-
Notifications
You must be signed in to change notification settings - Fork 348
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disabling certs creation in v2.32.2 helm chart breaks the jaeger deployment #375
Comments
Signed-off-by: AshutoshNirkhe <[email protected]>
is there an ETA for this bug fix? We're facing the same issue |
Seems like they don't want us to disable those. See #376 for details. |
There should be a way to disable creating the certificates and to provide the names of the relevant secrets created before running the |
@avishefi This is possible, reference the below values: certs:
issuer:
create: false # defaults to true, but you can disable the chart creation of the issuer
name: "" # leave empty
certificate:
create: false # defaults to true but you can disable the chart creation of the cert
namespace: "jaeger" # namespace for the secret
secretName: "my-secret" # secret with the cert The other thing you may need depending on how you create the certs would be the You will need to have the cert no matter what, but you can absolutely disable the chart creating it. |
I attempted to do this but I appear to get an error when i try to use the cert - x509: certificate signed by unknown authority" The cert/secret are created using these commands
Any ideas are appreciated |
@razorsk8jz this is a self-signed certificate so it won't be recognized. You can either use a known CA or use a self-signed CA certificate as a flag to Jaeger's |
@razorsk8jz I'm stuck too in that part. where should set the flag skip-host-verify? can't find the exact value in the values.yaml from the operator chart I can provide also my custom certificates generated externally for my own managed domain [using lets-encrypt]. But the required host |
I was investigating, an has created a certificate using the self kubernetes CA [https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/] The issue here is that the operator, don't accept the kubernetes GA Will be great to have a flag to include that ca as valid. Or at least being able to customize the valid ca |
Hi @mjnagel ,I am deploying the jaeger operator service through helm and would like to disable cert-magger as we have our own TLS service. But I disabled them in Value, but I still check Cert when starting the service. May I know how to handle this change? webhooks: |
The operator should allow us to use existing issuer.
But it's not possible in jaeger, is there anything relate to #376 ? |
Agree to that. Why we can't just use default ClusterIssuer? |
Describe the bug
v2.32.x seems to be introducing admission webhooks and associated certificates. But if I want to disable them all, its not possible to do so as per https://github.com/jaegertracing/helm-charts/blob/jaeger-operator-2.32.2/charts/jaeger-operator/templates/deployment.yaml#L52
Are they mandatory going forward ?
Ref - https://www.jaegertracing.io/docs/1.35/operator/#prerequisite
To Reproduce
Steps to reproduce the behavior:
Try to upgrade jaeger helm chart from 2.27.0 to 2.32.2
Pod will stay in Waiting/ContainerCreating state forever and will show below message if we do kubectl describe on pod,
Expected behavior
Currently deployment.yaml tries to load volume from certificate secret even if we disable cert creation. It needs to have the condition to check for that flag before volume/volume mount creation. That way, webhooks/certificates creation won't be a mandatory configuration.
Screenshots
If applicable, add screenshots to help explain your problem.
Version (please complete the following information):
What troubleshooting steps did you try?
Try to follow https://www.jaegertracing.io/docs/latest/troubleshooting/ and describe how far you were able to progress and/or which steps did not work.
Additional context
The text was updated successfully, but these errors were encountered: