You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a kubernetes node is restarted, it makes another call to NodePublishVolume with the same volume id used previously on the pod's first startup (if the pod has not been cleaned up before it starts again). The CSI then proceeds to create a new key and reuses the existing certificate request (with the same volume id), which leaves on the volume a new private key that is not related to the certificate.
This happens regardless of the certificate an private key being wiped out or not(for example if you are using a temp directory).
I came up with two possible fixes for this:
If you are not using a temp directory, you can re-read the existing key file if you want to reuse the private key, and this coupled with the reusing of the previous certificate request would leave the correct pair on the volume.
You can delete the existing certificate request if it exists, and always make a new one when calling NodePublishVolume.
I'm not sure if this is being maintained but I wanted to create this issue to make sure it's documented somewhere.
The text was updated successfully, but these errors were encountered:
When a kubernetes node is restarted, it makes another call to NodePublishVolume with the same volume id used previously on the pod's first startup (if the pod has not been cleaned up before it starts again). The CSI then proceeds to create a new key and reuses the existing certificate request (with the same volume id), which leaves on the volume a new private key that is not related to the certificate.
This happens regardless of the certificate an private key being wiped out or not(for example if you are using a temp directory).
I came up with two possible fixes for this:
I'm not sure if this is being maintained but I wanted to create this issue to make sure it's documented somewhere.
The text was updated successfully, but these errors were encountered: