Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ringSecretName won't work for k8s >= 1.9.6 #354

Open
jamesc opened this issue Sep 7, 2018 · 1 comment
Open

ringSecretName won't work for k8s >= 1.9.6 #354

jamesc opened this issue Sep 7, 2018 · 1 comment

Comments

@jamesc
Copy link

jamesc commented Sep 7, 2018

The code at https://github.com/habitat-sh/habitat-operator/blob/master/pkg/controller/v1beta2/stateful_sets.go#L269-L275 馃憤

vm := &apiv1.VolumeMount{
	Name:      ringSecretName,
	MountPath: "/hab/cache/keys",
	// This directory cannot be made read-only, as the supervisor writes to
	// it during its operation.
	ReadOnly: false,
}

wont work anymore due to the ReadOnly: false option being silently ignored since 1.9.6. See kubernetes/kubernetes#62099.

This hits me in #351 as well since hab can't change the directory permissions on a read-only volume mount. The suggested workaround is an initContainer combined with a emptyDir Volume
@surajssd
Copy link
Contributor

IIUC, This should be taken care by the operator. Operator should detect such changes and update the secret in k8s accordingly and then the secret is updated in all the pods that has it mounted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamesc @surajssd