search

redhat-cop / vault-config-operator

An operator to support Haschicorp Vault configuration workflows from within Kubernetes
Apache License 2.0
108 stars 49 forks source link

OLM Install - TLS handshake error from 10.129.0.35:34204: remote error: tls: bad certificate #206

Closed dlydiard closed 10 months ago

dlydiard commented 10 months ago

Using subscription

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: vault-config-operator
  namespace: vault-config-operator
spec:
  channel: alpha
  name: vault-config-operator
  source: community-operators
  sourceNamespace: openshift-marketplace
  installPlanApproval: Manual
  startingCSV: vault-config-operator.v0.8.24
  config:
    resources:
      requests:
        memory: 500Mi
        cpu: 100m
      limits:
        memory: 500Mi
    env:
      - name: VAULT_ADDR
        value: https://vault.external-host.dev:8200

I tried a fresh install after deleting the operator Namespace, and the operator logs report the error:

TLS handshake error from 10.xxx.xxx.xxx:34204: remote error: tls: bad certificate

Admission reports:

Internal error occurred: failed calling webhook "vkubernetesauthenginerole.kb.io": failed to call webhook: Post "https://vault-config-operator-controller-manager-service.vault-config-operator.svc:443/validate-redhatcop-redhat-io-v1alpha1-kubernetesauthenginerole?timeout=10s": x509: certificate signed by unknown authority

Not sure how to fix this issue, it's only happening on a few clusters.

dlydiard commented 10 months ago

FYI there was 2 issues: OLM did not cleanup old webhooks from a previous version. In addition, i added the service-ca cert ConfigMap to the subscription per the Docs recommendation and the TLS issues resolved.