fix: (IAC-556) Incorrect tls.key in alertmanager-ingress-tls-secret #265
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue Description:
Reported by Adam Bullock, "a recent deployment with monitoring and logging enabled, that the tls.key in the alertmanager-ingress-tls-secret was incorrect. The certificate was added instead of the key."
The following messages are logged in the ingress-nginx-controller log:
Error obtaining X.509 certificate: no object matching key "monitoring/alertmanager-ingress-tls-secret" in local store Error getting SSL certificate "monitoring/alertmanager-ingress-tls-secret": local SSL certificate monitoring/alertmanager-ingress-tls-secret was not found. Using default certificate
The problematic line: https://github.com/sassoftware/viya4-deployment/blob/main/roles/monitoring/tasks/cluster-monitoring.yaml#L118
Rationale for setting the the delete namespace timeouts to 10 mins is that I found existing namespace operations that were already set to use a 10 minute timeout so it made sense to keep them all the same.