Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update tls error #242

Closed
jinyingsunny opened this issue Aug 10, 2023 · 2 comments
Closed

update tls error #242

jinyingsunny opened this issue Aug 10, 2023 · 2 comments
Labels
affects/none PR/issue: this bug affects none version. process/done Process of bug severity/none Severity of bug type/bug Type: something is unexpected

Comments

@jinyingsunny
Copy link

after I create some new secret in ns nebula-sc :

kubectl create secret tls ca-s01 --key=mtls/0810_IPSAN/root.key --cert=mtls/0810_IPSAN/root.crt -n nebula-sc 
kubectl create secret tls client-s01 --key=mtls/0810_IPSAN/client.key --cert=mtls/0810_IPSAN/client.crt -n nebula-sc
kubectl create secret tls server-s01 --key=mtls/0810_IPSAN/server.key --cert=mtls/0810_IPSAN/server.crt -n nebula-sc

then i edit nebula-cluster by kubectl -n nebula-sc edit nc nebula :

  • modify clientSecret 's value from client-s to client-s01 ;
  • modify serverSecret 's value from server-s to server-s01;
  • modify caSecret 's value from ca-s to ca-s01

then it same cert is not change successful, since nebula-go report error
image

the operator-log , error as follow :

E0810 08:41:04.506823       1 nebula_cluster_control.go:95] reconcile metad cluster failed: remote error: tls: error decrypting message
E0810 08:41:04.506901       1 nebula_cluster_controller.go:182] NebulaCluster [nebula-sc/nebula] reconcile failed: remote error: tls: error decrypting message
I0810 08:41:04.506918       1 nebula_cluster_controller.go:141] Finished reconciling NebulaCluster [nebula-sc/nebula] (47.791006ms), result: {false 5s}

however , when i delete nc: kubectl -n nebula-sc delete nc nebula ;
vim nebula-ent-sc2.yaml change value of clientSecret,serverSecret,caSecret
and apply -f nebula-sc.yaml

the new cluster start successfully and works well.

Your Environments (required)

nebula-ent-sc-rc镜像是:reg.vesoft-inc.com/rc/nebula-storaged-ent:v3.5.0-sc
operator镜像是:reg.vesoft-inc.com/cloud-dev/nebula-operator:snap-1.4
agent镜像是:image: reg.vesoft-inc.com/cloud-dev/nebula-agent:v3.5.1-sc

Expected behavior
replace normal
@jinyingsunny jinyingsunny added the type/bug Type: something is unexpected label Aug 10, 2023
@github-actions github-actions bot added affects/none PR/issue: this bug affects none version. severity/none Severity of bug labels Aug 10, 2023
@jinyingsunny
Copy link
Author

when i update secret in nebula-ent-sc2.yaml as front👆🏻, operator also report the same error.

@MegaByte875 MegaByte875 changed the title when update secret by kubectl -n nebula-sc edit nc nebula , then report error update tls error Aug 15, 2023
@jinyingsunny
Copy link
Author

cert mount implementation model changed,so close id.

@jinyingsunny jinyingsunny added the process/done Process of bug label Sep 19, 2023
@github-actions github-actions bot added process/fixed Process of bug and removed process/fixed Process of bug labels Sep 19, 2023
@wey-gu wey-gu mentioned this issue Sep 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects/none PR/issue: this bug affects none version. process/done Process of bug severity/none Severity of bug type/bug Type: something is unexpected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jinyingsunny