Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
9 - Krakend, 10 - Krackeverlasting
-
1
Description
Had an issue whereby the self-signed admission controller certificate on the mutating/validating webhook had expired and couldn't be rotated...because it was expired.
After a few different approaches, Alex Emery tested and recommended:
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io couchbase-couchbase-admission-controller
kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io couchbase-couchbase-admission-controller
kubectl delete secrets couchbase-couchbase-admission-controller
helm upgrade couchbase couchbase/couchbase-operator
Which worked smoothly.
We should:
a) document this as a workaround (for both Helm and non-Helm deployments)
b) auto-renew the internal certificate on the webhook
c) increase the helm cert from 1 year to 10 like cao does
Attachments
Issue Links
- blocks
-
K8S-3052 2.4.1 Release Notes
- Resolved