Closed dlydiard closed 10 months ago
Using subscription
apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: vault-config-operator namespace: vault-config-operator spec: channel: alpha name: vault-config-operator source: community-operators sourceNamespace: openshift-marketplace installPlanApproval: Manual startingCSV: vault-config-operator.v0.8.24 config: resources: requests: memory: 500Mi cpu: 100m limits: memory: 500Mi env: - name: VAULT_ADDR value: https://vault.external-host.dev:8200
I tried a fresh install after deleting the operator Namespace, and the operator logs report the error:
TLS handshake error from 10.xxx.xxx.xxx:34204: remote error: tls: bad certificate
Admission reports:
Internal error occurred: failed calling webhook "vkubernetesauthenginerole.kb.io": failed to call webhook: Post "https://vault-config-operator-controller-manager-service.vault-config-operator.svc:443/validate-redhatcop-redhat-io-v1alpha1-kubernetesauthenginerole?timeout=10s": x509: certificate signed by unknown authority
Not sure how to fix this issue, it's only happening on a few clusters.
FYI there was 2 issues: OLM did not cleanup old webhooks from a previous version. In addition, i added the service-ca cert ConfigMap to the subscription per the Docs recommendation and the TLS issues resolved.
Using subscription
I tried a fresh install after deleting the operator Namespace, and the operator logs report the error:
Admission reports:
Not sure how to fix this issue, it's only happening on a few clusters.