chore(tracking): Check and update getting-started scripts for 24.11

[NickLarsenNZ]

Pre-Release Getting Started Script Updates

Part of https://github.com/stackabletech/issues/issues/647

In each operator repository, run the following commands. If any updates are required, open a PR using the applicable link below.

# Some of the scripts are in a code/ subdirectory
# pushd docs/modules/superset/examples/getting_started
# pushd docs/modules/superset/examples/getting_started/code
pushd $(fd -td getting_started | grep examples); cd code 2>/dev/null || true

# Make a fresh cluster (~12 seconds)
kind delete cluster && kind create cluster
./getting_started.sh stackablectl

# Make a fresh cluster (~12 seconds)
kind delete cluster && kind create cluster
./getting_started.sh helm

popd

[!TIP] Create branches with predictable names so the links below work. Remember to replace xx.(x)x with the appropriate release version:

git stash -m "unsaved work"
git fetch origin
git checkout -b fix/getting-started-pre-24.11 origin/main

Then use the links below to automatically create applicable PRs for each operator using the PR template.

Replace the items in the task lists below with the applicable Pull Requests (if any).

### Getting Started Script Checks and Updates
- [x] Update getting-started script for airflow-operator @adwk67
- [x] ~Update getting-started script for commons-operator~ (no GSG)
- [x] https://github.com/stackabletech/druid-operator/pull/643
- [x] ~Update getting-started script for edc-operator~ (no GSG)
- [x] Update getting-started script for hbase-operator @NickLarsenNZ (~pending: https://github.com/stackabletech/hbase-operator/issues/508~ Not doing this release)
- [x] Update getting-started script for hdfs-operator @adwk67
- [x] ~Update getting-started script for hello-world-operator~
- [x] Update getting-started script for hive-operator @adwk67
- [x] https://github.com/stackabletech/kafka-operator/pull/778
- [x] ~Update getting-started script for listener-operator~ (no GSG)
- [x] Update getting-started script for nifi-operator @NickLarsenNZ
- [x] Update getting-started script for opa-operator @NickLarsenNZ
- [x] ~Update getting-started script for secret-operator~ (no GSG)
- [x] Update getting-started script for spark-k8s-operator @NickLarsenNZ
- [x] Update getting-started script for superset-operator @NickLarsenNZ
- [x] Update getting-started script for trino-operator @NickLarsenNZ (worked for @adwk67)
- [x] Update getting-started script for zookeeper-operator @NickLarsenNZ

[NickLarsenNZ]

On the first run of trino-operator getting_started it timed-out. ~I'll treat it as a transient error, but recording it here in case we see it more often in future.~

``` ❯ ./getting_started.sh stackablectl installing Operators with stackablectl Installed commons=0.0.0-dev operator Installed secret=0.0.0-dev operator Installed listener=0.0.0-dev operator Installed trino=0.0.0-dev operator Installed 4 operators Use "stackablectl operator installed [OPTIONS]" to list installed operators. Installing Trino cluster from trino.yaml trinocluster.trino.stackable.tech/simple-trino created Awaiting Trino rollout finish Waiting for 1 pods to be ready... error: timed out waiting for the condition ``` The same thing happened with the helm install ``` ❯ ./getting_started.sh helm Adding 'stackable-dev' Helm Chart repository "stackable-dev" already exists with the same configuration, skipping Updating Helm repo Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "minio" chart repository ...Successfully got an update from the "vector" chart repository ...Successfully got an update from the "stackable-dev" chart repository ...Successfully got an update from the "stackable-stable" chart repository ...Successfully got an update from the "jetstack" chart repository ...Successfully got an update from the "grafana" chart repository ...Successfully got an update from the "bitnami" chart repository Update Complete. ⎈Happy Helming!⎈ Installing Operators with Helm NAME: commons-operator LAST DEPLOYED: Wed Oct 30 14:32:38 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NAME: secret-operator LAST DEPLOYED: Wed Oct 30 14:32:54 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NAME: listener-operator LAST DEPLOYED: Wed Oct 30 14:33:13 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NAME: trino-operator LAST DEPLOYED: Wed Oct 30 14:33:33 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None Installing Trino cluster from trino.yaml trinocluster.trino.stackable.tech/simple-trino created Awaiting Trino rollout finish Waiting for 1 pods to be ready... error: timed out waiting for the condition ```

waiting for ephemeral volume controller to create the persistentvolumeclaim "simple-trino-coordinator-default-0-server-tls-mount". preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling.

While the pods are still waiting for a volume, I can see the PVC has been created and is bound to a PV.

The two in red are waiting on volume provisioning, ~so I think this is the usual KinD takes a while to provision volumes issue~.

(ignore the Age values, the screenshot was taken on a separate run, and the pods were still waiting)

Full secret-operator log (all containers)

