CRD issue following cert-manager upgrade to 0.10

Summary

After upgrading the gitlab chart itself, I were to upgrade my standalone gitlab-runner chart. Doing so failed though, because it requires kubernetes to be in better shape than it currently is it seems.

UPGRADE FAILED
Error: Could not get apiVersions from Kubernetes: unable to retrieve the complete list of server APIs: webhook.certmanager.k8s.io/v1beta1: the server is currently unable to handle the request
Error: UPGRADE FAILED: Could not get apiVersions from Kubernetes: unable to retrieve the complete list of server APIs: webhook.certmanager.k8s.io/v1beta1: the server is currently unable to handle the request

The issue stems from getting information about the registered k8s resources I believe, which relates to CRDs, which relates to the recent upgrade in !1079 (merged) of cert-manager.

$ kubectl api-resources
# ...
storageclasses                    sc           storage.k8s.io                 false        StorageClass
volumeattachments                              storage.k8s.io                 false        VolumeAttachment
tpus                                           tpu.google.com                 false        TPU
error: unable to retrieve the complete list of server APIs: webhook.certmanager.k8s.io/v1beta1: the server is currently unable to handle the request

Steps to reproduce

I think writing kubectl api-resources after upgrading from v2.5.5 to v2.6.5 may do it, this is what I did.

Versions

  • Chart: v2.6.5
  • Platform:
    • Cloud: GKE
  • Kubernetes: (kubectl version)
    • Client: v1.17.0
    • Server: v1.15.4-gke.22
  • Helm: (helm version)
    • Client: v2.16.1
    • Server: v2.16.1

Relevant

I think this may be resolved by !1101 (merged) that has been merged recently by @twk3, some hours after the v2.6.5 release that I used was made available. UPDATE: No I just glanced at it, but now I see this is just part of the testing process.

We upgrade from cert-manager 0.4.0 to cert-manager 0.10.1. I wonder if we install the relevant CRDs for 0.10.1 in this manually maintained file called cert-manager-crd.yml. The cert-manager documentation for 0.10.1 is still available here. Perhaps we need to keep our cert-manager-crd.yml updated with what they have in this file to install cert-manager including the CRDs?

Idea of test for CI system

We could run kubectl api-versions and kubectl api-resources and assert them to return without an error code in the end of current CI tests or perhaps after installing CRDs.

Edited by Erik Sundell