Khor Shu Heng
02/01/2023, 5:27 AMplugin execution, caused by: failed to execute handle for plugin [container]: [InternalError] failed to create resource, caused by: Internal error occurred: failed calling webhook "<http://flyte-pod-webhook.flyte.org|flyte-pod-webhook.flyte.org>": failed to call webhook: Post "<https://flyte-pod-webhook.flyte.svc:443/mutate--v1-pod?timeout=10s>": x509: certificate has expired or is not yet valid: current time 2023-02-01T05:22:42Z is after 2022-11-24T05:12:16Z
Ketan (kumare3)
Khor Shu Heng
02/01/2023, 5:48 AMKetan (kumare3)
Khor Shu Heng
02/01/2023, 5:58 AMannotations:
flyteLastUpdate: system-updated
flyteUpdatedAt: 2021-11-24 05:12:18.699203733 +0000 UTC m=+4.56078966
2023/02/01 05:57:23 http: TLS handshake error from <ip address>:59692: remote error: tls: bad certificate
jeev
Khor Shu Heng
02/01/2023, 6:11 AMjeev
Pradithya Aria Pura
02/02/2023, 6:30 AMca.crt
in the webhook
file system (/etc/webhook/certs/ca.crt
) is different from the ca.crt
in the flyte-pod-webhook
secret which is mounted to the webhook
. I tried to mount the same secret in other pod, but that issue is not happening. Deleting all (webhook deployment, secret, and mutatingwebhook config) and recreating it lead to same issue.Ketan (kumare3)
Pradithya Aria Pura
02/02/2023, 6:44 AM▶ openssl x509 -enddate -noout -in cert_fs
notAfter=Nov 24 05:12:14 2022 GMT
kubectl create secret generic flyte-pod-webhook
• recreate flyte-pod-webhook deployment
Without the empty secret the deployment will fail with
Warning FailedMount 1s (x6 over 16s) kubelet MountVolume.SetUp failed for volume "webhook-certs" : secret "flyte-pod-webhook" not found
Stephen
02/28/2023, 1:19 PMKetan (kumare3)
Stephen
02/28/2023, 6:09 PMKetan (kumare3)
Stephen
02/28/2023, 6:23 PM