Helm release can fail, so I am using --atomic flag in helm upgrade command to achieve zero downtime. But for this scenario, I am getting certificate invalid error from cert-manager,
Error,
* Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority
Scenario:
- Cert-Manager Helm release passed
- Custom Service Helm release failed in the very first attempt
- Custom Service Helm release 2nd attempt fails with the error mentioned above
But this works,
- Cert-Manager Helm release passed
- Custom Service Helm release failed in the very first attempt
- Uninstall Cert-Manager if 2
- Install Cert-Manager again
- Do Custom Service Helm release (this can again pass/fail but not because of certificate error)
I dont want to install cert-manager for every failure case, is there any other way?