Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Api service certificates are created for each api group #727

Closed
lulf opened this issue Feb 26, 2019 · 4 comments
Closed

Api service certificates are created for each api group #727

lulf opened this issue Feb 26, 2019 · 4 comments

Comments

@lulf
Copy link

lulf commented Feb 26, 2019
edited
Loading

I have a CSV with apiservice definitions with different groups hosted by an API server. I'm using the latest OCP 4 installer on AWS.

When I install the operator, 2 certificate secrets gets created:

v1beta1.enmasse.io-cert                                           kubernetes.io/tls                     2         12m                                                                                             
v1beta1.user.enmasse.io-cert                                      kubernetes.io/tls                     2         12m

Moreover, it seems the last one created is the one that gets injected to the api server. I would expect only 1 certificate to be created for an api server.

Following is the api services that are defined in my CSV. 2 resources use the group enmasse.io and 1 resource use the group user.enmasse.io.

apiservicedefinitions:
    owned:
    - group: enmasse.io
      version: v1beta1
      kind: AddressSpace 
      name: addressspaces.enmasse.io
      displayName: Address Space
      description: A group of messaging addresses that can be accessed via the same endpoint
      deploymentName: api-server
      containerPort: 8443
    - group: enmasse.io
      version: v1beta1
      kind: Address
      name: addresses.enmasse.io
      displayName: Address
      description: A messaging address that can be used to send/receive messages to/from
      deploymentName: api-server
      containerPort: 8443
    - group: user.enmasse.io
      version: v1beta1
      kind: MessagingUser
      name: messagingusers.user.enmasse.io
      displayName: Messaging User
      description: A messaging user that can connect to an Address Space
      deploymentName: api-server
      containerPort: 8443
@lulf lulf changed the title Api server gets certificates for each api group Api service certificates are created for each api group Feb 26, 2019
@ecordell
Copy link
Member

Thanks for the report - we currently assume 1 APIService per deployment, which is why you're seeing this issue.

We will work on a fix and update here. In the mean time, you can work around it by splitting across two deployments (not sure how simple this would be for your current deployment)

@lulf
Copy link
Author

lulf commented Feb 27, 2019
edited
Loading

The workaround of creating 2 api server deployments fixes the issue for us, thanks!

@lulf lulf mentioned this issue May 18, 2019
Merged
@stale
Copy link

stale bot commented Feb 26, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Feb 26, 2020
@dmesser
Copy link
Contributor

dmesser commented Feb 27, 2020

Given the adoption of APIServices in general, I think we are going to stay with the guideline of 1 APIServer per deployment for now, as a suitable workaround exists.

@dmesser dmesser closed this as completed Feb 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lulf @ecordell @dmesser