# Error from server (InternalError): error when creating "pod.yaml": Internal error occurred: failed calling webhook "pod-identity-webhook.m8r.io": Post "https://pod-identity-webhook.m8r.io/mutate?timeout=10s": context deadline exceeded

- **ID:** `kubernetes/mutating-webhook-timeout`
- **Domain:** kubernetes
- **Category:** network_error
- **Verification:** ai_generated
- **Fix Rate:** 85%

## Root Cause

A mutating admission webhook is unreachable or timing out, often due to network issues, missing service, or the webhook pod being down.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| Kubernetes 1.26 | active | — | — |
| Kubernetes 1.27 | active | — | — |
| Kubernetes 1.28 | active | — | — |
| istio 1.18 | active | — | — |
| cert-manager 1.12 | active | — | — |

## Workarounds

1. **Check webhook pod status: kubectl get pods -n <namespace> -l app=<webhook-name>, then restart if not running: kubectl rollout restart deployment/<webhook-deployment> -n <namespace>** (85% success)
   ```
   Check webhook pod status: kubectl get pods -n <namespace> -l app=<webhook-name>, then restart if not running: kubectl rollout restart deployment/<webhook-deployment> -n <namespace>
   ```
2. **Verify network connectivity by exec into a temporary pod: kubectl run test --image=busybox --rm -it -- wget -O- https://pod-identity-webhook.m8r.io/mutate --timeout=5** (80% success)
   ```
   Verify network connectivity by exec into a temporary pod: kubectl run test --image=busybox --rm -it -- wget -O- https://pod-identity-webhook.m8r.io/mutate --timeout=5
   ```

## Dead Ends

- **Increasing webhook timeout in the ValidatingWebhookConfiguration** — 超时通常是网络不通或服务宕机，增加超时不会解决根本问题 (75% fail)
- **Restarting the API server** — 问题出在 Webhook 服务端，不是 API 服务器 (90% fail)
- **Disabling the webhook temporarily by deleting the MutatingWebhookConfiguration** — 虽然可以绕过错误，但会禁用安全功能，且需要重新创建配置 (50% fail)