search

GoogleCloudPlatform / flink-on-k8s-operator

[DEPRECATED] Kubernetes operator for managing the lifecycle of Apache Flink and Beam applications.
Apache License 2.0
659 stars 265 forks source link

k8s 1.19 golang 1.15 doesn't like the webhook cert generated #430

Open sgraham785 opened 3 years ago

sgraham785 commented 3 years ago

Kubernetes 1.19 updates Golang to 1.15+ which throws this error when trying to validate the webhook caBundle:

Post \"https://flink-operator-webhook-service.<namespace>.svc:443/mutate-flinkoperator-k8s-io-v1beta1-flinkcluster?timeout=30s\":
      x509: certificate relies on legacy Common Name field, use SANs or temporarily
      enable Common Name matching with GODEBUG=x509ignoreCN=0'\nkind: Status
message: 'Internal error occurred: failed calling webhook \"mflinkcluster.flinkoperator.k8s.io\":
  Post \"https://flink-operator-webhook-service.<namespace>.svc:443/mutate-flinkoperator-k8s-io-v1beta1-flinkcluster?timeout=30s\":
  x509: certificate relies on legacy Common Name field, use SANs or temporarily enable\n  Common Name matching with GODEBUG=x509ignoreCN=0'

Corrective PR to follow

pashtet04 commented 3 years ago

I applied generate-cert.yaml fixes from branch sgraham785:sg/add-san-to-cabundle, but still got an error while create flinkcluster

Error from server (InternalError): error when creating "processing.yaml": Internal error occurred: failed calling webhook "mflinkcluster.flinkoperator.k8s.io": Post "https://flink-operator-webhook-service.flink-operator-system.svc:443/mutate-flinkoperator-k8s-io-v1beta1-flinkcluster?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0