Certificates and cert-manager
Wayfinder offers easy time-bound access to logs, enabling you to troubleshoot both Wayfinder and the pods/containers within the Kubernetes clusters that Wayfinder manages.
The following sections describe various troubleshooting steps. Unless otherwise noted, any user can perform these steps.
Installing Wayfinder
[Wayfinder administrator]
Certificates and cert-manager
If you are not using the installation options --api-tls-private-key-pem
and --ui-tls-private-key-pem
, Wayfinder installs and uses cert-manager to provision certificates. Occasionally, cert-manager can fail while requesting a certificate from LetsEncrypt and falls into an exponential backoff:
◉ Waiting for Cert Manager to successfully retrieve a certificate for API
Error: operation has been cancelled
OR
◉ Waiting for Cert Manager to successfully retrieve a certificate for UI
Error: operation has been cancelled
If you encounter this issue:
-
Check the status of the
certificate
resource in thewayfinder
namespace:kubectl -n wayfinder get certificate
-
Try deleting the certificate request, and then re-run the non-interactive install:
kubectl -n wayfinder delete certificate NAME
wf install --non-interactive
You can access the management cluster to perform the above via:
# Google Cloud
# Name: is the name of the management cluster we gave in the install
# Region: is the region we created the management cluster in
$ gcloud container clusters get-credentials NAME --zone REGION
# Amazon AWS
# Name: is the name of the management cluster we gave in the install
$ aws eks update-kubeconfig --name NAME
# Azure
# Name: is the name of the management cluster we gave in the install
# Region: is the location we placed the management cluster. The resource group created following the format wf-NAME-REGION
$ az aks get-credentials --admin --name NAME --resource-group wf-NAME-REGION