-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webhook Server Certificate #1157
Comments
I also have been encountering this issue when cert-manager renews the webhook certificate, requiring a restart of the pod. It would be nice to get this addressed. |
@bdwyertech @jsnouffer Thank you for reporting and following up on this issue. I apologize it went unattended for so long. I have been caught up with other priorities but wanted to let you know this issue's priority will be assessed, and it will hopefully be worked on in the near future. |
Have also ran into this issue lately when our certs expired, have explored the repo for custom solutions but no luck so far |
I still have to look into this further, but if I understand correctly, cert-manager will create a new If so, maybe we could somehow:
|
Yes precisely, a new certificate object will be created, as well as a secret containing the cert and key. This secret is then attached to the DWO as a volume mount and is able to be read from here But seems like a good solution to set the DWO to watch for secret object updates and update deployment accordingly as mentioned |
@dennisbalsam99 Thank you for the follow-up, it's really appreciated :) How are you installing DevWorkspace Operator by the way? Using chectl? Or using the Makefile scripts from the DevWorkspace Operator repo (or something else)? |
Based on the discussion in eclipse-che/che#23184, we should hopefully be able to 'cert-manager.io/inject-ca-from' the 'cert-manager.io/inject-ca-from' annotation to resolve this issue in a much more graceful manner than my original idea. |
Description
Seems like the webhook server is not getting restarted when cert-manager issues a new certificate. I would expect the
devworkspace-controller-manager
to do this, or for the webhook server to see that the cert has been rolled.Perhaps I just have something misconfigured, but when this cert expires, it causes issues for other non-devworkspace pods. Killing the webhook server and letting a new pod come up resolves the issue.
I am using the following Flux config to deploy the manifests under
deploy/deployment/kubernetes/objects/
The text was updated successfully, but these errors were encountered: