Canonical Juju

unable to mount additional volumes by mutating StatefulSet since rc11 without error

Bug #1925751 reported by Jon Seager
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Fix Released
Critical
Heather Lanigan
Canonical Juju 2.9.0

Bug Description

I've been experimenting with the new `juju trust` functionality with my kubernetes dashboard charm (https://github.com/jnsgruk/charm-kubernetes-dashboard).

I previously had this working by creating a bunch of Kubernetes resources using the K8s API, including a ServiceAccount -- this is done in a method called during the `install` hook.

When the PebbleReadyEvent fires, I was then using the Kubernetes API to mutate the StatefulSet to ensure that the ServiceAccount token was mounted into the dashboard container. Since rc11, that results in repeated errors like so:

```
controller-0: 15:44:30 ERROR juju.worker.caasapplicationprovisioner.runner exited "jnsgruk-kubernetes-dashboard": finding filesystem info for kubernetes-dashboard-token-sq69p: volume {kubernetes-dashboard-token-sq69p {nil nil nil nil nil &SecretVolumeSource{SecretName:kubernetes-dashboard-token-sq69p,Items:[]KeyToPath{},DefaultMode:*420,Optional:nil,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} not supported
```

The line where I'm adding the various parts to the StatefulSet is: https://github.com/jnsgruk/charm-kubernetes-dashboard/blob/1f0d31bde941acd4e5fe0b88a6e63bd10386ba07/src/charm.py#L148

Possibly related (or at least similar) to: https://github.com/juju/juju/pull/12889

Revision history for this message
Ian Booth (wallyworld) wrote :

Looks like this check

if vol.Secret != nil && strings.HasPrefix(vol.Secret.SecretName, a.name+"-token") {
 logger.Tracef("ignoring volume source for service account secret: %v", vol.Name)
 continue
}

in caas/kubernetes/provider/appication/application.go

needs to be tweaked

Changed in juju:
milestone: none → 2.9-rc13
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Jon Seager (jnsgruk) wrote :

As per Mattermost conversation; there is some weirdness here which I suspect won't be unique to this particular Kubernetes app:

In this case, the charm is called `jnsgruk-kubernetes-dashboard`, but I'm creating resources (and mounts) named `kubernetes-dashboard`. This is unfortunate, but necessary because the Kubernetes Dashboard has the names of the ServiceAccounts/Roles/ConfigMaps it relies upon hardcoded

Revision history for this message
Ian Booth (wallyworld) wrote :

I think a quick fix just needs to be to remove appName from the check

if vol.Secret != nil && strings.Contains(vol.Secret.SecretName, "-token") {
 logger.Tracef("ignoring volume source for service account secret: %v", vol.Name)
 continue
}

Heather Lanigan (hmlanigan)
Changed in juju:
status: Triaged → In Progress
assignee: nobody → Heather Lanigan (hmlanigan)
Revision history for this message
Heather Lanigan (hmlanigan) wrote :

https://github.com/juju/juju/pull/12925

Ian Booth (wallyworld)
Changed in juju:
status: In Progress → Fix Committed
Ian Booth (wallyworld)
Changed in juju:
milestone: 2.9-rc13 → 2.9.0
Canonical Juju QA Bot (juju-qa-bot)
Changed in juju:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.