Hi all,
We are using the csi driver to mount windows smb share on our k8s cluster.
In our AD security logs we are seeing high rate of validate request (event ID 4776) of the user credentials that were used in the storage class secret.
About two requests every second.
Is there a way to reduce the frequency of the credetials validate requests?

(the user account keeps getting locked in AD sometimes.
We believe this is because the pod send too many validate request between the time th password was updated in AD and the time it is updated in K8s.

Ip posted on slack in the #csi-windows channel but it seems dead.

Thanks,
Eyal

@tappingHRL is this related to this driver? why is the pod sending too many validate request?

@tappingHRL is this related to this driver? why is the pod sending too many validate request?

This is exactly my question.
The mount of the smb share is performed by the smb-csi pod, I assume the driver is sending these requests.
Namely, it is not the pod of the application writing to the csi volume that sends requests, the amb csi pod does.

Which parameter controls this rate?

@tappingHRL the mount operation happens only when pod is scheduled to the node, and then this csi driver would perform mount operation, that only happened once when your pod is scheduled to the node. And you could get the mount logs(/NodeStageVolume) in csi driver on the node, follow by: https://github.com/kubernetes-csi/csi-driver-smb/blob/master/docs/csi-debug.md#case2-volume-mountunmount-failed

after mount successfully, there is no mount happened in csi driver side.