Open dprotaso opened 2 months ago
@dprotaso is not true that the certificate reconciler fills in the secret with a certificate based on the service name of the webhook and during the upgrade we override the secret with empty content? I suspect the new webhook controller loads the new cert before it is filled in by the reconciler and thus the error. I think we need to keep the secret around and not update it or wait for the webhook or something? I am wondering if instead of just presenting the certificate with GetCertificate we should also link readiness with proper certificate content (it happens elsewhere too tbh https://github.com/cert-manager/cert-manager/issues/3045)?
I wonder if we are clearing certificates?
Originally posted by @dprotaso in https://github.com/knative/serving/issues/15141#issuecomment-2066443436