Fix recycling of cluster private keys (#2275)

* fix recycling of private keys * Update cluster-manager.yaml
2026-01-08 23:18:15 -05:00 · 2019-04-16 19:23:31 -07:00
parent 8a6b55e93c
commit ecebea01c0
3 changed files with 15 additions and 7 deletions
--- a/tools/cluster-pk-manager/server/db.go
+++ b/tools/cluster-pk-manager/server/db.go
@@ -129,20 +129,29 @@ func (d *db) AllocateNewPkToPod(
 	})
 }

-// RemovePKAssignment from pod and put the private key into the unassigned
+// RemovePKAssignments from pod and put the private keys into the unassigned
 // bucket.
 func (d *db) RemovePKAssignment(_ context.Context, podName string) error {
-	assignedPkCount.Dec()
 	return d.db.Update(func(tx *bolt.Tx) error {
-		pk := tx.Bucket(assignedPkBucket).Get([]byte(podName))
-		if pk == nil {
+		data := tx.Bucket(assignedPkBucket).Get([]byte(podName))
+		if data == nil {
 			log.WithField("podName", podName).Warn("Nil private key returned from db")
 			return nil
 		}
+		pks := &pb.PrivateKeys{}
+		if err := proto.Unmarshal(data, pks); err != nil {
+			return err
+		}
 		if err := tx.Bucket(assignedPkBucket).Delete([]byte(podName)); err != nil {
 			return err
 		}
-		return tx.Bucket(unassignedPkBucket).Put(pk, dummyVal)
+		assignedPkCount.Sub(float64(len(pks.PrivateKeys)))
+		for _, pk := range pks.PrivateKeys {
+			if err := tx.Bucket(unassignedPkBucket).Put(pk, dummyVal); err != nil {
+				return err
+			}
+		}
+		return nil
 	})
 }

--- a/tools/cluster-pk-manager/server/watchtower.go
+++ b/tools/cluster-pk-manager/server/watchtower.go
@@ -40,7 +40,6 @@ func (wt *watchtower) WatchPods() {

 // Query k8s pods for existence.
 func (wt *watchtower) queryPodsAndUpdateDB() error {
-	//	log.Debug("Checking pods")
 	ctx := context.Background()
 	podNames, err := wt.db.AllocatedPodNames(ctx)
 	if err != nil {