``` secret-operator 2024-10-30T14:20:34.913008Z INFO stackable_operator::utils::logging: Starting Stackable Operator for managing credentials node-driver-registrar I1030 14:20:47.211400 1 main.go:150] "Version" version="v2.11.1" node-driver-registrar I1030 14:20:47.211450 1 main.go:151] "Running node-driver-registrar" mode="" node-driver-registrar I1030 14:20:47.214331 1 node_register.go:56] "Starting Registration Server" socketPath="/registration/secrets.stackable.tech-reg.sock" node-driver-registrar I1030 14:20:47.214495 1 node_register.go:66] "Registration Server started" socketPath="/registration/secrets.stackable.tech-reg.sock" external-provisioner W1030 14:20:44.180593 1 feature_gate.go:246] Setting GA feature gate Topology=true. It will be removed in a future release. external-provisioner I1030 14:20:44.180650 1 csi-provisioner.go:154] Version: v5.0.1 external-provisioner I1030 14:20:44.180653 1 csi-provisioner.go:177] Building kube configs for running in cluster... external-provisioner I1030 14:20:44.181383 1 common.go:143] "Probing CSI driver for readiness" node-driver-registrar I1030 14:20:47.214529 1 node_register.go:96] "Skipping HTTP server" node-driver-registrar I1030 14:20:47.402299 1 main.go:96] "Received GetInfo call" request="&InfoRequest{}" node-driver-registrar I1030 14:20:47.420042 1 main.go:108] "Received NotifyRegistrationStatus call" status="&RegistrationStatus{PluginRegistered:true,Error:,}" secret-operator 2024-10-30T14:20:34.913017Z INFO stackable_operator::utils::logging: This is version 0.0.0-dev (Git information: c57ddf9), built for x86_64-unknown-linux-gnu by rustc 1.81.0 (eeb90cda1 2024-09-04) at Tue, 29 Oct 2024 17:34:29 +0000 secret-operator 2024-10-30T14:20:34.913283Z INFO stackable_operator::utils::cluster_info: Defaulting Kubernetes cluster domain as it has not been configured cluster_domain=cluster.local secret-operator 2024-10-30T14:20:57.512290Z INFO stackable_secret_operator::backend::tls::ca: Provisioning a new CA certificate, because it could not be found secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators ca=CertificateAuthority(serial=11139858083101190612) ca.not_after=2025-10-30 14:20:56.894428263 +00:00:00 secret-operator 2024-10-30T14:20:57.512325Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:20:57.512312602 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.894428263 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation migrate-longer-csi-registration-path + ls -la /registration external-provisioner I1030 14:20:44.182763 1 csi-provisioner.go:302] CSI driver does not support PUBLISH_UNPUBLISH_VOLUME, not watching VolumeAttachments secret-operator 2024-10-30T14:20:57.512331Z INFO stackable_secret_operator::backend::tls::ca: CA has been modified, saving secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators secret-operator 2024-10-30T14:20:58.318514Z INFO stackable_secret_operator::backend::tls::ca: Provisioning a new CA certificate, because it could not be found secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators ca=CertificateAuthority(serial=730959540306216781) ca.not_after=2025-10-30 14:20:57.512469253 +00:00:00 secret-operator 2024-10-30T14:20:58.318538Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:20:58.31852965 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=730959540306216781) newest_ca.not_after=2025-10-30 14:20:57.512469253 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation external-provisioner I1030 14:20:44.284098 1 controller.go:824] "Starting provisioner controller" component="secrets.stackable.tech_secret-operator-daemonset-x82vw_e2ba03ae-fcb6-4fd6-ad60-378415e29a8d" external-provisioner I1030 14:20:44.284168 1 volume_store.go:98] "Starting save volume queue" migrate-longer-csi-registration-path total 8 migrate-longer-csi-registration-path drwxr-x--- 2 root root 4096 Oct 30 14:16 . migrate-longer-csi-registration-path drwxr-xr-x 1 root root 4096 Oct 30 14:20 .. migrate-longer-csi-registration-path Removing old (long) CSI registration path migrate-longer-csi-registration-path + echo 'Removing old (long) CSI registration path' migrate-longer-csi-registration-path + '[' -d /registration/secrets.stackable.tech-reg.sock ']' migrate-longer-csi-registration-path + ls -la /registration migrate-longer-csi-registration-path total 8 migrate-longer-csi-registration-path drwxr-x--- 2 root root 4096 Oct 30 14:16 . migrate-longer-csi-registration-path drwxr-xr-x 1 root root 4096 Oct 30 14:20 .. external-provisioner I1030 14:20:44.384760 1 controller.go:873] "Started provisioner controller" component="secrets.stackable.tech_secret-operator-daemonset-x82vw_e2ba03ae-fcb6-4fd6-ad60-378415e29a8d" secret-operator 2024-10-30T14:20:58.318543Z INFO stackable_secret_operator::backend::tls::ca: CA has been modified, saving secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators secret-operator 2024-10-30T14:20:58.415065Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:20:58.415036291 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.0 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation secret-operator 2024-10-30T14:20:58.415745Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:20:58.415733455 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.0 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation external-provisioner I1030 14:20:56.884585 1 event.go:389] "Event occurred" object="default/simple-trino-coordinator-default-0-server-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="Provisioning" message="External provisioner is provisioning volume for claim \"default/simple-trino-coordinator-default-0-server-tls-mount\"" secret-operator 2024-10-30T14:20:59.424296Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:20:59.424272639 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.0 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation external-provisioner I1030 14:20:56.885942 1 event.go:389] "Event occurred" object="default/simple-trino-coordinator-default-0-internal-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="Provisioning" message="External provisioner is provisioning volume for claim \"default/simple-trino-coordinator-default-0-internal-tls-mount\"" secret-operator 2024-10-30T14:21:01.915334Z INFO stackable_secret_operator::csi_server::node: Received NodePublishVolume request volume.path=/var/lib/kubelet/pods/5351de03-c98c-439c-96f2-4cfde5f05cd1/volumes/kubernetes.io~csi/pvc-5ecf0901-63c5-42be-8dbe-9833acce7817/mount external-provisioner I1030 14:20:56.976971 1 event.go:389] "Event occurred" object="default/simple-trino-worker-default-0-server-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="Provisioning" message="External provisioner is provisioning volume for claim \"default/simple-trino-worker-default-0-server-tls-mount\"" external-provisioner I1030 14:20:56.976988 1 event.go:389] "Event occurred" object="default/simple-trino-worker-default-0-internal-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="Provisioning" message="External provisioner is provisioning volume for claim \"default/simple-trino-worker-default-0-internal-tls-mount\"" external-provisioner I1030 14:20:58.410113 1 controller.go:951] "Retrying syncing claim" key="0218ee00-f5e0-4d4e-86ce-e977d1a32930" failures=0 external-provisioner E1030 14:20:58.410136 1 controller.go:974] error syncing claim "0218ee00-f5e0-4d4e-86ce-e977d1a32930": failed to provision volume with StorageClass "secrets.stackable.tech": rpc error: code = Unavailable desc = failed to initialize backend: failed to initialize backend for SecretClass.v1alpha1.secrets.stackable.tech/tls: failed to initialize TLS backend: failed to load CA: failed to save CA certificate to Secret.v1./secret-provisioner-tls-ca.stackable-operators: failed to save object: ApiError: secrets "secret-provisioner-tls-ca" already exists: AlreadyExists (ErrorResponse { status: "Failure", message: "secrets \"secret-provisioner-tls-ca\" already exists", reason: "AlreadyExists", code: 409 }): secrets "secret-provisioner-tls-ca" already exists: AlreadyExists secret-operator 2024-10-30T14:21:01.915492Z INFO stackable_secret_operator::csi_server::node: Received NodePublishVolume request volume.path=/var/lib/kubelet/pods/5351de03-c98c-439c-96f2-4cfde5f05cd1/volumes/kubernetes.io~csi/pvc-07839847-8d4f-49ed-8eda-d72fe2de9681/mount external-provisioner I1030 14:20:58.410178 1 event.go:389] "Event occurred" object="default/simple-trino-coordinator-default-0-internal-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Warning" reason="ProvisioningFailed" message="failed to provision volume with StorageClass \"secrets.stackable.tech\": rpc error: code = Unavailable desc = failed to initialize backend: failed to initialize backend for SecretClass.v1alpha1.secrets.stackable.tech/tls: failed to initialize TLS backend: failed to load CA: failed to save CA certificate to Secret.v1./secret-provisioner-tls-ca.stackable-operators: failed to save object: ApiError: secrets \"secret-provisioner-tls-ca\" already exists: AlreadyExists (ErrorResponse { status: \"Failure\", message: \"secrets \\\"secret-provisioner-tls-ca\\\" already exists\", reason: \"AlreadyExists\", code: 409 }): secrets \"secret-provisioner-tls-ca\" already exists: AlreadyExists" secret-operator 2024-10-30T14:21:01.926608Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:21:01.926550942 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.0 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation secret-operator 2024-10-30T14:21:01.926658Z INFO stackable_secret_operator::csi_server::node: issuing secret for Pod pod=Pod.v1./simple-trino-worker-default-0.default selector=SecretVolumeSelector { internal: InternalSecretVolumeSelectorParams { pvc_name: Some("simple-trino-worker-default-0-server-tls-mount") }, class: "tls", scope: [Pod, Node], pod: "simple-trino-worker-default-0", namespace: "default", format: Some(TlsPkcs12), kerberos_service_names: ["HTTP"], compat_tls_pkcs12_password: None, autotls_cert_lifetime: Duration(86400s), autotls_cert_restart_buffer: Duration(21600s), autotls_cert_jitter_factor: 0.2, cert_manager_cert_lifetime: None } pod_info=PodInfo { pod_ips: ], service_name: Some("simple-trino-worker-default"), node_name: "kind-control-plane", node_ips: [172.18.0.2], listener_addresses: {}, kubernetes_cluster_domain: DomainName("cluster.local"), scheduling: SchedulingPodInfo { namespace: "default", volume_listener_names: {}, has_node_scope: true } } backend=TlsGenerate { ca_manager: Manager { certificate_authorities: [CertificateAuthority { certificate: X509 { serial_number: "9A98B9E7B382A9D4", signature_algorithm: sha256WithRSAEncryption, issuer: [commonName = "secret-operator self-signed"], subject: [commonName = "secret-operator self-signed"], not_before: Oct 30 14:15:56 2024 GMT, not_after: Oct 30 14:20:56 2025 GMT, public_key: PKey { algorithm: "RSA" } }, private_key: , not_after: 2025-10-30 14:20:56.0 +00:00:00 }] }, max_cert_lifetime: Duration(1296000s), key_generation: Rsa { length: 2048 } } secret-operator 2024-10-30T14:21:01.926748Z INFO stackable_secret_operator::backend::tls: Applying jitter to certificate lifetime certificate.lifetime.requested=1d certificate.lifetime.jitter=1h21m39s894ms certificate.lifetime.jitter.factor=0.056711745398807835 certificate.lifetime.jitter.factor.cap=0.2 certificate.lifetime=22h38m20s105ms external-provisioner I1030 14:20:58.412741 1 event.go:389] "Event occurred" object="default/simple-trino-coordinator-default-0-server-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="ProvisioningSucceeded" message="Successfully provisioned volume pvc-8ae8b3fd-0e1a-45c4-bf80-1be6b184a22f" external-provisioner I1030 14:20:58.417111 1 event.go:389] "Event occurred" object="default/simple-trino-worker-default-0-server-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="ProvisioningSucceeded" message="Successfully provisioned volume pvc-07839847-8d4f-49ed-8eda-d72fe2de9681" external-provisioner I1030 14:20:58.417592 1 event.go:389] "Event occurred" object="default/simple-trino-worker-default-0-internal-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="ProvisioningSucceeded" message="Successfully provisioned volume pvc-5ecf0901-63c5-42be-8dbe-9833acce7817" secret-operator 2024-10-30T14:21:02.612199Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:21:02.612181293 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.0 