9 - Krakend, 10 - Krackeverlasting
Had an issue whereby the self-signed admission controller certificate on the mutating/validating webhook had expired and couldn't be rotated...because it was expired.
After a few different approaches, Alex Emery tested and recommended:
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io couchbase-couchbase-admission-controller
kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io couchbase-couchbase-admission-controller
kubectl delete secrets couchbase-couchbase-admission-controller
helm upgrade couchbase couchbase/couchbase-operator
Which worked smoothly.
a) document this as a workaround (for both Helm and non-Helm deployments)
b) auto-renew the internal certificate on the webhook
c) increase the helm cert from 1 year to 10 like cao does
|For Gerrit Dashboard: K8S-2843|
|185398,11||K8S-2843: Allow extending webhook certs||master||couchbase-operator||Status: MERGED||+2||+1|