deploy vpa-admission-controller failed in kind cluster #6126
Description
Which component are you using?:
vertical-pod-autoscaler
What version of the component are you using?:
use tag cluster-autoscaler-1.28.0
Component version:
vpa-admission-controller: 0.14.0
What k8s version are you using (kubectl version)?:
kubectl version Output
$ kubectl version Client Version: v1.28.2 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.27.3
What environment is this in?:
Linux workstation 6.5.4-arch2-1 #1 SMP PREEMPT_DYNAMIC Thu, 21 Sep 2023 11:06:39 +0000 x86_64 GNU/Linux
deploy cluster with kind. kind image: kindest/node: v1.27.3
OpenSSL 3.1.3 19 Sep 2023 (Library: OpenSSL 3.1.3 19 Sep 2023)
What did you expect to happen?:
I want to deploy vpa components, but vpa-admission-controller not working.
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 8m29s default-scheduler Successfully assigned kube-system/vpa-admission-controller-9b8db6df-krqdg to kind-worker
Warning FailedMount 113s (x3 over 6m26s) kubelet Unable to attach or mount volumes: unmounted volumes=[tls-certs], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition
Warning FailedMount 15s (x12 over 8m29s) kubelet MountVolume.SetUp failed for volume "tls-certs" : secret "vpa-tls-certs" not found
I clone repo and checkout tag cluster-autoscaler-1.28.0, run script /vertical-pod-autoscaler/hack/vpa-up.sh to deploy vpa. The script generate certs for admission controller failed with error Error adding extensions defined via -addext. I paste log below
[work@workstation hack]$ sh vpa-up.sh
customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalercheckpoints.autoscaling.k8s.io created
customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalers.autoscaling.k8s.io created
clusterrole.rbac.authorization.k8s.io/system:metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:vpa-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-status-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created
clusterrole.rbac.authorization.k8s.io/system:evictioner created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-actor created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-status-actor created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-target-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-target-reader-binding created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-evictioner-binding created
serviceaccount/vpa-admission-controller created
serviceaccount/vpa-recommender created
serviceaccount/vpa-updater created
clusterrole.rbac.authorization.k8s.io/system:vpa-admission-controller created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-admission-controller created
clusterrole.rbac.authorization.k8s.io/system:vpa-status-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-status-reader-binding created
deployment.apps/vpa-updater created
deployment.apps/vpa-recommender created
Generating certs for the VPA Admission Controller in /tmp/vpa-certs.
Error adding extensions defined via -addext
40F75A36787F0000:error:0580008C:x509 certificate routines:X509at_add1_attr:duplicate attribute:crypto/x509/x509_att.c:86:
deployment.apps/vpa-admission-controller created
service/vpa-webhook created
What happened instead?:
How to reproduce it (as minimally and precisely as possible):
just deploy with vpa-up.sh
Anything else we need to know?:
all of these is running in virtual machine.