search

skupperproject / skupper

Skupper is an implementation of a Virtual Application Network, enabling rich hybrid cloud communication.
http://skupper.io
Apache License 2.0
584 stars 72 forks source link

[v2] controller does not recover certificate state after restart #1673

Open c-kruse opened 1 week ago

c-kruse commented 1 week ago

Describe the bug After restarting the controller certificates are broken. It looks like this may just be a matter of a missing label we expect to be on a secret - associated with this TODO comment: https://github.com/skupperproject/skupper/blob/7d9c4c4fe9ac93e2b8c92502e5b1311ae9a6f67d/pkg/kube/certificates/mgr.go#L232

Certificates after restarting the controller.

skupper     skupper-grant-server      skupper-grant-server-ca   true                        CA "skupper/skupper-grant-server-ca" not found
skupper     skupper-grant-server-ca                                               true      secrets "skupper-grant-server-ca" already exists
c-kruse commented 1 week ago

I suppose it is more about https://github.com/skupperproject/skupper/blob/7d9c4c4fe9ac93e2b8c92502e5b1311ae9a6f67d/pkg/kube/certificates/mgr.go#L52 and what exactly the plan is with the internal.skupper.io/certificate label in options() is. I'm not quite clear on what the idea here is, but I suppose just copying labels from the certificate would only fix certificates that have that label.