You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Matyas Orhidi (Jira)" <ji...@apache.org> on 2022/06/28 05:23:00 UTC
[jira] [Created] (FLINK-28272) Handle TLS certificate renewal in Webhook
|  |
[Matyas
Orhidi](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=matyas)
**created** an issue
---|---
|
---
| [Flink](https://issues.apache.org/jira/browse/FLINK) / [](https://issues.apache.org/jira/browse/FLINK-28272)
[FLINK-28272](https://issues.apache.org/jira/browse/FLINK-28272)
---
[Handle TLS certificate renewal in
Webhook](https://issues.apache.org/jira/browse/FLINK-28272)
| Issue Type: |  Bug
---|---
Affects Versions: | kubernetes-operator-1.0.0
Assignee: | Unassigned
Components: | Kubernetes Operator
Created: | 28/Jun/22 05:22
Priority: |  Major
Reporter: | [Matyas
Orhidi](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=matyas)
|
We found that flink-kubernetes-operator v1.0.0 does not reload new certificate
when updated by cert-manager, and it causes the following error when updating
FlinkDeployment
`Failed sync attempt to 597d35a7434bede526f526852c33a65262765219: one or more
objects failed to apply, reason: Internal error occurred: failed calling
webhook "flinkoperator.flink.apache.org": Post "`
`[https://flink-operator-webhook-service.flink-
operator.svc:443/validate?timeout=10s](https://flink-operator-webhook-
service.flink-operator.svc/validate?timeout=10s)`
`": x509: certificate signed by unknown authority (possibly because of "x509:
invalid signature: parent certificate cannot sign this kind of certificate"
while trying to verify candidate authority certificate "FlinkDeployment
Validator") (retried 3 times).`
---
| | [ 
](https://issues.apache.org/jira/browse/FLINK-28272#add-comment "Add Comment")
| [Add Comment](https://issues.apache.org/jira/browse/FLINK-28272#add-comment
"Add Comment")
---|---
| This message was sent by Atlassian Jira (v8.20.10#820010-sha1:ace47f9) | |
---