I am running EKS cluster in the AWS. The version is 1.25. Today I start to get this message:
Internal error occurred: failed calling webhook "vingress.elbv2.k8s.aws": failed to call webhook: Post "https://aws-load-balancer-webhook-service.kube-system.svc:443/validate-networking-v1-ingress?timeout=10s": x509: certificate signed by unknown authority
How I can fix that?
Below trouble shotting steps will help you to resolve your issue:
1.As per this git issue enabling Port 9443 / TCP in the security group of worker nodes that is attached to the EC2 instances will resolve your issue. You can do it in either web via security group in ec2 instance or by adding below terraform code:
node_security_group_additional_rules = {
ingress_allow_access_from_control_plane = {
type = "ingress"
protocol = "tcp"
from_port = 9443
to_port = 9443
source_cluster_security_group = true
description = "Allow access from control plane to webhook port of AWS load balancer controller"
}
}
2.Redeploy the service account on the cluster.
3.Check logs for more information.
4.You are also getting x509: certificate signed by unknown authority, check this document curated by the site Position is Everything for troubleshooting. Check whether right webhook configuration has been set up and that the correct endpoints are being used. Check if certificates are properly installed and not expired. If certificates expired then renew it to clear this issue.
The problem was in the old version of the cert-manager. Upgrade has fixed the problem