Skip to content

The startupapicheck image isn't published to quay.io, so the standard Helm install fails. #6597

New issue
New issue
Closed
#6609
Closed
The startupapicheck image isn't published to quay.io, so the standard Helm install fails.#6597
#6609
Assignees
wallrj
Labels
kind/bugCategorizes issue or PR as related to a bug.
Milestone
1.14
@wallrj

Description

@wallrj
wallrj
opened on Jan 4, 2024

While testing v1.14.0-alpha.0 in #6591, I found that the new startupapicheck isn't published to quay.io, so the standard Helm install fails.

$ helm upgrade test cert-manager --repo https://v1-14-0-alpha-0.jetstack-charts.pages.dev  --namespace cert-manager --create-namespace --install --set installCRDs=true --devel --wait
Release "test" does not exist. Installing it now.
Error: failed post-install: 1 error occurred:
        * timed out waiting for the condition
$ kubectl -n cert-manager describe pod/test-cert-manager-startupapicheck-gg5rv
...

Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  79s                default-scheduler  Successfully assigned cert-manager/test-cert-manager-startupapicheck-gg5rv to kind-control-plane
  Normal   Pulling    41s (x3 over 79s)  kubelet            Pulling image "quay.io/jetstack/cert-manager-startupapicheck:v1.14.0-alpha.0"
  Warning  Failed     40s (x3 over 78s)  kubelet            Failed to pull image "quay.io/jetstack/cert-manager-startupapicheck:v1.14.0-alpha.0": rpc error: code = Unknown desc = failed to pull and unpack image "quay.io/jetstack/cert-manager-startupapicheck:v1.14.0-alpha.0": failed to resolve reference "quay.io/jetstack/cert-manager-startupapicheck:v1.14.0-alpha.0": unexpected status from HEAD request to https://quay.io/v2/jetstack/cert-manager-startupapicheck/manifests/v1.14.0-alpha.0: 401 UNAUTHORIZED
  Warning  Failed     40s (x3 over 78s)  kubelet            Error: ErrImagePull
  Normal   BackOff    0s (x5 over 77s)   kubelet            Back-off pulling image "quay.io/jetstack/cert-manager-startupapicheck:v1.14.0-alpha.0"
  Warning  Failed     0s (x5 over 77s)   kubelet            Error: ImagePullBackOff

Workaround is to disable the startupapicheck:

$ helm upgrade test cert-manager --repo https://v1-14-0-alpha-0.jetstack-charts.pages.dev  --namespace cert-manager --create-namespace --install --set installCRDs=true --devel --wait --set startupapicheck.enabled=false
Release "test" does not exist. Installing it now.
NAME: test
LAST DEPLOYED: Thu Jan  4 11:11:33 2024
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.14.0-alpha.0 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/

I'll add this as a known issue in the release notes.

/kind bug

Originally posted by @wallrj in https://github.com/jetstack/jetstack-charts/pull/219#pullrequestreview-1803970844

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions