Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP custom certificate configuration creates unexpected pod behavior #2007

Open
3 tasks done
gstefanoff opened this issue Jan 24, 2025 · 0 comments
Open
3 tasks done

LDAP custom certificate configuration creates unexpected pod behavior #2007

gstefanoff opened this issue Jan 24, 2025 · 0 comments
Labels
community needs_triage

Comments

@gstefanoff
Copy link

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.

Bug Summary

I had AWX installed with the operator and running, made a change to add LDAP ssl certificate following these instructions.

Created the secret with all certificates I needed, changed the name of the secret in the deployment file ( bundle_cacert_secret:), ran k apply -f deployment. Pods started failing because they were looking at different "version" deployment in which the name of the secret was different.

Used kubectl rollout restart deployment to restart the pods ref

Delete pods, but new pods were looking at the same old deployment that had the old secret.
Lastly I deleted the deployments in the namespace, which just broke everything and now
I need to reinstall it all over again .
All that just to add a certificate file for LDAP

AWX Operator version

2.19.1

AWX version

can't tell it's all gone

Kubernetes platform

kubernetes

Kubernetes/Platform version

KFD latest at time of writing.

Modifications

no

Steps to reproduce

  1. delete secret containing ssl certificate.
  2. create new secret containing the new ssl certificate.
  3. Update AWX deployment file.
  4. kubectl apply -f deployment-name.yml
  5. kubectl rollout restart

Expected results

New SSL certificates are added to pod and LDAPs works with them without needing to delete and recreate the entire namespace (I confirm that LDAP was configured correctly so it is not an LDAP config issue)

Actual results

Pods picking up on old deployment values where secret was named differently, destroyed setup and have to start over.

Additional information

Can you also clarify if these spec parameters are deprecated or not?
ldap_cacert_secret:
ldap_password_secret:

I find it a bit confusing that the table above says deprecated, yet there are examples with them below.

Operator Logs

Image

deployment file

Image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community needs_triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gstefanoff