Getting failed calling webhook "validate.nginx.ingress.kubernetes.io": error when applying ingress resource/rules yaml file in NginxIngress Controller

Question

I'm getting below error whenever I'm trying to apply an ingress resource/rules yaml file:

failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": EOF

It seems there are multiple errors for "failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": Error here

Like below:

context deadline exceeded
x509: certificate signed by unknown authority
Temporary Redirect
EOF
no endpoints available for service "ingress-nginx-controller-admission"

...and many more.

My Observations:

As soon as the the ingress resource/rules yaml is applied, the above error is shown and the Ingress Controller gets restarted as shown below:

NAME                                        READY   STATUS      RESTARTS          AGE
ingress-nginx-controller-5cf97b7d74-zvrr6   1/1     Running            6          30m
ingress-nginx-controller-5cf97b7d74-zvrr6   0/1     OOMKilled          6          30m

ingress-nginx-controller-5cf97b7d74-zvrr6   0/1     CrashLoopBackOff   6          30m

ingress-nginx-controller-5cf97b7d74-zvrr6   0/1     Running            7          31m

ingress-nginx-controller-5cf97b7d74-zvrr6   1/1     Running            7          32m

One possible solution could be (not sure though) mentioned here: https://stackoverflow.com/a/69289313/12241977

But not sure if it could possibly work in case of Managed Kubernetes services like AWS EKS as we don't have access to kube-api server.

Also the section "kind: ValidatingWebhookConfiguration" has below field from yaml:

clientConfig:
  service:
    namespace: ingress-nginx
    name: ingress-nginx-controller-admission
    path: /networking/v1/ingresses

So what does the "path: /networking/v1/ingresses" do & where it resides or simply where we can find this path? I checked the validation webhook using below command but, not able to get where to find the above path

kubectl describe validatingwebhookconfigurations ingress-nginx-admission

Setup Details

I installed using the Bare-metal method exposed with NodePort

Ingress Controller Version - v1.1.0

Kubernetes Cluster Version (AWS EKS): 1.21

How was `ingress nginx` installed? Which version of `ingress-nginx` was installed? Which cluster version is used? As for your question about `path`, it's a literal path where requests will be sent on the specified service. Please see [k8s service reference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#servicereference-v1-apiextensions-k8s-io) — moonkotte, Dec 07 '21 at 16:09
Hi, Thanks for the response ! I installed using the Bare-metal method: https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters , Controller Version - v1.1.0 , Kubernetes Cluster Version (AWS EKS): 1.21 — AT07, Dec 17 '21 at 06:55

score 1 · Accepted Answer · answered Mar 01 '22 at 07:32

1

Ok, I got this working now: I was getting the status as "OOMKilled" (Out Of Memory). So what I did is I've added the "limits:" section under "resources:" section of Deployment yaml as below:

      resources:
        requests:
          cpu: 100m
          memory: 90Mi
        limits:              
          cpu: 200m
          memory: 190Mi

Now, it works fine for me.

answered Mar 01 '22 at 07:32

AT07

43
1
6

1

I don't see why the memory limits would stop the container from being OOMKilled. In fact it should make it be killed sooner than before. – luislhl Oct 27 '22 at 18:38

Getting failed calling webhook "validate.nginx.ingress.kubernetes.io": error when applying ingress resource/rules yaml file in NginxIngress Controller

1 Answers1