https://flyte.org logo
#ask-the-community
Title
# ask-the-community
m

Mohd Shahid Khan Afridi

02/04/2024, 5:45 AM
Hi Team, I have started seeing below error for particular task in flyte propeller. Any guidance which certificate should be updated and how?
Copy code
RuntimeExecutionError: failed during plugin execution, caused by: failed to execute handle for plugin [container]: [InternalError] failed to create resource, caused by: Internal error occurred: failed calling webhook "<http://flyte-pod-webhook.flyte.org|flyte-pod-webhook.flyte.org>": failed to call webhook: Post "<https://flyte-pod-webhook.flyte.svc:443/mutate--v1-pod?timeout=10s>": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-02-04T02:21:19Z is after 2024-02-03T07:14:25Z
I see in propeller volumes there is one certificate metioned,
kube-root-ca.crt
, which says:
<http://kubernetes.io/description=Contains|kubernetes.io/description=Contains> a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters.
but that too seems valid :
Copy code
Not Before: Jan 18 13:38:02 2023 GMT
      Not After : Jan 10 14:38:02 2053 GMT
k

Ketan (kumare3)

02/04/2024, 5:51 AM
Update cert
m

Mohd Shahid Khan Afridi

02/04/2024, 5:51 AM
yeah I see webhook cert seem expired
d

Dan Rammer (hamersaw)

02/05/2024, 1:12 PM
the propeller webhook creates a cert where the previous solution had a 1 year expiration, we have since increased this to 99 years. restarting the propeller webhook should generate a new cert.