First reported by @mchmarny here.
In 0.11.0, enabling HA mode will cause sidecars to report authentication issues with the Dapr control plane.
This happens because multiple instances of Sentry will boot up and create their own root certs, while only one instance will save the certs for future use in a secret or on the filesystem.
This means that until the Sentry pods are restarted, there's a situation where N root certs exist in a cluster.
I put a P0 here because this means HA mode is not working.
@msfussell @mchmarny @youngbupark @artursouza - I feel this deserves a 0.11.1 release once the fix is merged, but if there's consensus the other way, feel free to assign this as a P1.
I put a
P0here because this means HA mode is not working.@msfussell @mchmarny @youngbupark @artursouza - I feel this deserves a 0.11.1 release once the fix is merged, but if there's consensus the other way, feel free to assign this as a
P1.
Agree that this fix needs to be released as hotfix.
Yes. This needs a hotfix release.
@yaron2 when this e2e test result is green, I will cut 0.11.1 release.
Tested, after updating, my cluster to v0.11.1 is getting the daprd sidecar injected and secrets populated.
Tested, after updating, my cluster to
v0.11.1is getting the daprd sidecar injected and secrets populated.
closing this issue.
Most helpful comment
I put a
P0here because this means HA mode is not working.@msfussell @mchmarny @youngbupark @artursouza - I feel this deserves a 0.11.1 release once the fix is merged, but if there's consensus the other way, feel free to assign this as a
P1.