Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security-secretstore-setup relies on undocument Docker volume init semantics #3852

Closed
bnevis-i opened this issue Jan 2, 2022 · 0 comments 路 Fixed by #4092
Closed

security-secretstore-setup relies on undocument Docker volume init semantics #3852

bnevis-i opened this issue Jan 2, 2022 · 0 comments 路 Fixed by #4092
Assignees
@vli11
Labels
bug Something isn't working levski fall 2022 release security-services
Projects
Security WG
Milestone
Levski

Comments

@bnevis-i
Copy link
Collaborator

bnevis-i commented Jan 2, 2022

馃悶 Bug Report

Affected Services [REQUIRED]

security-secretstore-setup

Is this a regression?

No

Description and Minimal Reproduction [REQUIRED]

security-secretstore-setup runs the following in its Dockerfile to initialize the assets directory:

RUN chmod +x /usr/local/bin/entrypoint.sh \
    && ln -s /usr/local/bin/entrypoint.sh / \
    && mkdir -p /vault/config/assets \
    && chown -Rh 100:1000 /vault/

However, when a blank volume is mounted on top of /vault/config, the assets folder is hidden.

In Docker, the deployment artifacts are copied into the Docker volume.
In Kubernetes, the mount point is replaced with a blank volume.

馃敟 Exception or Error

level=ERROR ts=2022-01-02T19:30:07.91815458Z app=security-secretstore-setup source=init.go:684 msg="could not read master key shares file /vault/config/assets/resp-init.json: open /vault/config/assets/resp-init.json: no such file or directory"
level=ERROR ts=2022-01-02T19:30:07.918169496Z app=security-secretstore-setup source=init.go:191 msg="unable to save init response: open /vault/config/assets/resp-init.json: no such file or directory"

馃實 Your Environment

Deployment Environment: Fedora 35
EdgeX Version [REQUIRED]: Jakarta release
Anything else relevant? Kubernetes 1.21 (kubeadm) with CRI-O
@bnevis-i bnevis-i added bug Something isn't working security-services labels Jan 2, 2022
@bnevis-i bnevis-i added this to New Issues in Security WG via automation Jan 2, 2022
@bnevis-i bnevis-i changed the title security-secretstore-setup relies on undocument Docker volume behavior security-secretstore-setup relies on undocument Docker volume init semantics Jan 2, 2022
@bnevis-i bnevis-i moved this from New Issues to Release Backlog in Security WG May 19, 2022
@vli11 vli11 self-assigned this Jul 8, 2022
vli11 added a commit to vli11/edgex-go that referenced this issue Jul 14, 2022
@vli11
fix: security-secretstore-setup volume init semantics
e6a6a81 
fixes: edgexfoundry#3852
Signed-off-by: Valina Li <valina.li@intel.com>
@vli11 vli11 mentioned this issue Jul 14, 2022
Merged
5 tasks
@jim-wang-intel jim-wang-intel added levski fall 2022 release and removed jakarta labels Jul 14, 2022
@jim-wang-intel jim-wang-intel added this to the Levski milestone Jul 14, 2022
Security WG automation moved this from Release Backlog to Done Jul 14, 2022
vli11 added a commit that referenced this issue Jul 14, 2022
@vli11
fix: security-secretstore-setup volume init semantics (#4092)
66f7195 
* fix: security-secretstore-setup volume init semantics

fixes: #3852
Signed-off-by: Valina Li <valina.li@intel.com>
@bnevis-i bnevis-i mentioned this issue Jul 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vli11 vli11

Labels
bug Something isn't working levski fall 2022 release security-services
Projects
Security WG
  
Done
Milestone
Levski
Development

Successfully merging a pull request may close this issue.

fix: security-secretstore-setup volume init semantics vli11/edgex-go
3 participants
@vli11 @bnevis-i @jim-wang-intel