search

kiwix / operations

Kiwix Kubernetes Cluster
http://charts.k8s.kiwix.org/
6 stars 0 forks source link

Cleanup old TLS secrets #115

Closed benoit74 closed 1 year ago

benoit74 commented 1 year ago

Cert-manager is complaining about missing certificates for some existing secrets:

cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"<certificates.cert-manager.io>\" not found" "certificate │
│ "={"Namespace":"<certificate namespace >","Name":"<certificate name>"} "secret"={"Namespace":"<secret namespace>","Name":"<secret name>"}

This is due to the fact that TLS secrets are not persisted in the repo and hence not cleaned-up when we remove the service and its certificate.

Secrets have to be deleted manually (todo once production is stable again / next monday hopefully)

certificates.cert-manager.io certificate namespace certificate name secret namespace secret name
api-farm-youzim-it zimfarm api-farm-youzim-it zimfarm api-farm-youzim-it-tls
stats-kiwix-org-staging stats stats-kiwix-org-staging stats stats-kiwix-org-staging-tls
│ library-test-k8s-kiwix-org zim library-test-k8s-kiwix-org zim library-test-k8s-kiwix-org-tls
│ extension-kiwix-org pwa extension-kiwix-org pwa extension-kiwix-org-tls
│ farm2-openzim-org zimfarm farm2-openzim-org zimfarm farm2-openzim-org-tls
benoit74 commented 1 year ago

Done