gMSA webhook script doesn’t work

Question

gMSA webhook script doesn’t work

Closed this issue 3 years ago · 1 comments

sh-4.2$ ./deploy-gmsa-webhook.sh --file ./gmsa-manifests --image wk88/k8s-gmsa-webhook:v1.15 --overwrite
Generating RSA private key, 2048 bit long modulus
...........................+++
..........+++
e is 65537 (0x10001)
certificatesigningrequest.certificates.k8s.io "gmsa-webhook.gmsa-webhook" deleted
certificatesigningrequest.certificates.k8s.io/gmsa-webhook.gmsa-webhook created
NAME                        AGE   SIGNERNAME                      REQUESTOR   CONDITION
gmsa-webhook.gmsa-webhook   1s    kubernetes.io/kubelet-serving   admin       Pending
certificatesigningrequest.certificates.k8s.io/gmsa-webhook.gmsa-webhook approved
FATAL ERROR: after approving CSR gmsa-webhook.gmsa-webhook, the signed certificate did not appear on the resource, giving up after 30 attempts

Answer 1 · 2021-12-29T18:48:12.000Z

solved

curl -L https://raw.githubusercontent.com/kubernetes-sigs/windows-gmsa/master/admission-webhook/deploy/deploy-gmsa-webhook.sh --output deploy-gmsa-webhook.sh
K8S_GMSA_DEPLOY_DOWNLOAD_REV='v0.1.0' ./deploy-gmsa-webhook.sh --file ./gmsa-manifests --image wk88/k8s-gmsa-webhook:v1.15 --overwrite # Workaround explained here https://github.com/kubernetes-sigs/windows-gmsa/issues/49