https://community.hpe.com/t5/software-general/resolving-api-server-timeout-during-pod-deployment-webhook-issue/m-p/7252469#M1360 <P><STRONG>Resolving API Server Timeout During Pod Deployment (Webhook Issue)</STRONG></P><P><STRONG>Issue Summary</STRONG><BR />While deploying the OpsRamp server, the pod creation fails with a timeout error from the Kubernetes API server.</P><P><STRONG>Root Cause</STRONG><BR />The timeout is caused by issues in the Webhook configurations, specifically:<BR />- `ValidatingWebhookConfiguration`<BR />- `MutatingWebhookConfiguration`</P><P>These webhook calls are either unresponsive or unreachable, causing the API server to hang during pod creation.</P><P><STRONG>Solution</STRONG><BR />Temporarily disable the admission webhooks by modifying the API server configuration on all control plane nodes, then restart the API server to allow pod creation to succeed.</P><P><STRONG>Step-by-Step Procedure</STRONG></P><P>1. Verify the API Server Service**<BR />On each control plane node, run:</P><P><FONT face="courier new,courier">systemctl cat kube-apiserver</FONT></P><P><BR />2. Edit the API Server Service File**<BR />Open the service file (typically located at `/usr/lib/systemd/system/kube-apiserver.service`):</P><P><FONT face="courier new,courier">vi /usr/lib/systemd/system/kube-apiserver.service</FONT></P><P>Locate the line that starts with `ExecStart=` and append the following flags to disable the webhook admission plugins:</P><P><FONT face="courier new,courier">--disable-admission-plugins=ValidatingAdmissionWebhook,MutatingAdmissionWebhook</FONT></P><P><STRONG>Repeat this step on all control plane nodes.</STRONG></P><P>3. Reload Systemd and Restart API Server**<BR />After editing the service file, run the following commands:</P><P><FONT face="courier new,courier">systemctl daemon-reexec</FONT><BR /><FONT face="courier new,courier">systemctl daemon-reload</FONT><BR /><FONT face="courier new,courier">systemctl restart kube-apiserver</FONT></P><P><BR />4. Retry Pod Deployment**<BR />Once all control plane API servers are restarted, attempt to deploy the OpsRamp pod again:</P><P><FONT face="courier new,courier">kubectl apply -f &lt;opsramp-pod.yaml&gt;</FONT></P><P><STRONG>Verify that the pod is created successfully.</STRONG></P><P>5. Re-enable Webhooks After Verification**<BR />Once the pod deployment is successful:<BR />- Go back to each control plane node.<BR />- Remove the `--disable-admission-plugins=...` flag from the `kube-apiserver.service` file.<BR />- Restart the API server again:</P><P>systemctl daemon-reexec<BR />systemctl daemon-reload<BR />systemctl restart kube-apiserver</P><P><BR /><STRONG>Notes</STRONG><BR />- This approach temporarily disables all dynamic admission controllers, which may bypass security or policy checks.<BR />- It should only be used in controlled or emergency situations.<BR />- Consider investigating and fixing the underlying webhook service (e.g., DNS issue, service down, TLS error).</P> Thu, 10 Jul 2025 14:16:33 GMT Pramodmadhavan 2025-07-10T14:16:33Z https://community.hpe.com/t5/software-general/resolving-api-server-timeout-during-pod-deployment-webhook-issue/m-p/7252469#M1360 <P><STRONG>Resolving API Server Timeout During Pod Deployment (Webhook Issue)</STRONG></P><P><STRONG>Issue Summary</STRONG><BR />While deploying the OpsRamp server, the pod creation fails with a timeout error from the Kubernetes API server.</P><P><STRONG>Root Cause</STRONG><BR />The timeout is caused by issues in the Webhook configurations, specifically:<BR />- `ValidatingWebhookConfiguration`<BR />- `MutatingWebhookConfiguration`</P><P>These webhook calls are either unresponsive or unreachable, causing the API server to hang during pod creation.</P><P><STRONG>Solution</STRONG><BR />Temporarily disable the admission webhooks by modifying the API server configuration on all control plane nodes, then restart the API server to allow pod creation to succeed.</P><P><STRONG>Step-by-Step Procedure</STRONG></P><P>1. Verify the API Server Service**<BR />On each control plane node, run:</P><P><FONT face="courier new,courier">systemctl cat kube-apiserver</FONT></P><P><BR />2. Edit the API Server Service File**<BR />Open the service file (typically located at `/usr/lib/systemd/system/kube-apiserver.service`):</P><P><FONT face="courier new,courier">vi /usr/lib/systemd/system/kube-apiserver.service</FONT></P><P>Locate the line that starts with `ExecStart=` and append the following flags to disable the webhook admission plugins:</P><P><FONT face="courier new,courier">--disable-admission-plugins=ValidatingAdmissionWebhook,MutatingAdmissionWebhook</FONT></P><P><STRONG>Repeat this step on all control plane nodes.</STRONG></P><P>3. Reload Systemd and Restart API Server**<BR />After editing the service file, run the following commands:</P><P><FONT face="courier new,courier">systemctl daemon-reexec</FONT><BR /><FONT face="courier new,courier">systemctl daemon-reload</FONT><BR /><FONT face="courier new,courier">systemctl restart kube-apiserver</FONT></P><P><BR />4. Retry Pod Deployment**<BR />Once all control plane API servers are restarted, attempt to deploy the OpsRamp pod again:</P><P><FONT face="courier new,courier">kubectl apply -f &lt;opsramp-pod.yaml&gt;</FONT></P><P><STRONG>Verify that the pod is created successfully.</STRONG></P><P>5. Re-enable Webhooks After Verification**<BR />Once the pod deployment is successful:<BR />- Go back to each control plane node.<BR />- Remove the `--disable-admission-plugins=...` flag from the `kube-apiserver.service` file.<BR />- Restart the API server again:</P><P>systemctl daemon-reexec<BR />systemctl daemon-reload<BR />systemctl restart kube-apiserver</P><P><BR /><STRONG>Notes</STRONG><BR />- This approach temporarily disables all dynamic admission controllers, which may bypass security or policy checks.<BR />- It should only be used in controlled or emergency situations.<BR />- Consider investigating and fixing the underlying webhook service (e.g., DNS issue, service down, TLS error).</P> Thu, 10 Jul 2025 14:16:33 GMT https://community.hpe.com/t5/software-general/resolving-api-server-timeout-during-pod-deployment-webhook-issue/m-p/7252469#M1360 Pramodmadhavan 2025-07-10T14:16:33Z