failed calling webhook "v1.vseldondeployment.kb.io". x509: certificate signed by unknown authority

Question

I am trying Seldon Core example.

Here's SeldonExampleDeployment.yaml.

apiVersion: machinelearning.seldon.io/v1
kind: SeldonDeployment
metadata:
  name: seldon-model
spec:
  name: test-deployment
  predictors:
  - componentSpecs:
    - spec:
        containers:
        - image: seldonio/mock_classifier_rest:1.3
          name: classifier
          command:
          - --kubelet-insecure-tls
          - --insecure-skip-tls-verify
    graph:
      children: []
      endpoint:
        type: REST
      name: classifier
      type: MODEL
    name: example
    replicas: 1

$ kubectl apply -n seldon -f SeldonExampleDeployment.yaml
Error from server (InternalError): error when creating "SeldonExampleDeployment.yaml": 
Internal error occurred: failed calling webhook "v1.vseldondeployment.kb.io": 
Post https://seldon-webhook-service.kubeflow.svc:443/validate-machinelearning-seldon-io-v1-seldondeployment?timeout=30s: 
x509: certificate signed by unknown authority

• I use EKS
• I just opened all traffic in VPC (both inbound and outbound)

I don't know why this error happened. Please help me...

Answer 1

Old case, but to help at least other Googlers...

To avoid that webhook to fail deployment,

• first create SeldonDeployment
• then enable interferenceservice on namespace,
• lastly add Gateway

# Create namespace and add a mock classifier REST service
MY_NS=a-namespace
kubectl create namespace $MY_NS
cat <<EOF | kubectl create -n $MY_NS -f -
apiVersion: machinelearning.seldon.io/v1
kind: SeldonDeployment
metadata:
  name: seldon-model
spec:
  name: test-deployment
  predictors:
  - componentSpecs:
    - spec:
        containers:
        - image: seldonio/mock_classifier_rest:1.3
          name: classifier
    graph:
      children: []
      endpoint:
        type: REST
      name: classifier
      type: MODEL
    name: example
    replicas: 1
EOF

# Enable interferenceservice namespace and add gateway
kubectl label namespace $MY_NS serving.kubeflow.org/inferenceservice=enabled
cat <<EOF | kubectl create -n $MY_NS -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: kubeflow-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - '*'
    port:
      name: http
      number: 80
      protocol: HTTP
EOF

# Test REST service
curl -s -d '{"data": {"ndarray":[[1.0, 2.0, 5.0]]}}'    -X POST http://localhost:8004/seldon/$MY_NS/seldon-model/api/v1.0/predictions    -H "Content-Type: application/json"