构建镜像创建报错'failed calling webhook "mutating-create-update-s2ibuilder'

gaussli

系统环境：CentOS7.8 3台
Docker版本：19.03.11
Kubernetes版本：v1.17.3
Kubesphere版本：v2.1.1
外部Harbor版本：1.9.4（用此版本原因是这个版本能解决在Kubesphere2.1.1中不能用自签证书以及http自动跳转https的问题）

问题描述：在构建镜像功能中点击创建后出现下图错误：

我找到了一篇类似贴，DevOps构建的时候报图中的错误，贴中的问题也有出现过，但是该帖没有具体解决方案就沉了。

我查看了s2ioperator-0日志，并没有报错

[root@CentOS-K8S-Master ~]# kubectl -n kubesphere-devops-system logs s2ioperator-0
{"level":"info","ts":1592288285.0750349,"logger":"entrypoint","msg":"setting up client for manager"}
{"level":"info","ts":1592288285.0752263,"logger":"entrypoint","msg":"setting up manager"}
{"level":"info","ts":1592288285.2869802,"logger":"entrypoint","msg":"Registering Components."}
{"level":"info","ts":1592288285.287007,"logger":"entrypoint","msg":"setting up scheme"}
{"level":"info","ts":1592288285.2873247,"logger":"entrypoint","msg":"Setting up controller"}
{"level":"info","ts":1592288285.28743,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"s2ibuilder-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1592288285.2875617,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"s2ibuilder-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1592288285.2876945,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"s2irun-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1592288285.2877245,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"s2irun-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1592288285.2877948,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"s2irun-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1592288285.2878778,"logger":"entrypoint","msg":"setting up webhooks"}
{"level":"info","ts":1592288285.2879946,"logger":"entrypoint","msg":"start collect s2i metrics"}
{"level":"info","ts":1592288285.2880008,"logger":"entrypoint","msg":"Starting the Cmd."}
{"level":"info","ts":1592288286.4722383,"logger":"kubebuilder.webhook","msg":"installing webhook configuration in cluster"}
{"level":"info","ts":1592288286.4724057,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"s2ibuilder-controller"}
{"level":"info","ts":1592288286.4724364,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"s2irun-controller"}
{"level":"info","ts":1592288286.872535,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"s2irun-controller","worker count":1}
{"level":"info","ts":1592288286.8729045,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"s2ibuilder-controller","worker count":1}
{"level":"info","ts":1592288289.0331757,"logger":"kubebuilder.webhook","msg":"starting the webhook server."}

我也查看了jenkins服务是正常的，web网页也能登录操作

[root@CentOS-K8S-Master ~]# kubectl -n kubesphere-devops-system get pod,svc
NAME                                          READY   STATUS      RESTARTS   AGE
pod/ks-devops-db-ctrl-job-lx2cg               0/1     Completed   0          58m
pod/ks-devops-db-init-job-wdpwt               0/1     Completed   0          58m
pod/ks-jenkins-75695b8584-llsbc               1/1     Running     0          56m
pod/ks-sonarqube-postgresql-666d5bd77-f75vp   1/1     Running     1          143m
pod/ks-sonarqube-sonarqube-f68dd5ff5-4cxtg    1/1     Running     1          143m
pod/s2ioperator-0                             1/1     Running     1          57m
pod/uc-jenkins-update-center-b465bf4d-pbjxf   1/1     Running     18         6d6h

NAME                                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
service/ks-jenkins                    NodePort    10.103.92.126    <none>        80:30180/TCP     6d6h
service/ks-jenkins-agent              ClusterIP   10.105.102.3     <none>        50000/TCP        6d6h
service/ks-sonarqube-postgresql       ClusterIP   10.102.187.74    <none>        5432/TCP         143m
service/ks-sonarqube-sonarqube        NodePort    10.107.19.153    <none>        9000:30204/TCP   143m
service/s2ioperator                   ClusterIP   10.102.208.80    <none>        443/TCP          6d6h
service/s2ioperator-metrics-service   ClusterIP   10.110.243.19    <none>        8080/TCP         6d6h
service/uc-jenkins-update-center      ClusterIP   10.106.244.211   <none>        80/TCP           6d6h
service/webhook-server-service        ClusterIP   10.107.187.60    <none>        443/TCP          6d6h

看看各位有没有遇到相同的问题及有解决方案的，google百度各种已经查了很久也没解决方案。感谢各位！

shaowenchen

麻烦提供一下构建镜像的参数截图

gaussli

shaowenchen

感谢回复！

因为是连接超时，所以等30s后就出现如下图的错误：

再次执行也是超时错误，但是提示有点不同：

所以就是上述2个截图的错误和标题中的错误，一共三种错误，但是都是属于连接webhook-server-service超时，但是我通过执行“get svc -n kubesphere-devops-system -owide”查看对应svc是正常的：

此外，我通过devops中的jenkins流水线发布是可以正常的，就是单纯使用这个“构建镜像”功能和“服务”中的“通过代码构建新的服务”功能就出现这种错误，毕竟“通过代码构建新的服务”流程中也要用到“构建镜像”这个功能。

其他相关截图说明：

kubesphere新增harbor连接的截图如下：
harbor私服用的是http，所以docker的daemon.json也设置了对应的insecure-registries，一共三个节点，三个节点都设置了：
harbor私服中也有test这个项目：

mikexu

在客户环境也遇到过，最后发现是网络的问是，就是有的工作节点（node)的防火墙没有打开443端口。

这个问题只有三种可能性：网络问题，就是超时（一般是抒 Context canceled.，（一般是路由不通或被防火墙阻挡或者refused 则是证书问题）、二是应用问题(Context deadline exceed)。