cockroachdb gcp kubernetes error failed to get certificate

Question

While following https://www.cockroachlabs.com/docs/v2.0/orchestrate-cockroachdb-with-kubernetes.html

I received an error:

textPayload: "2021/07/29 02:32:01 failed to get certificate: 
CertificateSigningRequest.Create(default.node.cockroachdb-1) failed: 
admission webhook "validation.gatekeeper.sh" denied the request: 
[denied by autogke-csr-limitation] CSR <default.node.cockroachdb-1> disallowed in Autopilot."
timestamp: "2021-07-29T02:32:01.917027952Z"

score 1 · Answer 1 · answered Jul 29 '21 at 03:16

1

You are getting this error because it looks like you deployed a GKE Autopilot cluster instead of standard (based off cockroachdb's doc).

From the documentation:

Autopilot enforces settings that provide enhanced isolation for your containers. Kubernetes PodSecurityPolicy , OPA Gatekeeper , and Policy Controller are not supported on Autopilot clusters.

Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview

answered Jul 29 '21 at 03:16

CaioT

1,973
1
11
20

You can add a link toe the documentation that is quoted. – A.L Jul 29 '21 at 10:35

cockroachdb gcp kubernetes error failed to get certificate

1 Answers1