Skip to content

DataProtection - PersistKeysToFileSystem is not working properly inside K3S with shared file system #51165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
apetrut opened this issue Oct 5, 2023 · 2 comments
Closed
1 task done

DataProtection - PersistKeysToFileSystem is not working properly inside K3S with shared file system #51165

apetrut opened this issue Oct 5, 2023 · 2 comments
Labels
area-dataprotection Includes: DataProtection
Milestone
.NET 9 Planning

Comments

@apetrut
Copy link

apetrut commented Oct 5, 2023

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

I am using 2 pods inside a K3S cluster and when the first pod is started the key-GUID.xml file is generated and stored in a shared drive location.
When the second service gets started it sees the first key file (because it points to the same file storage location) and doesn't create a new one. I checked the logs and no error was logged.

After some while (i.e. 10-15 minutes) of playing with the apps, errors like below started to appear:

An exception was thrown while deserializing the token.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
---> System.Security.Cryptography.CryptographicException: The key {669d513e-a172-4851-b160-04b523abbc1e} was not found in the key ring.

Why does this error occur after some while?

Expected Behavior

I would expect that no errors were thrown.

Steps To Reproduce

No response

Exceptions (if any)

An exception was thrown while deserializing the token.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
---> System.Security.Cryptography.CryptographicException: The key {669d513e-a172-4851-b160-04b523abbc1e} was not found in the key ring.

.NET Version

.NET 7

Anything else?

No response
@ghost ghost added the area-dataprotection Includes: DataProtection label Oct 5, 2023
@apetrut apetrut changed the title DataProtection - PersistKeysToFileSystem on K3S is not working properly DataProtection - PersistKeysToFileSystem is not working properly inside K3S with shared file system Oct 5, 2023
@amcasey amcasey mentioned this issue Nov 15, 2023
Open
1 task
@amcasey amcasey mentioned this issue Jan 24, 2024
Open
@amcasey amcasey added this to the .NET 9 Planning milestone Jan 26, 2024
@ghost
Copy link

ghost commented Jan 26, 2024

Thanks for contacting us.

We're moving this issue to the .NET 9 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

@dotnet-policy-service dotnet-policy-service bot added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 6, 2024
@wtgodbe wtgodbe removed the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 6, 2024
@dotnet-policy-service dotnet-policy-service bot added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 6, 2024
@wtgodbe wtgodbe removed the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 13, 2024
@dotnet dotnet deleted a comment from dotnet-policy-service bot Feb 13, 2024
@dotnet dotnet deleted a comment from dotnet-policy-service bot Feb 13, 2024
@amcasey
Copy link
Member

amcasey commented Oct 4, 2024

I'm going to close this issue. Please post additional feedback in #36157 so we can track it centrally and don't drop any.

@amcasey amcasey closed this as completed Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-dataprotection Includes: DataProtection
Projects
None yet
Milestone
.NET 9 Planning
Development

No branches or pull requests
3 participants
@amcasey @apetrut @wtgodbe