d80tb7 commented on issue #359: URL: https://github.com/apache/pulsar-helm-chart/issues/359#issuecomment-2081182686
I think the issue here is that although the Pulsar Helm Chart sets the `zookeeper.client.certReload` property, this isn't enough. All that property does is to get Zookeeper to update the certs when the truststore or keystore files change. When cert-manager updates the certs, this will cause the cert failes in `pulsar/certs/zookeeper/` to update but nothing is going to update the keystore. The other Pulsar components (e.g. the bookie) solve this by having code inside them that watches the files under `/pulsar/certs/` and then updates the keystore accordingly. Zookeeper doesn't have such code and therefore it seems to me that the certs will never be refreshed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
