Bundle is continuously synced when PKCS12 is enabled

Question

Bundle is continuously synced when PKCS12 is enabled

Closed this issue 10 months ago · 2 comments

When the PKCS12 additional format is enabled trust-managed is continuously syncing the ConfigMaps and ultimately filling up etcd with old versions, compacting and defragging etcd results in it filling back up to several GB size within 15 minutes or so.

Nothing in the logs to suggest why (even with the logging level set to 5) and the logs indicate a successful sync but it fires a sync every seconds or so, stops as soon as I remove the PKCS12 format from the Bundle. Not happening with JKS.

K8s 1.27.7 - RKE2
trust-managed 0.7.0 - Installed from Helm

Answer 1 · 2023-12-25T08:54:22.000Z

@bmhughes, thanks for registering this issue. I am taking a look.

/assign

Answer 2 · 2024-01-01T14:03:49.000Z

I can confirm this. Eventually broke my (testing) cluster.

k3s v1.28.3+k3s2 (bbafb86e)
trust-managed 0.7.0 - Installed from Helm