Open domq opened 3 months ago
I am facing the same issue on Openshift 4.14 and Cilium 1.15.1 with cilium-apiserver enabled and default TLS settings. Operator seems to generate new apiserver certificates with each Helm run, which puts it into endless reconciliation loop. I am at Helm iteration 1670 after couple hours + this is making OLM pod consume 1 CPU and generate massive amount of logs with debug enabled + it keeps changing generated secret with each run.
What I attempted: install Cilium on OpenShift 4.13.32, according to the instructions
What I expected would happen: the
cilium-olm
operator would do its thing, and then go sit tight in the background.What I observed instead:
watch helm ls -A
shows theREVISION
of thecilium
Helm chart going up roughly once every 7 seconds.Diffing two subsequent versions of
oc -n cilium get secret -o yaml
shows that thetls.crt
andtls.key
entriessecret/hubble-server-certs
andsecret/hubble-relay-client-certs
are changed each time, as well as some sequence numbers and Helm'srelease
fields.Setting
hubble.auto.tls.method
tocertmanager
stops the upgrade loop.