-
Notifications
You must be signed in to change notification settings - Fork 743
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certwatcher issue #2477
Comments
Any insight into this yet? I am seeing this in GK v3.10.0, minikube (k8s v1.25.3). |
It looks like cert watcher only regenerates certs on a timer: Updating the following code to call In the interim, nudging a pod (e.g. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
still an open bug |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
@acpana interested? |
thanks for the tag max! I can have a look at this in my downtime from other projects. I will assign it to myself when I get to it. In the meantime, folks can feel free to jump on it if they have cycles. |
What steps did you take and what happened:
When I recreate Secret (reapply manifest), data field in Secret is emptied, and after it is not updated with certs data. So if I will then recreate ValidatingWebhookConfiguration, caBundle field will not be updated in the config and I see error:
Error from server (InternalError): error when creating "pod.yaml": Internal error occurred: failed calling webhook "validation.gatekeeper.sh": failed to call webhook: Post "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admit?timeout=3s": x509: certificate signed by unknown authority
Controller manager logs:
What did you expect to happen:
Certs to be updated in Secret object.
Environment:
kubectl version
): v1.24.6The text was updated successfully, but these errors were encountered: