Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expanded Letsencrypt certificate chain breaks kubernetes-reflector #191

Closed
scarby opened this issue Jun 21, 2021 · 3 comments · Fixed by #223
Closed

Expanded Letsencrypt certificate chain breaks kubernetes-reflector #191

scarby opened this issue Jun 21, 2021 · 3 comments · Fixed by #223
Labels
stale

Comments

@scarby
Copy link

scarby commented Jun 21, 2021
edited
Loading

As mentioned here of may 4th letsencrypt increased the size of their certificate chain and are now including 3 certificates rather than 2.

This causes the reflector to fail when watching the secret and never update secrets in other namespaces.

In this case this is evidenced by the following error message:

2021-06-21 19:05:33.626 +00:00 [ERR] (ES.Kubernetes.Reflector.Secrets.VMwareMirror) V1Secret watcher  Faulted
System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown.
   at System.String.Ctor(Char[] value, Int32 startIndex, Int32 length)
   at Newtonsoft.Json.JsonTextReader.ParseReadString(Char quote, ReadType readType)
   at Newtonsoft.Json.JsonTextReader.ParseValue()
   at Newtonsoft.Json.JsonReader.Skip()
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetExtensionData(JsonObjectContract contract, JsonProperty member, JsonReader reader, String memberName, Object o)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
   at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
   at Newtonsoft.Json.JsonSerializer.Deserialize(JsonReader reader, Type objectType)
   at Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject[T](String json, JsonSerializerSettings settings)
   at k8s.Watcher`1.WatcherLoop(CancellationToken cancellationToken)

as cert manager now provides these by default this breaks any cert-manager integration. Also should we only reflect a 2 certificate chain we will lose compatibility with older android operating systems

This may be the cause of #187

@winromulus are you able to help here?
@aeimer aeimer mentioned this issue Jun 21, 2021
Closed
@brokenjacobs
Copy link

I'm also interested in a fix here.

@stale
Copy link

stale bot commented Jul 8, 2021

Automatically marked as stale due to no recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jul 8, 2021
@stale
Copy link

stale bot commented Jul 16, 2021

Automatically closed stale item.

@stale stale bot closed this as completed Jul 16, 2021
winromulus added a commit that referenced this issue Oct 16, 2021
@winromulus
Version 6 of Reflector
6e787b3 
- New multi-arch pipeline with proper tagging convention
- Removed cert-manager extension (deprecated due to new support from cert-manager) Fixes: #191
- Fixed healthchecks. Fixes: #208
- Removed Slack support links (GitHub issues only). Fixes: #199
- Simplified startup and improved performance. Fixes: #194
- Huge improvements in performance and stability. Fixes: #187 #182 #166 #150 #138 #121 #108
@winromulus winromulus mentioned this issue Oct 16, 2021
Merged
winromulus added a commit that referenced this issue Oct 16, 2021
@winromulus
Version 6 of Reflector (#223)
577562e 
- New multi-arch pipeline with proper tagging convention
- Removed cert-manager extension (deprecated due to new support from cert-manager) Fixes: #191
- Fixed healthchecks. Fixes: #208
- Removed Slack support links (GitHub issues only). Fixes: #199
- Simplified startup and improved performance. Fixes: #194
- Huge improvements in performance and stability. Fixes: #187 #182 #166 #150 #138 #121 #108
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Version 6 of Reflector emberstack/kubernetes-reflector
2 participants
@brokenjacobs @scarby