Kubernetes: v1.19.9-gke.1900
Helm actions-runner-controller: 0.12.7
I have CRDs created by Github Actions Controller:
❯ kubectl api-resources | grep summerwind.dev
horizontalrunnerautoscalers actions.summerwind.dev/v1alpha1 true HorizontalRunnerAutoscaler
runnerdeployments actions.summerwind.dev/v1alpha1 true RunnerDeployment
runnerreplicasets actions.summerwind.dev/v1alpha1 true RunnerReplicaSet
runners actions.summerwind.dev/v1alpha1 true Runner
runnersets actions.summerwind.dev/v1alpha1 true RunnerSet
And also I have a sample file with two simplified resources: pod and runner
❯ cat test.yml
apiVersion: v1
kind: Pod
metadata:
name: pod-1
spec:
containers:
- name: main
image: busybox
---
apiVersion: actions.summerwind.dev/v1alpha1
kind: Runner
metadata:
name: runner-1
spec:
organization: my-org
env: []
Now, when I run apply to both these resources, the Pod works good but the Runner fails:
❯ kubectl apply -f test.yml
pod/pod-1 created
Error from server (InternalError): error when creating "test.yml": Internal error occurred: failed calling webhook "mutate.runner.actions.summerwind.dev": Post "https://actions-runner-controller-webhook.tools.svc:443/mutate-actions-summerwind-dev-v1alpha1-runner?timeout=30s": x509: certificate signed by unknown authority
As you see, this call goes to the MutatingWebhookConfiguration. And this webhook sends request to the Controller that prints only:
❯ kubectl -n tools logs actions-runner-controller-6cd6fbdd56-qlzrd -c manager
...
http: TLS handshake error from 10.128.0.3:59736: remote error: tls: bad certificate
QUESTION: What is the next step for troubleshooting?
