UPSTREAM: 65063: Re-use private key after failed CSR

[liggitt]

If we create a new key on each CSR, if CSR fails the next attempt will
create a new one instead of reusing previous CSR.

If approver/signer don't handle CSRs as quickly as new nodes come up,
they can pile up and approver would keep handling old abandoned CSRs and
Nodes would keep timing out on startup.

[liggitt]

20000! I win!

[liggitt]

/assign @smarterclayton

[smarterclayton]

Damnit, I wanted 20k On Jun 14, 2018, at 12:47 AM, Jordan Liggitt <[email protected]> wrote: /assign @smarterclayton <https://github.com/smarterclayton> — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#20000 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABG_p_YzS2Syz8uOAGvYcOgsvsgWKH2Gks5t8erjgaJpZM4UnTaU> .

[liggitt]

/retest

[soltysh]

20000! I win!

Damnit, I wanted 20k

I think there were more of us 😉

[enj]

20000! I win!

Damnit, I wanted 20k

I think there were more of us 😉

Darn, I got close.

[smarterclayton]

/lgtm
/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• vendor/k8s.io/kubernetes/pkg/kubelet/certificate/OWNERS [liggitt,smarterclayton]
• vendor/k8s.io/kubernetes/staging/src/k8s.io/client-go/OWNERS [liggitt,smarterclayton]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.