Failure When Editing PerconaXtraDBCluster with Multiple Percona Operator Replicas

[zasim87]

Report

Issue Description

When attempting to modify a Percona XtraDB Cluster resource managed by Percona Operator for MySQL in a multi-replica setup, the operation fails with a TLS certificate validation error. This error occurs only when multiple replicas are running. The operation succeeds when only one replica is active.

More about the problem

Error Log:

kubectl edit perconaxtradbclusters.pxc.percona.com -n ts-mysql-test mysql-db error: perconaxtradbclusters.pxc.percona.com "mysql-db" could not be patched: Internal error occurred: failed calling webhook "validationwebhook.pxc.percona.com": failed to call webhook: Post "https://percona-xtradb-cluster-operator.pxc-operator.svc:443/validate-percona-xtradbcluster?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Root CA") You can run kubectl replace -f /tmp/kubectl-edit-1463505136.yaml to try this update again.

Versions

1. Kubernetes 1.31.4
2. Operator 1.17
3. Database 8.0.35-27.1

Anything else?

No response

[hors]

@zasim87 as I understand, you have CW deployment and several different clusters under one operator. Am I right? If yes, did you try to disable validationwebhook via https://github.com/percona/percona-xtradb-cluster-operator/blob/main/deploy/cr.yaml#L37 ?