Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-60648

CPO is not caching KMS Azure authentication for ARO HCP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.19.z
    • 4.19.z, 4.20.0
    • HyperShift / ARO
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Proposed
    • None
    • Done
    • Release Note Not Required
    • N/A
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-60602. The following is the description of the original issue:

      Description of problem:

          The reconciliation of the KMS configuration for ARO HCP is not caching the Azure authentication token. This means every time we reconcile the KMS configuration for ARO HCP, it will re-authenticate with Azure and open a new fsnotify. This should not happen to prevent too many open file issues.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Every time

      Steps to Reproduce:

          1. Setup an ARO HCP cluster with KMS

      Actual results:

      Expected results:

          Azure KMS authentication should only happen once per pod lifecycle.

      Additional info:

      See this Slack thread for more details - https://redhat-external.slack.com/archives/C075PHEFZKQ/p1755530587114679?thread_ts=1755511627.084559&cid=C075PHEFZKQ   

              rh-ee-brcox Bryan Cox
              rh-ee-brcox Bryan Cox
              None
              None
              Jie Zhao Jie Zhao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: