Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set owner reference to secrets created by webhook cert manager #530

Merged
merged 1 commit into from
Jun 11, 2021
Merged

Set owner reference to secrets created by webhook cert manager #530

merged 1 commit into from
Jun 11, 2021

Commits on Jun 11, 2021

  1. Set owner reference to secrets created by webhook cert manager 

    When the certificate secret is created or updated, set an OwnerReference on the secret as the webhook-cert-manager deployment. This ensures that deletion of the deployment will also delete the secrets. This addresses the race condition bug that we sometimes see when re-installing consul on a cluster that had a consul deleted from it. This was because the helm delete would not delete the existing secrets with certificates. When the controller would get created with a new installation, it would mount the existing secret (which was stale) and the secret on disk would get rotated before the cert watcher started which would lead to the controller using certificates signed by a CA different from the CA bundle on the MWC which would lead to x509 errors.

This change would ensure the secrets get deleted every single time and hence, a new secret would always get created during a helm install. This also ensure an existing secret, when updated is updated with the owner ref ensuring helm upgrades or installs to a cluster with an existing secret give people the desired behavior as well.
    @thisisnotashwin
    thisisnotashwin committed Jun 11, 2021
    Configuration menu
    Copy the full SHA
    7c57bdb View commit details
    Browse the repository at this point in the history