You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 2, 2022. It is now read-only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@kinderyj Could you please confirm this solution working on Kubernetes. Reason being same solution I was using but when I describe crt. It is still 30days. In order to check
kubectl get secret webhook-server-cert -n flink-operator-system -o yaml
Copy the tls.crt content and decode it
echo "---crt----" | base64 -d > webhook.crt
When you open this webhook,crt file. You will see expiry still 30days. Though your command is correct
@kinderyj Could you please confirm this solution working on Kubernetes. Reason being same solution I was using but when I describe crt. It is still 30days. In order to check
kubectl get secret webhook-server-cert -n flink-operator-system -o yaml
Copy the tls.crt content and decode it
echo "---crt----" | base64 -d > webhook.crt
When you open this webhook,crt file. You will see expiry still 30days. Though your command is correct
My test steps:
In Nov 18, changed the args -days to 1 and installed the flink-operator by helm chart.
openssl x509 -days 1 -req -CA ca.crt -CAkey ca.key -CAcreateserial -out ${tmpdir}/server-cert.pem
kubectl get secret webhook-server-cert -n flink-operator-system -o yaml
Copy the tls.crt content and base64 to a new file, such as webhook.crt
echo "tls.crt content......" | base64 -d > webhook.crt
decode:
openssl x509 -noout -text -in webhook.crt
The result is as below
You can see the Not Before is Nov 18 and Not After is Nov 19, only 1 day, it seems work.
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
xxxxx
Signature Algorithm: xxxxxx
Issuer: CN=Admission Controller Webhook CA
Validity
Not Before: Nov 18 08:41:18 2020 GMT
Not After : Nov 19 08:41:18 2020 GMT
Subject: CN=flink-operator-webhook-service.flink-operator-system.svc
......
In Nov 19, I tried to create flink operator and reproduced the issue 355.
Changed the args -days to 3650 and repeat the steps above, the Validity is as below, it's 10 years.
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
xxxxx
Signature Algorithm: xxx
Issuer: CN=Admission Controller Webhook CA
Validity
Not Before: Nov 24 14:20:29 2020 GMT
Not After : Nov 22 14:20:29 2030 GMT
........
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix the issue 356
We should make the expire days longer, the default expires days is 30, we change it to 3650.