Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-60602

CPO is not caching KMS Azure authentication for ARO HCP

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • Rejected
    • None
    • In Progress
    • Release Note Not Required
    • None
    • None
    • None
    • None
    • None

      Description of problem:

          The reconciliation of the KMS configuration for ARO HCP is not caching the Azure authentication token. This means every time we reconcile the KMS configuration for ARO HCP, it will re-authenticate with Azure and open a new fsnotify. This should not happen to prevent too many open file issues.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Every time

      Steps to Reproduce:

          1. Setup an ARO HCP cluster with KMS

      Actual results:

      Expected results:

          Azure KMS authentication should only happen once per pod lifecycle.

      Additional info:

      See this Slack thread for more details - https://redhat-external.slack.com/archives/C075PHEFZKQ/p1755530587114679?thread_ts=1755511627.084559&cid=C075PHEFZKQ   

              rh-ee-brcox Bryan Cox
              rh-ee-brcox Bryan Cox
              None
              None
              Jie Zhao Jie Zhao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: