mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-09-21 05:31:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

cmd/containerboot: do not reset state on non-existant secret (#17021)

Browse Source 
This commit modifies containerboot's state reset process to handle the
state secret not existing. During other parts of the boot process we
gracefully handle the state secret not being created yet, but missed
that check within `resetContainerbootState`

Fixes https://github.com/tailscale/tailscale/issues/16804

Signed-off-by: David Bond <davidsbond93@gmail.com>
This commit is contained in:
David Bond 2025-09-04 12:40:55 +01:00 committed by GitHub
parent d8ac539bf9
commit 624cdd2961
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/containerboot/kube.go
View File

@ -124,10 +124,13 @@ func (kc *kubeClient) deleteAuthKey(ctx context.Context) error {
// ensure the operator doesn't use stale state when a Pod is first recreated.
func (kc *kubeClient) resetContainerbootState(ctx context.Context, podUID string) error {
existingSecret, err := kc.GetSecret(ctx, kc.stateSecret)
if err != nil {
switch {
case kubeclient.IsNotFoundErr(err):
// In the case that the Secret doesn't exist, we don't have any state to reset and can return early.
return nil
case err != nil:
return fmt.Errorf("failed to read state Secret %q to reset state: %w", kc.stateSecret, err)
}
s := &kubeapi.Secret{
Data: map[string][]byte{
kubetypes.KeyCapVer: fmt.Appendf(nil, "%d", tailcfg.CurrentCapabilityVersion),