metrics-addr=127.0.0.1:8080
      --enable-leader-election
      --port=9443
      --sync-period=1m
      --default-scale-down-delay=10m
      --docker-image=docker:dind
      --runner-image=summerwind/actions-runner:latest
      --log-format=text
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:
      GITHUB_TOKEN:                <set to the key 'github_token' in secret 'controller-manager'>                Optional: true
      GITHUB_APP_ID:               <set to the key 'github_app_id' in secret 'controller-manager'>               Optional: true
      GITHUB_APP_INSTALLATION_ID:  <set to the key 'github_app_installation_id' in secret 'controller-manager'>  Optional: true
      GITHUB_APP_PRIVATE_KEY:      <set to the key 'github_app_private_key' in secret 'controller-manager'>      Optional: true
      GITHUB_BASICAUTH_PASSWORD:   <set to the key 'github_basicauth_password' in secret 'controller-manager'>   Optional: true
    Mounts:
      /etc/actions-runner-controller from secret (ro)
      /tmp from tmp (rw)
      /tmp/k8s-webhook-server/serving-certs from cert (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qdk54 (ro)
  kube-rbac-proxy:
    Container ID:
    Image:         quay.io/brancz/kube-rbac-proxy:v0.13.1
    Image ID:
    Port:          8443/TCP
    Host Port:     0/TCP
    Args:
      --secure-listen-address=0.0.0.0:8443
      --upstream=http://127.0.0.1:8080/
      --logtostderr=true
      --v=10
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qdk54 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  secret:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  controller-manager
    Optional:    false
  cert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  actions-runner-controller-serving-cert
    Optional:    false
  tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  kube-api-access-qdk54:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    3m24s                default-scheduler  Successfully assigned actions-runner-system/actions-runner-controller-5455b9f4d6-2nvbt to host1.saitama.net
  Warning  FailedMount  81s                  kubelet            Unable to attach or mount volumes: unmounted volumes=[cert], unattached volumes=[secret tmp cert kube-api-access-qdk54]: timed out waiting for the condition
  Warning  FailedMount  76s (x9 over 3m24s)  kubelet            MountVolume.SetUp failed for volume "cert" : secret "actions-runner-controller-serving-cert" not found

There are some Warning messages, but I can’t get what’s wrong. Is this issue related to the ‘cert-manager’ or it’s a problem with the ‘actions-runner-controller’ itself? Or maybe there is some issue in the K3S (checked its status: active(running))?

I have tested everything in minikube on my local pc and there everything works fine. However, it’s worth mentioning that the K3S cluster is running in an isolated environment, but probably that shouldn’t be the case.

Cluster information:

Kubernetes version: v1.24.7+k3s1
Installation method: Rancher
Host OS: RHEL8


$ helm --kubeconfig .kube\config.yaml list -n actions-runner-system

NAME                            NAMESPACE               REVISION        UPDATED                                 STATUS  CHART                                   APP VERSION
actions-runner-controller       actions-runner-system   1               2023-03-15 10:28:11.3575084 +0100 CET   failed  actions-runner-controller-0.22.0        0.27.0

Thanks in advance,