apache
Truststore.jks and keystore.jks are not refreshed after certificate rotation
Describe the bug After the cert-manager refreshes the certificates for bookie, broker. The file where the secrets are loaded gets updated but the truststore.jks and keystore.jks do not get refreshed with the new certificates. Therefore the communication with zookeeper fails. We have to restart the pods so that the truststore.jks and keystore.jks are recreated and the communication is restored.
To Reproduce
Once the cert-manager updates the certificates for Bookie and broker below error comes up
60:2281, Closing socket connection. Attempting reconnect except it is a SessionExpiredException.org.apache.zookeeper.ClientCnxn$EndOfStreamException: channel for sessionid 0x303844ec7980001 is lost at org.apache.zookeeper.ClientCnxnSocketNetty.doTransport(ClientCnxnSocketNetty.java:286) ~[org.apache.zookeeper-zookeeper-3.8.3.jar:3.8.3] at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1289) ~[org.apache.zookeeper-zookeeper-3.8.3.jar:3.8.3] 2024-08-13T10:45:36,645+0000 [epollEventLoopGroup-164-1] ERROR org.apache.zookeeper.ClientCnxnSocketNetty - Unexpected throwableio.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[io.netty-netty-codec-4.1.100.Final.jar:4.1.100.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[io.netty-netty-codec-4.1.100.Final.jar:4.1.100.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[io.netty-netty-transport-4.1.100.Final.jar:4.1.100.Final]
Expected behavior The truststore.jks and keystore.jks should also be recreated or refreshed with the new certificates
