Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove init to chown config map #55

Merged
merged 3 commits into from
Nov 12, 2021
Merged

remove init to chown config map #55

merged 3 commits into from
Nov 12, 2021

Conversation

elrido
Copy link
Contributor

@elrido elrido commented Nov 7, 2021
edited
Loading

This PR intends to address #54 with the assumption that we had wanted to adjust permissions in the storage volume (where the main container needs to write into), not the ConfigMap. It also switches the image used from busybox to privatebin/chown, which contains just the chown binary compiled from busybox, though that change can reverted, if preferred. [added in edit:] removing the chown of the config map. Kudos @reg0bs for pointing out the function of the fsGroup security context to me.

@elrido
Copy link
Contributor Author

elrido commented Nov 7, 2021

I'm not quite sure why it fails consistently with 1.19, the logs, are these, as far as a I can see:

==> Logs of container privatebin-v33j9hal51-6f8b75768-jw458
------------------------------------------------------------------------------------------------------------------------
s6-rc: info: service php-fpm8: starting
s6-rc: info: service php-fpm8 successfully started
s6-rc: info: service nginx: starting
s6-rc: info: service nginx successfully started
[07-Nov-2021 11:40:41] NOTICE: fpm is running, pid 22
[07-Nov-2021 11:40:41] NOTICE: ready to handle connections
10.244.1.1 - - [07/Nov/2021:11:40:46 +0000] "GET / HTTP/1.1" 200 4772 "-" "kube-probe/1.19" "-"
10.244.1.1 - - [07/Nov/2021:11:40:47 +0000] "GET / HTTP/1.1" 200 4772 "-" "kube-probe/1.19" "-"
------------------------------------------------------------------------------------------------------------------------
<== Logs of container privatebin-v33j9hal51-6f8b75768-jw458
------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==> Description of pod privatebin-v33j9hal51-test-connection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Name:         privatebin-v33j9hal51-test-connection
Namespace:    privatebin-v33j9hal51
Priority:     0
Node:         chart-testing-worker/172.18.0.2
Start Time:   Sun, 07 Nov 2021 11:40:49 +0000
Labels:       app.kubernetes.io/instance=privatebin-v33j9hal51
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=privatebin
              helm.sh/chart=privatebin-0.10.1
Annotations:  helm.sh/hook: test-success
Status:       Failed
IP:           10.244.1.5
IPs:
  IP:  10.244.1.5
Containers:
  wget:
    Container ID:  containerd://3d582594821ca03aaaa8f702c4d0821473ce1aa589eff1975d7f05500a34bc47
    Image:         busybox
    Image ID:      docker.io/library/busybox@sha256:15e927f78df2cc772b70713543d6b651e3cd8370abf86b2ea4644a9fba21107f
    Port:          <none>
    Host Port:     <none>
    Command:
      wget
    Args:
      privatebin-v33j9hal51:80
    State:          Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Sun, 07 Nov 2021 11:40:52 +0000
      Finished:     Sun, 07 Nov 2021 11:40:52 +0000
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-cmcsv (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  default-token-cmcsv:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-cmcsv
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  4s    default-scheduler  Successfully assigned privatebin-v33j9hal51/privatebin-v33j9hal51-test-connection to chart-testing-worker
  Normal  Pulling    3s    kubelet            Pulling image "busybox"
  Normal  Pulled     1s    kubelet            Successfully pulled image "busybox" in 1.962396717s
  Normal  Created    1s    kubelet            Created container wget
  Normal  Started    1s    kubelet            Started container wget
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<== Description of pod privatebin-v33j9hal51-test-connection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------------------------------------------------------
==> Logs of container privatebin-v33j9hal51-test-connection
------------------------------------------------------------------------------------------------------------------------
wget: bad address 'privatebin-v33j9hal51:80'
------------------------------------------------------------------------------------------------------------------------
<== Logs of container privatebin-v33j9hal51-test-connection

@elrido elrido changed the title switch init to chown storage instead of config map remove init to chown config map Nov 10, 2021
bdashrad
bdashrad requested changes Nov 10, 2021
View reviewed changes
charts/privatebin/values.yaml Outdated Show resolved Hide resolved
@bdashrad bdashrad self-assigned this Nov 11, 2021
@bdashrad bdashrad merged commit 7100b2d into master Nov 12, 2021
@bdashrad bdashrad deleted the stateful-init-storage branch November 12, 2021 20:31
@github-actions github-actions bot mentioned this pull request Nov 22, 2021
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdashrad bdashrad bdashrad approved these changes

Assignees

@bdashrad bdashrad

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@elrido @bdashrad