cmd/containerboot: use root context for auth key reissue wait

Pass the root context instead of bootCtx to setAndWaitForAuthKeyReissue. The 60-second bootCtx timeout was cancelling the reissue wait before the operator had time to respond, causing the pod to crash-loop. Updates #14080 Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
2026-04-03 22:25:27 -04:00 · 2026-04-01 13:16:00 +01:00
parent a694ff682b
commit 066af76ee9
2 changed files with 3 additions and 3 deletions
--- a/cmd/containerboot/main.go
+++ b/cmd/containerboot/main.go
@@ -375,7 +375,7 @@ func run() error {
 					if hasKubeStateStore(cfg) {
 						log.Printf("Auth key missing or invalid (NeedsLogin state), disconnecting from control and requesting new key from operator")

-						err := kc.setAndWaitForAuthKeyReissue(bootCtx, client, cfg, tailscaledConfigAuthkey)
+						err := kc.setAndWaitForAuthKeyReissue(ctx, client, cfg, tailscaledConfigAuthkey)
 						if err != nil {
 							return fmt.Errorf("failed to get a reissued authkey: %w", err)
 						}
@@ -415,7 +415,7 @@ func run() error {
 				if isOneStepConfig(cfg) && hasKubeStateStore(cfg) {
 					log.Printf("Auth key failed to authenticate (may be expired or single-use), disconnecting from control and requesting new key from operator")

-					err := kc.setAndWaitForAuthKeyReissue(bootCtx, client, cfg, tailscaledConfigAuthkey)
+					err := kc.setAndWaitForAuthKeyReissue(ctx, client, cfg, tailscaledConfigAuthkey)
 					if err != nil {
 						return fmt.Errorf("failed to get a reissued authkey: %w", err)
 					}
--- a/kube/authkey/authkey.go
+++ b/kube/authkey/authkey.go
@@ -64,7 +64,7 @@ func ClearReissueAuthKey(ctx context.Context, kc kubeclient.Client, stateSecretN
 		},
 	}

-	if profileKey := string(existing.Data["_current-profile"]); profileKey != "" {
+	if profileKey := string(existing.Data[string(ipn.CurrentProfileStateKey)]); profileKey != "" {
 		s.Data[profileKey] = nil
 	}