-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: should reconcile targets consistently #260
fix: should reconcile targets consistently #260
Conversation
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@erikgb just for context, do you know why the extra reconciliations and patches keep happening? I would expect that the noop patches do not trigger new reconciliations. |
@inteon Neither the JKS nor PKCS#12 format is idempotent, so when the check for keys never match it will patch the target with changes. I really don't know why this didn't happen with JKS only. The added tests only fail on PKCS#12 without the fix... |
@erikgb I think we explicitly try to make the JKS encoded value deterministic: trust-manager/pkg/bundle/sync.go Lines 191 to 193 in 54e8b09
|
@erikgb It looks like the pkcs#12 format is using a random salt, which makes it non-idempotent. Now that I fully understand the cause of this issue and why it occurs for pkcs#12 & not for JKS, I'm more than happy to merge this. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: inteon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cherrypick release-0.7 |
@erikgb: new pull request created: #265 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
When checking target keys using managed fields, we must also check
binaryData
field in target configmaps.Fixes #259