Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
18: PE/Tasks/Docs
-
1
Description
The Helm Chart upgrade from 2.0.x to 2.1 encounters the following error:
{"level":"error","ts":1610489073.7747614,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"couchbase-
|
controller","request":"default/cb-test-couchbase-cluster","error":"secrets \"cb-test-couchbase-cluster\" already exists","stacktrac
|
e":"github.com/go-logr/zapr.(*zapLogger)
|
*Steps to Reproduce*
1) helm install cb-test couchbase/couchbase-operator --version 2.0.2
this will install the standard default
2) then:
kubectl replace -f crd.yaml
kubectl create -f crd.yaml
3) then upgrade the chart:
helm upgrade cb-test couchbase/couchbase-operator
We will hit the error above.
In addition, If we have the following set to true in the values.yaml
# TLS Certs that will be used to encrypt traffic between operator and couchbase
|
tls:
|
# enable to auto create certs
|
generate: false
|
# Expiry time of CA in days for generated certs
|
expiration: 365
|
Then upgrading to 2.1 operator from previous version will encounter the following error:
{"level":"error","ts":1611102051.5212724,"logger":"cluster","msg":"Reconciliation failed","cluster":"default/demo","error":"certificate cannot be verified for zone: x509: certificate is valid for localhost, *.demo-couchbase-cluster.default.svc, *.demo-couchbase-cluster.default, *.demo-couchbase-cluster, *.demo-couchbase-cluster-srv.default.svc, *.demo-couchbase-cluster-srv.default, *.demo-couchbase-cluster-srv, demo-couchbase-cluster-srv.default.svc, demo-couchbase-cluster-srv.default, demo-couchbase-cluster-srv, *.demo-couchbase-cluster-srv.default.svc.cluster.local, host.demo-couchbase-cluster.default.svc.cluster.local, not host.demo
|
Thanks Tin, this issue occurs because the 2.1 operator is now using a secret with same name as the cluster to store state. The new 2.1 secret conflicts with the old auth secret which also had same name as the cluster. As of 2.1 helm chart this conflict is gone, which means this will not be an issue for future releases.
2.0.2 Upgrade options:
First run
helm repo update
1. If someone is currently installing 2.0.2 and planning a 2.1 upgrade, the issue can be avoided altogether by using custom secrets.
Here are steps to install 2.0.2 when planning future 2.x upgrades:
# create a custom secret
kube create -f secret.yaml
kubectl replace crd.yaml
kubectl create crd.yaml
# upgrade and re-use custom secret path
helm upgrade demo --set cluster.security.adminSecret=cb-example-auth couchbase/couchbase-operator
2. If 2.0.2 cluster is already installed, the secret info needs to be extracted and applied to 2.1 secret. (assumes name of secret is `demo-couchbase-cluster`)
# Collect username/password from current secret name
kubectl replace crd.yaml
kubectl create crd.yaml
helm upgrade demo --set cluster.security.adminSecret=demo-couchbase-cluster couchbase/couchbase-operator
# Patch secret with username/password