Gatekeeper is getting killed by the Post-Install process
These are the logs from the post job, not sure what its goal is, but it runs and kills the gatekeeper pods. It is then stuck in this infinite loop. This just started happening in the last couple of months, I am not sure what changed.
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 172.30.186.177...
- TCP_NODELAY set
- Connected to gatekeeper-webhook-service.gatekeeper-system.svc (172.30.186.177) port 443 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /certs/ca.crt CApath: none } [5 bytes data]
- TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data]
- TLSv1.3 (IN), TLS handshake, Server hello (2): { [122 bytes data]
- TLSv1.3 (IN), TLS handshake, [no content] (0): { [1 bytes data]
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): { [15 bytes data]
- TLSv1.3 (IN), TLS handshake, [no content] (0): { [1 bytes data]
- TLSv1.3 (IN), TLS handshake, Certificate (11): { [905 bytes data]
- TLSv1.3 (IN), TLS handshake, [no content] (0): { [1 bytes data]
- TLSv1.3 (IN), TLS handshake, CERT verify (15): { [264 bytes data]
- TLSv1.3 (IN), TLS handshake, [no content] (0): { [1 bytes data]
- TLSv1.3 (IN), TLS handshake, Finished (20): { [36 bytes data]
- TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data]
- TLSv1.3 (OUT), TLS handshake, [no content] (0): } [1 bytes data]
- TLSv1.3 (OUT), TLS handshake, Finished (20): } [36 bytes data]
- SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
- ALPN, server accepted to use h2
- Server certificate:
- subject: CN=gatekeeper-webhook-service.gatekeeper-system.svc
- start date: May 16 20:00:42 2023 GMT
- expire date: May 13 21:00:42 2033 GMT
- subjectAltName: host "gatekeeper-webhook-service.gatekeeper-system.svc" matched cert's "gatekeeper-webhook-service.gatekeeper-system.svc"
- issuer: O=gatekeeper; CN=gatekeeper-ca
- SSL certificate verify ok.
- Using HTTP2, server supports multi-use
- Connection state changed (HTTP/2 confirmed)
- Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 } [5 bytes data]
- TLSv1.3 (OUT), TLS app data, [no content] (0): } [1 bytes data]
- TLSv1.3 (OUT), TLS app data, [no content] (0): } [1 bytes data]
- TLSv1.3 (OUT), TLS app data, [no content] (0): } [1 bytes data]
- Using Stream ID: 1 (easy handle 0x55fb4f742860) } [5 bytes data]
- TLSv1.3 (OUT), TLS app data, [no content] (0): } [1 bytes data]
GET /v1/admitlabel?timeout=2s HTTP/2 Host: gatekeeper-webhook-service.gatekeeper-system.svc User-Agent: curl/7.61.1 Accept: /
{ [5 bytes data]
- TLSv1.3 (IN), TLS handshake, [no content] (0): { [1 bytes data]
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): { [130 bytes data]
- TLSv1.3 (IN), TLS app data, [no content] (0): { [1 bytes data]
- Connection state changed (MAX_CONCURRENT_STREAMS == 250)! } [5 bytes data]
- TLSv1.3 (OUT), TLS app data, [no content] (0): } [1 bytes data]
- TLSv1.3 (IN), TLS app data, [no content] (0): { [1 bytes data]
- TLSv1.3 (IN), TLS app data, [no content] (0): { [1 bytes data]
- TLSv1.3 (IN), TLS app data, [no content] (0): { [1 bytes data] < HTTP/2 200 < content-type: text/plain; charset=utf-8 < content-length: 128 < date: Tue, 16 May 2023 21:04:10 GMT < { [128 bytes data]
100 128 100 128 0 0 18285 0 --:--:-- --:--:-- --:--:-- 18285
- Connection #0 to host gatekeeper-webhook-service.gatekeeper-system.svc left intact {"response":{"uid":"","allowed":false,"status":{"metadata":{},"message":"contentType=, expected application/json","code":400}}}