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation external-provisioner I1030 14:20:59.410622 1 event.go:389] "Event occurred" object="default/simple-trino-coordinator-default-0-internal-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="Provisioning" message="External provisioner is provisioning volume for claim \"default/simple-trino-coordinator-default-0-internal-tls-mount\"" external-provisioner I1030 14:20:59.426595 1 event.go:389] "Event occurred" object="default/simple-trino-coordinator-default-0-internal-tls-mount" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="ProvisioningSucceeded" message="Successfully provisioned volume pvc-0218ee00-f5e0-4d4e-86ce-e977d1a32930" secret-operator 2024-10-30T14:21:02.612216Z INFO stackable_secret_operator::csi_server::node: issuing secret for Pod pod=Pod.v1./simple-trino-worker-default-0.default selector=SecretVolumeSelector { internal: InternalSecretVolumeSelectorParams { pvc_name: Some("simple-trino-worker-default-0-internal-tls-mount") }, class: "tls", scope: [Pod, Node], pod: "simple-trino-worker-default-0", namespace: "default", format: Some(TlsPkcs12), kerberos_service_names: ["HTTP"], compat_tls_pkcs12_password: None, autotls_cert_lifetime: Duration(86400s), autotls_cert_restart_buffer: Duration(21600s), autotls_cert_jitter_factor: 0.2, cert_manager_cert_lifetime: None } pod_info=PodInfo { pod_ips: ], service_name: Some("simple-trino-worker-default"), node_name: "kind-control-plane", node_ips: [172.18.0.2], listener_addresses: {}, kubernetes_cluster_domain: DomainName("cluster.local"), scheduling: SchedulingPodInfo { namespace: "default", volume_listener_names: {}, has_node_scope: true } } backend=TlsGenerate { ca_manager: Manager { certificate_authorities: [CertificateAuthority { certificate: X509 { serial_number: "9A98B9E7B382A9D4", signature_algorithm: sha256WithRSAEncryption, issuer: [commonName = "secret-operator self-signed"], subject: [commonName = "secret-operator self-signed"], not_before: Oct 30 14:15:56 2024 GMT, not_after: Oct 30 14:20:56 2025 GMT, public_key: PKey { algorithm: "RSA" } }, private_key: , not_after: 2025-10-30 14:20:56.0 +00:00:00 }] }, max_cert_lifetime: Duration(1296000s), key_generation: Rsa { length: 2048 } } secret-operator 2024-10-30T14:21:02.612235Z INFO stackable_secret_operator::backend::tls: Applying jitter to certificate lifetime certificate.lifetime.requested=1d certificate.lifetime.jitter=3h9m25s818ms certificate.lifetime.jitter.factor=0.13154882553137479 certificate.lifetime.jitter.factor.cap=0.2 certificate.lifetime=20h50m34s181ms secret-operator 2024-10-30T14:21:05.019037Z INFO stackable_secret_operator::csi_server::node: Received NodePublishVolume request volume.path=/var/lib/kubelet/pods/e1c2c688-219a-4f8d-89bf-ac067da0625e/volumes/kubernetes.io~csi/pvc-8ae8b3fd-0e1a-45c4-bf80-1be6b184a22f/mount secret-operator 2024-10-30T14:21:05.019090Z INFO stackable_secret_operator::csi_server::node: Received NodePublishVolume request volume.path=/var/lib/kubelet/pods/e1c2c688-219a-4f8d-89bf-ac067da0625e/volumes/kubernetes.io~csi/pvc-0218ee00-f5e0-4d4e-86ce-e977d1a32930/mount secret-operator 2024-10-30T14:21:05.115164Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:21:05.115140749 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.0 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation secret-operator 2024-10-30T14:21:05.115184Z INFO stackable_secret_operator::csi_server::node: issuing secret for Pod pod=Pod.v1./simple-trino-coordinator-default-0.default selector=SecretVolumeSelector { internal: InternalSecretVolumeSelectorParams { pvc_name: Some("simple-trino-coordinator-default-0-server-tls-mount") }, class: "tls", scope: [Pod, Node], pod: "simple-trino-coordinator-default-0", namespace: "default", format: Some(TlsPkcs12), kerberos_service_names: ["HTTP"], compat_tls_pkcs12_password: None, autotls_cert_lifetime: Duration(86400s), autotls_cert_restart_buffer: Duration(21600s), autotls_cert_jitter_factor: 0.2, cert_manager_cert_lifetime: None } pod_info=PodInfo { pod_ips: ], service_name: Some("simple-trino-coordinator-default"), node_name: "kind-control-plane", node_ips: [172.18.0.2], listener_addresses: {}, kubernetes_cluster_domain: DomainName("cluster.local"), scheduling: SchedulingPodInfo { namespace: "default", volume_listener_names: {}, has_node_scope: true } } backend=TlsGenerate { ca_manager: Manager { certificate_authorities: [CertificateAuthority { certificate: X509 { serial_number: "9A98B9E7B382A9D4", signature_algorithm: sha256WithRSAEncryption, issuer: [commonName = "secret-operator self-signed"], subject: [commonName = "secret-operator self-signed"], not_before: Oct 30 14:15:56 2024 GMT, not_after: Oct 30 14:20:56 2025 GMT, public_key: PKey { algorithm: "RSA" } }, private_key: , not_after: 2025-10-30 14:20:56.0 +00:00:00 }] }, max_cert_lifetime: Duration(1296000s), key_generation: Rsa { length: 2048 } } secret-operator 2024-10-30T14:21:05.115207Z INFO stackable_secret_operator::backend::tls: Applying jitter to certificate lifetime certificate.lifetime.requested=1d certificate.lifetime.jitter=3h6m59s886ms certificate.lifetime.jitter.factor=0.12985979807093803 certificate.lifetime.jitter.factor.cap=0.2 certificate.lifetime=20h53m113ms secret-operator 2024-10-30T14:21:06.515555Z INFO ca_rotation{secret=Secret.v1./secret-provisioner-tls-ca.stackable-operators cutoff=2025-05-01 2:21:06.515510656 +00:00:00 cutoff.duration=182d12h newest_ca=CertificateAuthority(serial=11139858083101190612) newest_ca.not_after=2025-10-30 14:20:56.0 +00:00:00}: stackable_secret_operator::backend::tls::ca: CA is not close to expiring, will not initiate rotation secret-operator 2024-10-30T14:21:06.515599Z INFO stackable_secret_operator::csi_server::node: issuing secret for Pod pod=Pod.v1./simple-trino-coordinator-default-0.default selector=SecretVolumeSelector { internal: InternalSecretVolumeSelectorParams { pvc_name: Some("simple-trino-coordinator-default-0-internal-tls-mount") }, class: "tls", scope: [Pod, Node], pod: "simple-trino-coordinator-default-0", namespace: "default", format: Some(TlsPkcs12), kerberos_service_names: ["HTTP"], compat_tls_pkcs12_password: None, autotls_cert_lifetime: Duration(86400s), autotls_cert_restart_buffer: Duration(21600s), autotls_cert_jitter_factor: 0.2, cert_manager_cert_lifetime: None } pod_info=PodInfo { pod_ips: ], service_name: Some("simple-trino-coordinator-default"), node_name: "kind-control-plane", node_ips: [172.18.0.2], listener_addresses: {}, kubernetes_cluster_domain: DomainName("cluster.local"), scheduling: SchedulingPodInfo { namespace: "default", volume_listener_names: {}, has_node_scope: true } } backend=TlsGenerate { ca_manager: Manager { certificate_authorities: [CertificateAuthority { certificate: X509 { serial_number: "9A98B9E7B382A9D4", signature_algorithm: sha256WithRSAEncryption, issuer: [commonName = "secret-operator self-signed"], subject: [commonName = "secret-operator self-signed"], not_before: Oct 30 14:15:56 2024 GMT, not_after: Oct 30 14:20:56 2025 GMT, public_key: PKey { algorithm: "RSA" } }, private_key: , not_after: 2025-10-30 14:20:56.0 +00:00:00 }] }, max_cert_lifetime: Duration(1296000s), key_generation: Rsa { length: 2048 } } secret-operator 2024-10-30T14:21:06.515657Z INFO stackable_secret_operator::backend::tls: Applying jitter to certificate lifetime certificate.lifetime.requested=1d certificate.lifetime.jitter=2h37m963ms certificate.lifetime.jitter.factor=0.10903893111404944 certificate.lifetime.jitter.factor.cap=0.2 certificate.lifetime=21h22m59s36ms Stream closed EOF for stackable-operators/secret-operator-daemonset-x82vw (migrate-longer-csi-registration-path) ```

---

Edit: Works for other people, so it seems to be a local issue.

[adwk67]

Kafka-operator

As we are now using the listener, port 9093 is exposed instead of 9092. The broker reports: Failed authentication with /127.0.0.1 (channelId=127.0.0.1:9093-127.0.0.1:32822-112) (SSL handshake failed) (Although the kafka.yaml does not enforce client-server TLS).

[NickLarsenNZ]

I have tested the HBase getting-started without https://github.com/stackabletech/hbase-operator/issues/508 as it seems it won't make the release.

If https://github.com/stackabletech/hbase-operator/issues/508 is merged, the getting_started test needs doing.