cert-manager v3.3.1 not working on GKE #150
Description
When updating component-cert-manager from v3.3.0 to v3.3.1 the deployment gets stuck because of the introduction of prorityClasses in #149.
Warning FailedCreate 13m (x19 over 35m) replicaset-controller Error creating: insufficient quota to match these scopes: [{PriorityClass In [system-node-critical system-cluster-critical]}]
Similar issues in other projects:
- insufficient quota to match these scopes cilium/cilium#13852
- In default chart configuration, pods fail to start on GKE cluster due to quota violation open-policy-agent/gatekeeper#1120
By default there is a ResourceQuata for namespace "kube-system":
apiVersion: v1
kind: ResourceQuota
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: gcp-critical-pods
namespace: kube-system
spec:
hard:
pods: 1G
scopeSelector:
matchExpressions:
- operator: In
scopeName: PriorityClass
values:
- system-node-critical
- system-cluster-critical
I think having a similar quota in the namespace where cert-manager is deployed should solve this issue.
Steps to Reproduce the Problem
- Update cert-manager to v3.3.1 on a GKE cluster
Actual Behavior
Rollout gets stuck
Expected Behavior
Successful update of cert-manager