[cinder-csi-plugin] Cannot rotate secret dynamically

Question

[cinder-csi-plugin] Cannot rotate secret dynamically

emreberber opened this issue 2 months ago · comments

Emre Berber commented 2 months ago

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

/kind feature

What happened:

When I delete or rotate the Openstack application credential, I updated the cinder-csi-cloud-config secret but it does not receive the new credentials.

What you expected to happen:

I was expecting it to continue dynamically with new credentials without restarting any pods

How to reproduce it:

I installed the Cinder CSI Plugin, then deleted the applicaiton credential, then created a new credential and updated the secret

Anything else we need to know?:

Environment:

cinder-csi-plugin version: 2.30.0
OpenStack version: 6.6.0
Others:

ji chen · Answer 1 · Mon Jul 29 2024 14:23:58 GMT+0800 (China Standard Time)

not sure I fully understand this .. you had a application ID in CSI then it expired and you replace the new application ID but it doesn't work?

Emre Berber · Answer 2 · Mon Jul 29 2024 14:50:48 GMT+0800 (China Standard Time)

Yes, that's right

ji chen · Answer 3 · Mon Jul 29 2024 15:03:00 GMT+0800 (China Standard Time)

did you try kill the pod then reload it o ensure at least in this way it works?
I think it's in cloud-config which should reload when pod restart?

Emre Berber · Answer 4 · Mon Jul 29 2024 15:13:55 GMT+0800 (China Standard Time)

It will be fixed after pod restart, but can't it dynamically get the current secret without doing that?

ji chen · Answer 5 · Mon Jul 29 2024 15:17:42 GMT+0800 (China Standard Time)

that will need recreate the openstack client which I think it's not currently supported, folks can comment if my understanding is correct