Open lapete opened 8 months ago
@lapete Thank you for the feedback!
I noticed an error in the log saying "server gave HTTP response to HTTPS client." It seems like the webhook certificate in the operator may not be set up properly. Could you please verify if there is a secret named webhook-server-cert
created in the current namespace?
I have the same issue and the secret webhook-server-cert
is not present. I can confirm that the workaround with disabling webhooks works.
Now I'm fighting with the error Can't open or create append-only dir appendonlydir: Permission denied
Also, on the topic of issues with the webhook, it seems that the webhook is the only place where the redis-operator
namespace is hardcoded. I initially wanted to use a different namespace, but then the webhook-service
couldn't be found.
The secret isn't present in my case either.
@lapete Here's a method to deploy an operator with webhook enabled using cert-manager. You can find more details at https://github.com/OT-CONTAINER-KIT/helm-charts/tree/main/charts/redis-operator.
The webhook service namespace is hardcoded in CRD, but helm chart doesn't care about this namespace The webhook service is enabled, even with default webhook=false
I have the same issue and the secret
webhook-server-cert
is not present. I can confirm that the workaround with disabling webhooks works.Now I'm fighting with the error
Can't open or create append-only dir appendonlydir: Permission denied
Also, on the topic of issues with the webhook, it seems that the webhook is the only place where the
redis-operator
namespace is hardcoded. I initially wanted to use a different namespace, but then thewebhook-service
couldn't be found.
Have you fixed that permission denied error? It seems to originate from here https://github.com/OT-CONTAINER-KIT/redis/blob/b3694110028644463d1477d689e5f529abe8616f/entrypoint.sh#L86
Persistence seems to be enabled by simply specifying the storage.volumeClaimTemplate option, which is the default with the latest chart. The volume is mounted but permissions are never applied. Workaround is to disable persistence, if that's an option for you.
Same problem here, the secret webhook-server-cert
does not exist and I am seeing the same error messages
failed to list redis.redis.opstreelabs.in/v1beta1, Kind=RedisReplication: conversion webhook for redis.redis.opstreelabs.in/v1beta2, Kind=RedisReplication failed: Post \"https://webhook-service.redis-operator.svc:443/convert?timeout=30s\": service \"webhook-service\" not found
What version of redis operator are you using? 0.15.1
Does this issue reproduce with the latest release? Yes
What operating system and processor architecture are you using (
kubectl version
)?What did you do?
kubectl get redis.redis.redis.opstreelabs.in -A
What did you expect to see?
What did you see instead?
Back-off restarting failed container redis-operator in pod redis-operator-78774444d-jgml9_redis-operator
Additional Notes
Workaround
Redis Operator Pod Log