How to recreate rancher-webhook-tls secret if incorrectly deleted

This document (000020699) is provided subject to the disclaimer at the end of this document.

Environment

Rancher 2.5.8 or higher, incorrectly deleted rancher-webhook-tls secret instead of cattle-webhook-tls secret

Situation

The rancher-webhook-tls is expired on the local rancher cluster.

After following the documentation to renew the certificate, the rancher-webhook pods cannot start.

https://rancher.com/docs/rancher/v2.6/en/troubleshooting/expired-webhook-certificates

Resolution

Trigger recreation of the rancher-webhook-tls secret:

1. Remove rancher.cattle.io validating and mutating webhooks, as well as the webhook-service:

kubectl delete mutatingwebhookconfigurations rancher.cattle.io
kubectl delete validatingwebhookconfigurations rancher.cattle.io
kubectl -n cattle-system delete service webhook-service

2. Navigate to Apps & Marketplace in the local cluster Explorer, Installed Apps, and perform an 'upgrade'

of rancher-webhook to trigger the recreation of deleted resources and a new rancher-webhook-tls

certificate secret.

Cause

Unintentionally deletion of _rancher-webhook-tls_secretinstead of_cattle-webhook-tls_secret

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.