Cert-manager: Can I delete cert-manager deployment and re-install without data loss?

Created on 24 Jan 2019  Â·  2Comments  Â·  Source: jetstack/cert-manager

I've accidentally updated my cert-manager 0.5.2 deployment to 0.6.0 without reading update instructions. Looks like this new webhook things came up with this new version. Now cert-manager-webhook pod is not coming up and giving this outputs.

MountVolume.SetUp failed for volume "certs" : secrets "cert-manager-webhook-webhook-tls" not found

Unable to mount volumes for pod "cert-manager-webhook-d85fcf8cf-4lghp_cert-manager(e593f627-1feb-11e9-8b10-42010a94014f)": timeout expired waiting for volumes to attach or mount for pod "cert-manager"/"cert-manager-webhook-d85fcf8cf-4lghp". list of unmounted volumes=[certs]. list of unattached volumes=[certs cert-manager-webhook-token-fwzsh]

After I read update instructions I ran this command and tried to reschedule deployment. But still no luck.

Now i'm considering about delete cert-manager deployment entirely and install it again. In this case, do I lost all certificates too? I guess even I don't lose certificates, I'd lose its renewal tracking? I mean I afraid of current certs won't get renewed after new installation?

Or how can I fix my mess without breaking anything.

picture shinebayar-g

Most helpful comment

Have you made sure the namespace cert-manager is running in has a label on it to disable resource validation?

## IMPORTANT: if you are deploying into a namespace that **already exists**,
## you MUST ensure the namespace has an additional label on it in order for
## the deployment to succeed
$ kubectl label namespace <deployment-namespace> certmanager.k8s.io/disable-validation="true"
picture munnerz on 24 Jan 2019
🎉31 👍1

All 2 comments

Have you made sure the namespace cert-manager is running in has a label on it to disable resource validation?

## IMPORTANT: if you are deploying into a namespace that **already exists**,
## you MUST ensure the namespace has an additional label on it in order for
## the deployment to succeed
$ kubectl label namespace <deployment-namespace> certmanager.k8s.io/disable-validation="true"
munnerz picture munnerz on 24 Jan 2019
🎉31 👍1

Hi thanks for an answer. On this page, It said if you're updating from v0.5 or below ... I was updating from v0.5.2 and I thought this was not the case for me.

# If you are upgrading from v0.5 or below, you should manually add this
# label to your cert-manager namespace to ensure the `webhook component`_
# can provision correctly.
$ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true

However this one did the trick for me

➜  ~ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
namespace/cert-manager labeled
➜  ~

Thank you very much! Much appreciated.

shinebayar-g picture shinebayar-g on 25 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

howardjohn picture howardjohn  Â·  3Comments
jbouzekri picture jbouzekri  Â·  4Comments
f-f picture f-f  Â·  4Comments
jonathan-kosgei picture jonathan-kosgei  Â·  4Comments
kragniz picture kragniz  Â·  4Comments