K8ssandra operator reconciliation error

2023-06-26T12:13:38.478Z ERROR Reconciler error {“controller”: “k8ssandracluster”, “controllerGroup”: “k8ssandra.io”, “controllerKind”: “K8ssandraCluster”, “k8ssandraCluster”: {“name”:“local”,“namespace”:“xxxxx”}, “namespace”: “xxxxx”, “name”: “xxxxxx”, “reconcileID”: “fa938f97-2375-4f48-a439-c9edb4e91c53”, “error”: “k8ssandracluster version check failed: Internal error occurred: failed calling webhook "vk8ssandracluster.kb.io": failed to call webhook: Post "https://k8ssandra-k8ssandra-operator-webhook-service.xxxx.svc:443/validate-k8ssandra-io-v1alpha1-k8ssandracluster?timeout=10s\”: x509: certificate has expired or is not yet valid: current time 2023-06-26T12:13:38Z is after 2023-02-24T13:13:51Z"}

The cert-manager resources are not available in the namespace where k8ssandra-operator is deployed. Additionally k8ssandra-operator is not creating the missing cert-manager resources and failing to reconcile the CRD K8ssandraCluster. Please can you suggest to get these cert-manager resources and thus the CRD K8ssandraCluster will be reconciled.

If cert-manager is installed in your cluster and available, the certificates should be created automatically during the installation of k8ssandra-operator.

The certificate “expired or not yet valid” error is one I see for the first time, which suggests that there could be some clock issues in your cluster.
Do you think that’s possible?

We have figured out the issue. It looks like some-point in time the CRD’s of cert-manager was missing due to which the certificates were expired and hence subsequent reconciliation is always mentioning as certificate expired. We have now deleted the secrets


post this we have reconciled the helmrelease of the k8ssandra-operator. This has created the new secrets and also the cert-manager resources using the cert-manager CRD’s.

we now don’t have the reconciliation error. Thanks for the support provided.