This project contains Ansible code that creates a baseline in an existing Kubernetes environment for use with the SAS Viya Platform, generates the manifest for an order, and then can also deploy that order into the Kubernetes environment specified.
Apache License 2.0
71
stars
64
forks
source link
fix: (IAC-556) Incorrect tls.key in alertmanager-ingress-tls-secret #265
Issue Description:
Reported by Adam Bullock, "a recent deployment with monitoring and logging enabled, that the tls.key in the alertmanager-ingress-tls-secret was incorrect. The certificate was added instead of the key."
The following messages are logged in the ingress-nginx-controller log:
Error obtaining X.509 certificate: no object matching key "monitoring/alertmanager-ingress-tls-secret" in local store Error getting SSL certificate "monitoring/alertmanager-ingress-tls-secret": local SSL certificate monitoring/alertmanager-ingress-tls-secret was not found. Using default certificate
Rationale for setting the the delete namespace timeouts to 10 mins is that I found existing namespace operations that were already set to use a 10 minute timeout so it made sense to keep them all the same.
Issue Description: Reported by Adam Bullock, "a recent deployment with monitoring and logging enabled, that the tls.key in the alertmanager-ingress-tls-secret was incorrect. The certificate was added instead of the key."
The following messages are logged in the ingress-nginx-controller log:
Error obtaining X.509 certificate: no object matching key "monitoring/alertmanager-ingress-tls-secret" in local store Error getting SSL certificate "monitoring/alertmanager-ingress-tls-secret": local SSL certificate monitoring/alertmanager-ingress-tls-secret was not found. Using default certificate
The problematic line: https://github.com/sassoftware/viya4-deployment/blob/main/roles/monitoring/tasks/cluster-monitoring.yaml#L118
Rationale for setting the the delete namespace timeouts to 10 mins is that I found existing namespace operations that were already set to use a 10 minute timeout so it made sense to keep them all the same.