Open nak3 opened 2 years ago
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen
. Mark the issue as
fresh by adding the comment /remove-lifecycle stale
.
+1 same issue :/ On knative-serving 1.3.2.
I'm on knative-serving 1.9.2 and I'm getting this as well.
Name: test.dlvr-test.dlvr-test.fluxfederation.com
Namespace: test
Labels: networking.knative.dev/wildcardDomain=dlvr-test.dlvr-test.fluxfederation.com
Annotations: networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev
API Version: networking.internal.knative.dev/v1alpha1
Kind: Certificate
Metadata:
Creation Timestamp: 2023-04-05T20:42:18Z
Generation: 1
Managed Fields:
API Version: networking.internal.knative.dev/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:networking.knative.dev/certificate.class:
f:labels:
.:
f:networking.knative.dev/wildcardDomain:
f:ownerReferences:
.:
k:{"uid":"72ed00fb-17a0-47b9-8dc3-d8b3640f3685"}:
f:spec:
.:
f:dnsNames:
f:secretName:
Manager: controller
Operation: Update
Time: 2023-04-05T20:42:18Z
API Version: networking.internal.knative.dev/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
f:observedGeneration:
Manager: controller
Operation: Update
Subresource: status
Time: 2023-04-05T20:42:28Z
Owner References:
API Version: v1
Block Owner Deletion: true
Controller: true
Kind: Namespace
Name: test
UID: 72ed00fb-17a0-47b9-8dc3-d8b3640f3685
Resource Version: 29874350
UID: 4b7db946-1f9a-4296-839d-349ca9752309
Spec:
Dns Names:
*.test.dlvr-test.dlvr-test.fluxfederation.com
Secret Name: test.dlvr-test.dlvr-test.fluxfederation.com
Status:
Conditions:
Last Transition Time: 2023-04-05T20:42:28Z
Status: True
Type: Ready
Not After: 2023-07-04T19:42:22Z
Observed Generation: 1
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 16m namespace-controller Created Knative Certificate test/test.dlvr-test.dlvr-test.fluxfederation.com
Normal Created 16m certificate-controller Created Cert-Manager Certificate test/test.dlvr-test.dlvr-test.fluxfederation.com```
```get route -n test
NAME URL READY REASON
my-nginx https://my-nginx.test.dlvr-test.dlvr-test.fluxfederation.com Unknown CertificateNotReady`
This happened to our entire cluster when we upgraded from 1.7.2 -> 1.9.2, we ended up having to manually delete all the kservices and getting Argo to recreate them which causes the resolve to work. ```
Any update on this issue?
In what area(s)?
/area networking
What version of Knative?
HEAD
Steps to Reproduce the Problem
1. Deploy Knative with autoTLS.
2. Modify
config-certmanager
with the invalid valueNote: This is a simple step to produce the issue. The same issue happens with some other reasons like let's encrypt issued the certificates slowly.
BEFORE:
AFTER
3. Create Ksvc (it hangs due to invalid cert)
The status of Ksvc and route are
CertificateNotReady
as expected.4. Fix the cert by reverting step-2
AFTER
5. Check the status
Kcert and King become
Ready
.But Ksvc and Route are still
CertificateNotReady
.Expected Behavior
Actual Behavior