Open gertcuykens opened 5 years ago
Hey @gertcuykens, sorry for the delay! I've been out for a couple weeks.
Is this readily reproducible? I could see things getting into this scenario if some init container created a CSR, then got killed before it was approved, then the admin approved the certificate. It's certainly a failure of the code here if it doesn't handle that scenario (it should be happy to just grab the signed cert), but I want to know if that's all the happened or if there's something more fundamental that went wrong here.
I can't see why it would, but I also wonder if changing the directory to -certs-dir=/cockroach-client
is causing problems.
Yes I think I didn't do anything special, unfortunalty I dont have a kubenernets available to dig into. Pretty sure it will come up again, let just wait until somebody else encounters it too
Just to note: deleting the CSR with kubectl delete csr <name>
and retrying then approving fixes the issue. I've kinda wasted embarrassingly long time on how to overcome this problem even though it was very obvious so I hope anyone else seeing this saves some time :smile:
request-cert type node works but type client give me the following error
;
but that doesn't work for me.