Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting the warning message "Admission webhooks are not activated. Enable it by configuring --enable-admission-plugins flag of kube-apiserver. For details, visit: https://appsco.de/kube-apiserver-webhooks." #1560

Open
davidmkrtchian opened this issue Mar 4, 2024 · 5 comments
Open

Getting the warning message "Admission webhooks are not activated. Enable it by configuring --enable-admission-plugins flag of kube-apiserver. For details, visit: https://appsco.de/kube-apiserver-webhooks." #1560

davidmkrtchian opened this issue Mar 4, 2024 · 5 comments

Comments

@davidmkrtchian
Copy link

After Deploying the Stash using the Helm chart with this configuration

 repository           = "https://charts.appscode.com/stable/"
  chart                = "stash"
  chart_version        = "2024.2.13"
  release_name         = local.release_name
  create_namespace     = true
  kubernetes_namespace = local.kubernetes_namespace
  values               = <<EOF
    global:
        licenseSecretName: cert-secret
    features:    
        enterprise: true
EOF
}

I am getting that warning message in my deployment and here is the logs for that

I0304 09:37:29.691771       1 run.go:38] Starting operator version v0.33.0+056fe40eafe5ef46d61ff1fba276dc925a37d226 ...
I0304 09:37:29.701328       1 dynamic_serving_content.go:113] "Loaded a new cert/key pair" name="serving-cert::/var/serving-cert/tls.crt::/var/serving-cert/tls.key"
I0304 09:37:29.950266       1 requestheader_controller.go:244] Loaded a new request header values for RequestHeaderAuthRequestController
I0304 09:37:29.952791       1 audit.go:293] No audit policy file provided, no events will be recorded for log backend
I0304 09:37:30.082234       1 request.go:629] Waited for 58.128766ms due to client-side throttling, not priority and fairness, request: GET:https://172.31.0.1:443/apis/apiextensions.k8s.io/v1
I0304 09:37:30.092282       1 request.go:629] Waited for 68.217751ms due to client-side throttling, not priority and fairness, request: GET:https://172.31.0.1:443/apis/scheduling.k8s.io/v1
I0304 09:37:30.101848       1 request.go:629] Waited for 77.756024ms due to client-side throttling, not priority and fairness, request: GET:https://172.31.0.1:443/apis/templates.gatekeeper.sh/v1alpha1
I0304 09:37:30.111800       1 request.go:629] Waited for 87.699082ms due to client-side throttling, not priority and fairness, request: GET:https://172.31.0.1:443/apis/coordination.k8s.io/v1
I0304 09:37:30.122503       1 request.go:629] Waited for 98.367438ms due to client-side throttling, not priority and fairness, request: GET:https://172.31.0.1:443/apis/cert-manager.io/v1
I0304 09:37:30.131952       1 request.go:629] Waited for 107.80701ms due to client-side throttling, not priority and fairness, request: GET:https://172.31.0.1:443/apis/node.k8s.io/v1
I0304 09:37:30.142281       1 request.go:629] Waited for 118.176558ms due to client-side throttling, not priority and fairness, request: GET:https://172.31.0.1:443/apis/node.k8s.io/v1beta1

The problem is that I have enabled the Mutating and Validating Webhooks with
enable-admission-plugin=ValidatingAdmissionWebhook,MutatingAdmissionWebhook

$kubectl get mutatingwebhookconfigurations,validatingwebhookconfigurations | grep stash
  mutatingwebhookconfiguration.admissionregistration.k8s.io/admission.stash.appscode.com            5          32m
  validatingwebhookconfiguration.admissionregistration.k8s.io/admission.stash.appscode.com               8          32m

Using the last version of Helm chart
The Kubernetes version is 1.22

If you could provide assistance in resolving this problem, I would greatly appreciate it.
@tamalsaha
Copy link
Member

Do you have admission webhook feature enabled in your k8s cluster? This error message says that is not enabled.

@davidmkrtchian
Copy link
Author

Do you have admission webhook feature enabled in your k8s cluster? This error message says that is not enabled.

Thanks for your reply.
Yes it is enabled.Also I shared with you the another command output where you can see that the Webhooks are enabled in my K8s cluster.

~ $ kubectl api-resources | grep admissionregistration.k8s.io
mutatingwebhookconfigurations                                                                                      admissionregistration.k8s.io/v1            false        MutatingWebhookConfiguration
validatingwebhookconfigurations                                                                                    admissionregistration.k8s.io/v1            false        ValidatingWebhookConfiguration

@tamalsaha
Copy link
Member

Can you try to reinstall the stash helm chart with these extra flags?

  --set stash-community.bypassValidatingWebhookXray=true \
  --set stash-enterprise.bypassValidatingWebhookXray=true \

@davidmkrtchian
Copy link
Author

davidmkrtchian commented Mar 5, 2024 via email

@tamalsaha
Copy link
Member

To debug this further, we need to get on a zoom/meet call and see what the issue is. Let me know if that is something you are interested in. If yes, suggest what is a good time for you. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tamalsaha @davidmkrtchian