Replies: 1 comment · 7 replies
-
I'm not sure this is unexpected. To make sure that the rolling update happens even when the in-memory state of the operator is lost, the certificate versions are tracked through annotations and when they change, that creates the |
Beta Was this translation helpful? Give feedback.
All reactions
-
Yes, for example. |
Beta Was this translation helpful? Give feedback.
All reactions
-
I have all those annotation, but when the client ca cert renewal happens still the annotation "strimzi.io/clients-ca-cert-generation: 0" and won't change. Pods are getting restarted but in the events i am getting "PodHasOldRevision" message not "CaCertRenewed". |
Beta Was this translation helpful? Give feedback.
All reactions
-
Again, you would need to explain the exact scenarios, configs, and logs. You are asking for a very detailed explanations to a very generic questions. |
Beta Was this translation helpful? Give feedback.
All reactions
-
This is the config and i am going to delete "eric-bss-msg-kafka-external-kafka-client-ca" secret and re-create it again, that will cause the pods to restart but when i check the events i am expecting "CaCertRenewed" but it is still "PodHasOldRevision" |
Beta Was this translation helpful? Give feedback.
All reactions
-
Wait, why would you do that?
If you want to use your own CA or trigger a renewal, you should follow the docs. Just by going in and deleting some secret you are just doing some random disaster recovery testing. |
Beta Was this translation helpful? Give feedback.
-
Hi
When the new cert renewal is happening , we are expecting the events as below:
CaCertRenewed CaCertRenewed CA certificates have been renewed, and the pod is restarted to run with the updated certificates.
Restart reasons
But we are getting "Pod has old revision".
@scholzj
Thanks
Saeed
Beta Was this translation helpful? Give feedback.
All reactions