Comments (7)
Hi @philosifer. It should work even with the k8s change. I don't think dex requires it to be rw. However I believe subpath mounts were temporarily broken in some k8s versions (1.8.8 iirc) which would cause the dex yaml to fail to work.
from osprey.
I put the subpaths back in but still with the initcontainer intermediate step and it still works so i think its more to do with the config map than using subpaths. I'm on 1.10.2 btw.
from osprey.
What error do you get with the Config map @philosifer?
I submitted a PR for Dex itself a while ago because it has an issue resolving the templates when mounting them as volumes: dexidp/dex#1206.
It was rejected though, and I did not submit a second one. See if it the description of the issue matches what you are seeing.
from osprey.
This is the error I get from kubectl describe pod if i don't do the initcontainer trick
Error: failed to start container "dex": Error response from daemon: error setting label on mount source '/var/lib/kubelet/pods/b7f8be8b-65a8-11e8-a1a1-005056a6113c/volume-subpaths/dex-web-templates/dex/5': read-only file system
That's repeated for a few of the other subpath mounts before it gives up and fails
I've done some more investigating. I have two clusters, development which uses default settings for security and production on which i've set it to use certificates everywhere, https for etcd etc. I only see the read-only issue on the production cluster, it works fine as you wrote it on the dev cluster but i've no idea what exactly is causing that difference. Both are built with virtually identical kubeadm config files apart from the certificate lines added to the production setup.
from osprey.
@totahuanocotl ping
from osprey.
@philosifer, sorry for the late response.
Do you still have this issue?
If so, I'll try to replicate it and try to find the issue.
If you could provide the configuration you used that would be helpful.
from osprey.
Yes I still have the issue but not much time to troubleshoot it further currently. It is also now affecting my attempt to redeploy harbor with helm (their issue #4496) and i might end up having to use the ReadOnlyAPIDataVolumes feature gate for now as i have too many places to put in workarounds for everything.
from osprey.
Related Issues (20)
- use-html-parser-for-login-flow is awesome, and chance you will pull that into master HOT 5
- Support multiple Azure OIDC applications
- Failed to parse dex response querying auth endpoint HOT 2
- Create a new function to populate a new Target struct object HOT 2
- Allow `updateKubeconfig` function to be exported. Therefore, convert to a public function instead of having it as private.
- Proxy list does not contain release tag v2.0.0 HOT 1
- Issue with the syntax apiServerUrl in README File HOT 2
- Panic with invalid configuration file
- Incorrect osprey CA configuration spec in README.md
- New command osprey user status
- https://dl.bintray.com/ Forbidden! HOT 2
- Create a binary distribution pipeline HOT 1
- Fix the SSL certificates in the tests HOT 1
- e2e tests are flaky when run in parallel HOT 1
- Support parsing of kubeconfig with extra fields HOT 1
- It's not possible to install with go install HOT 1
- Build binary for not only amd64
- Change travis build agent to a newer ubuntu release
- Repository Archival Notification HOT 1
- Windows build script out of date, trying to download x86_64 rather than amd64 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osprey.