You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've run into this too. I have a Collector resource deployed that explictly sets:
spec:
targetAllocator:
enabled: false
The Collector's pod fails to initialize because the expected secret volume mount doesn't exist, and describing the OtelCollector resource I see the following:
I've tried explicitly enabling the targetAllocator and disabling the prometheusCR or setting the labels to something that shouldn't match anything to get around this, but this doesn't help for collectors that don't have any prometheus configuration at all (as it fails to validate).
Running into the same issue too. All is good when the target allocator is enabled, but when it's disabled it adds a volume mount for the *-ta-client-cert secret which does not exist.
After redeployment of my collector this issue does not occur anymore. Perhaps this is a reconciliation issue in the operator? This is the order in which I enabled the operator.targetallocator.mtls flag.
First the operator was deployed without the operator.targetallocator.mtls feature flag;
Then the OpenTelemetryCollector instance was created and deployed successfully;
Then the operator.targetallocator.mtls was enabled on the operator.
Now the OpenTelemetryCollector was restarted but it seems the *-ta-client-cert secret was not updated.
After recreation of the OpenTelemetryCollector the secret is now up-to-date.
Component(s)
collector, target allocator
What happened?
Description
When mtls support is enabled in the operator deployments that do not have target allocator enabled are failing because the secret does not exist:
MountVolume.SetUp failed for volume "default-ta-client-cert" : secret "default-ta-client-cert" not found
The secret isn't being created (presumably) because target allocator isn't enabled on the CR but the
deployment
is still requiring the mount.Steps to Reproduce
Enable mtls for TA. Deploy a collector without TA enabled.
Expected Result
No mtls secrets are created, no secrets are required to start the collector.
Actual Result
TLS secrets are not created (as expected when TA is disabled), secret is required by the collector pod to start.
Kubernetes Version
1.31
Operator version
ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.114.1
Collector version
otel/opentelemetry-collector-k8s:0.114.0
Environment information
No response
Log output
No response
Additional context
open-telemetry/opentelemetry-helm-charts#1469
The text was updated successfully, but these errors were encountered: