Coder Social home page Coder Social logo

Comments (8)

byxorna avatar byxorna commented on July 2, 2024

Hey @kgunjikar, thanks for the issue! This should be fixed by #30. Mind taking a peek?

from k8s-sidecar-injector.

kgunjikar avatar kgunjikar commented on July 2, 2024

Thanks for the response. if you could please add a sample config, it would be great.

from k8s-sidecar-injector.

byxorna avatar byxorna commented on July 2, 2024

Thanks for the response. if you could please add a sample config, it would be great.

https://github.com/tumblr/k8s-sidecar-injector/pull/30/files#diff-67e99b25c650f7fe0288309c725f40ad is used by the unit tests to assert that the serviceAccountName is overwritten (https://github.com/tumblr/k8s-sidecar-injector/pull/30/files#diff-31dfa6243f3cee9b9b95fdc19408f98b is the generated response). Just serviceAccountName should be enough to make it work. Your log output makes me think either it isnt using the PR code 🤔

from k8s-sidecar-injector.

kgunjikar avatar kgunjikar commented on July 2, 2024

Hmm, maybe I'm missing some config wrt service account. Will get back

from k8s-sidecar-injector.

kgunjikar avatar kgunjikar commented on July 2, 2024

I can see the serviceAccount but it doesn't mount in the container. There is nothing in the /var/run/secrets

Codewise, do we need to add a specific volume-mount for the serviceAccount ?

I1024 02:32:21.459356       1 webhook.go:493] AdmissionResponse: patch=[{"op":"add","path":"/spec/containers/-","value":{"name":"sidecar-wiper","image":"diamanti/wiper:0.2","ports":[{"containerPort":80}],"env":[{"name":"ENV_IN_SIDECAR","value":"test-in-sidecar"},{"name":"HELLO","value":"world"},{"name":"TEST","value":"test_that"}],"resources":{},"volumeMounts":[{"name":"test-vol","mountPath":"/tmp/test"}],"imagePullPolicy":"IfNotPresent","securityContext":{"privileged":true}}},{"op":"add","path":"/spec/containers/0/env","value":[{"name":"HELLO","value":"world"}]},{"op":"add","path":"/spec/containers/0/env/-","value":{"name":"TEST","value":"test_that"}},{"op":"add","path":"/spec/containers/0/volumeMounts/-","value":{"name":"test-vol","mountPath":"/tmp/test"}},{"op":"add","path":"/spec/volumes/-","value":{"name":"test-vol","configMap":{"name":"test-config"}}},**{"op":"replace","path":"/spec/serviceAccountName","value":"default"},**{"op":"add","path":"/metadata/annotations/injector.tumblr.com~1status","value":"injected"}]
I1024 02:32:21.459650       1 webhook.go:571] Ready to write reponse ...
172.16.190.12 - - [24/Oct/2019:02:32:21 +0000] "POST /mutate?timeout=30s HTTP/2.0" 200 1389 "" "kube-apiserver-admission"
172.16.190.14 - - [24/Oct/2019:02:32:27 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.14"
-bash-4.2$ kubectl exec -it debian-debug -c sidecar-wiper /bin/bash
[root@debian-debug /]# ls
anaconda-post.log  bin  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@debian-debug /]# cd /var/run/
[root@debian-debug run]# ls
console  cryptsetup  faillock  lock  log  secrets  sepermit  setrans  systemd  user  utmp
[root@debian-debug run]# cd secrets/
[root@debian-debug secrets]# ls
[root@debian-debug secrets]# exit

from k8s-sidecar-injector.

byxorna avatar byxorna commented on July 2, 2024

@kgunjikar that seems like the correct config. The kubernetes Service account controller should handle creating the volumemount when we attach the service account to the pod. Can you show the pod's full yaml after injection? This can show whether the pod actually has mounts and SAs configured.

There is an outside possibility that the version of k8s you are running is not rerunning the Service account controller after we mutate the pod, so the SA volumes do not get added to the pod when we inject the serviceAccountName field. There was a bug that was supposedly fixed in 1.15 but I have not verified it myself.

from k8s-sidecar-injector.

kgunjikar avatar kgunjikar commented on July 2, 2024

My apologies, it was 1.14.3 . With 1.15.3 it works. Thanks for the help

from k8s-sidecar-injector.

byxorna avatar byxorna commented on July 2, 2024

@kgunjikar thats great, I am glad you got it sorted out! 😄

from k8s-sidecar-injector.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.