Replies: 3 comments 13 replies
-
I'm not sure this is unexpected. To make sure that the rolling update happens even when the in-memory state of the operator is lost, the certificate versions are tracked through annotations and when they change, that creates the |
Beta Was this translation helpful? Give feedback.
-
Hi Kafka version: 3.5.1 Issuer config:`apiVersion: v1
Certificate config:`apiVersion: v1
================= And certificate is autorenewed. This is the "kubectl get events log" 0s Normal Issuing certificate/ca-certificate Renewing certificate as renewal was scheduled at 2024-11-08 12:07:51 +0000 UTC Thanks |
Beta Was this translation helpful? Give feedback.
-
Hi @scholzj , Strimzi version: 0.36.1 I have configured a self-signed certificate setup using cert-manager, with both the Issuer and Certificate definitions included below for your reference. My expectation is that upon reaching the certificate renewal time, the event CaCertRenewed would be triggered. However, what I'm observing instead is the PodHasOldRevision event. I suspect this may not fully capture the event context we need, especially as the certificate itself is renewed correctly. Configuration Details: Issuer
Certificate
Kafka Config:
ObservationsWhen renewal is due, the Certificate resource triggers a sequence of events that includes Issuing, CertificateRequest, and CertificateIssued, which are expected behaviors. Question: Has anyone in the community encountered similar behavior with Strimzi and cert-manager integration? Would there be a recommended approach or configuration adjustment that might ensure CaCertRenewed appears instead of PodHasOldRevision upon renewal? Kubernetes Event LogsHere’s a snippet from the relevant events observed on the Kafka pod:
Would appreciate any insights or suggestions for ensuring the correct event (CaCertRenewed) is logged instead of PodHasOldRevision. Thanks in advance for your support! Thanks |
Beta Was this translation helpful? Give feedback.
-
Hi
When the new cert renewal is happening , we are expecting the events as below:
CaCertRenewed CaCertRenewed CA certificates have been renewed, and the pod is restarted to run with the updated certificates.
Restart reasons
But we are getting "Pod has old revision".
@scholzj
Thanks
Saeed
Beta Was this translation helpful? Give feedback.
All reactions