Jolokia connection does not reload certificates after expiry #1441
Description
Description
Log files sent to Victor.
- Does the problem persist?
Yes. Once the JMX/Jolokia connection's certificate expires, ecChronos never recovers. Only a pod restart resolves it.
- How to reproduce:
- Deploy ecChronos with TLS enabled and Jolokia for JMX
- Configure certificates with a short TTL (e.g., 180 seconds)
- Start ecChronos — it establishes the Jolokia connection with the short-lived cert
- Add a new certificate that is valid in the expected path and remove the old one
- Wait for the old certificate time to expire (~180 seconds)
- Repairs fail even though a renewed valid certificate is available on disk at the expected path
Detailed description
What is happening?
When the certificate expires, repairs fail with Unable to repair. A renewed valid certificate exists on disk but ecChronos never picks it up.
What did you expect to happen?
ecChronos should use the renewed certificate files from disk, and recover automatically.
What have you tried?
- Verified the renewed cert on disk is valid (correct issuer, not expired)
- Only a pod restart resolves the issue
What version of ecChronos are you using?
1.0.0-beta3
Was the problem detected during an upgrade or downgrade procedure?
No. Detected during manual testing of certificate hot reload.
Have you checked the ecChronos documents?
Yes.