Minio Fails to deploy on 1.9.4 due to ConfigMaps now being mounted ReadOnly #4272
Comments
|
Related: #4267 |
|
Thanks. We've found a workaround that was ok for us until this is fixed more permanently was to set the K8s feature gate "ReadOnlyAPIDataVolumes" to Be careful though, this opens you up to this issue: http://cve.circl.lu/cve/CVE-2017-1002102 |
|
@dominik-bln: That should work for now, but please note that the feature gate is marked as deprecated in k8s 1.10 and will be removed in 1.11 |
|
Another quick fix is to specify (using a Fix : |
|
@Secathor: I think mounting subPaths from secrets and configmaps was broken in 1.9.4 (kubernetes/kubernetes#61080) and fixed in 1.9.5. |
|
Using this fix on 1.7.14-gke.1 for now. |
…refactor (helm#4281) * Rename manifests to align with best practices * Refactor minio chart - add ingress resource - consolidate svc resource to support all deployment modes - update labels and selectors to align with helm best practices - general cleanup to align with helm best practices/patterns observed in `helm create` - update values, README and _helpers accordingly - bump image tag - bump chart version * Fix issue caused by ConfigMaps now being mounted ReadOnly Tested on: k8s 1.8.10 and 1.9.6 Related: kubernetes/kubernetes#58720 Fixes: helm#4272 * Bump chart version to 1.0.0
…refactor (helm#4281) * Rename manifests to align with best practices * Refactor minio chart - add ingress resource - consolidate svc resource to support all deployment modes - update labels and selectors to align with helm best practices - general cleanup to align with helm best practices/patterns observed in `helm create` - update values, README and _helpers accordingly - bump image tag - bump chart version * Fix issue caused by ConfigMaps now being mounted ReadOnly Tested on: k8s 1.8.10 and 1.9.6 Related: kubernetes/kubernetes#58720 Fixes: helm#4272 * Bump chart version to 1.0.0
…refactor (helm#4281) * Rename manifests to align with best practices * Refactor minio chart - add ingress resource - consolidate svc resource to support all deployment modes - update labels and selectors to align with helm best practices - general cleanup to align with helm best practices/patterns observed in `helm create` - update values, README and _helpers accordingly - bump image tag - bump chart version * Fix issue caused by ConfigMaps now being mounted ReadOnly Tested on: k8s 1.8.10 and 1.9.6 Related: kubernetes/kubernetes#58720 Fixes: helm#4272 * Bump chart version to 1.0.0 Signed-off-by: voron <av@arilot.com>
…refactor (#4281) * Rename manifests to align with best practices * Refactor minio chart - add ingress resource - consolidate svc resource to support all deployment modes - update labels and selectors to align with helm best practices - general cleanup to align with helm best practices/patterns observed in `helm create` - update values, README and _helpers accordingly - bump image tag - bump chart version * Fix issue caused by ConfigMaps now being mounted ReadOnly Tested on: k8s 1.8.10 and 1.9.6 Related: kubernetes/kubernetes#58720 Fixes: helm/charts#4272 * Bump chart version to 1.0.0
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT
Version of Helm and Kubernetes:
Helm 2.8.1
Kubernetes 1.9.4
Which chart:
stable/minio
What happened:
Since upgrading our cluster from 1.9.x to 1.9.4, Minio fails to start with the message
time="2018-03-19T09:38:54Z" level=fatal msg="Unable to create configuration directories." cause="mkdir /root/.minio/certs: read-only file system" source="[server-main.go:143:serverMain()]"What you expected to happen:
Minio starting up correctly
How to reproduce it (as minimally and precisely as possible):
Install the Minio Helm chart in an 1.9.4 cluster
Anything else we need to know:
Likely caused by this security fix:
kubernetes/kubernetes#58720
Also related:
#4166
The text was updated successfully, but these errors were encountered: