-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
1
-
None
-
None
The pod `azure-disk-csi-driver-controller` mounts the secret:
$ oc get po/azure-disk-csi-driver-controller-6959c7db6f-qdzfq -oyaml|yq .spec.volumes
- emptyDir: {}
name: socket-dir
- hostPath:
path: /etc/kubernetes/
type: ""
name: host-cloud-config
- hostPath:
path: /var/lib/waagent/ManagedIdentity-Settings
type: ""
name: msi
- name: metrics-serving-cert
secret:
defaultMode: 420
secretName: azure-disk-csi-driver-controller-metrics-serving-cert
- emptyDir: {}
name: merged-cloud-config
- name: bound-sa-token
projected:
defaultMode: 420
sources:
- serviceAccountToken:
audience: openshift
expirationSeconds: 3600
path: token
- configMap:
defaultMode: 420
items:
- key: ca-bundle.crt
path: tls-ca-bundle.pem
name: azure-disk-csi-driver-trusted-ca-bundle
name: non-standard-root-system-trust-ca-bundle
- name: kube-api-access-ssjqf
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- configMap:
items:
- key: service-ca.crt
path: service-ca.crt
name: openshift-service-ca.crt
Hence, if the secret is updated (e.g. as a result of CA cert update), the Pod must be restarted