kube-client-agent: Build kubeconfig client with empty ConfigOverrides #21
Conversation
|
@abhinavdahiya this fixes the client creation for me. Still not sure why BuildConfigFromFlags is not working in this case. I also skip returning an error when the CSR creation fails because it already exists. Otherwise, if it times out waiting for approval, subsequent runs will never succeed. |
pkg/certagent/agent.go
Outdated
| @@ -108,7 +118,7 @@ func (c *CertAgent) RequestCertificate() error { | |||
| } | |||
|
|
|||
| // send CSR to the signer | |||
| if _, err := c.client.Create(csr); err != nil { | |||
| if _, err := c.client.Create(csr); err != nil && !errors.IsAlreadyExists(err) { | |||
There was a problem hiding this comment.
this will cause the client to accept the certificate from old csr request but GenerateCSRObject has replaced the private key on disk with new one...
we should't generate if csr with the expected name already exists.
@csrwng
There was a problem hiding this comment.
@abhinavdahiya I see, you're right.
We need to fix the flow though. In the case that we time out waiting for the certificate to be signed, we will fail and try again, generating a new private key, but will never be able to create another CSR because one already exists. Should the CSR name be randomized? (as in using GenerateName?)
|
cc @mrogers590 |
csrwng
force-pushed
the
kubeconfig_client
branch
from
29a899a
to
75c2ad4
Compare
|
@abhinavdahiya removed the part that adds the IsAlreadyExists check, only leaves the change to how the client is created. |
Fixes #20