-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BACKPORT][v1.5.3][BUG] Failing to mount encrypted volumes v1.5.2 #7048
Comments
Pre Ready-For-Testing Checklist
longhorn/longhorn-manager#2282
|
Verified on v1.5.x-head 20231113
The test steps
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn-crypto-per-volume
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "3"
staleReplicaTimeout: "80" # 2880 - 48 hours in minutes
fromBackup: ""
encrypted: "true"
# per volume secret which utilizes the `pvc.name` and `pvc.namespace` template parameters
csi.storage.k8s.io/provisioner-secret-name: ${pvc.name}
csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace}
csi.storage.k8s.io/node-publish-secret-name: ${pvc.name}
csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}
csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}
csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace}
# clemenko
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask
labels:
app: flask
spec:
replicas: 8
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: flask
template:
metadata:
labels:
app: flask
spec:
containers:
- name: flask
securityContext:
allowPrivilegeEscalation: false
image: clemenko/flask_simple
#command: [ "/bin/sh", "-c", "sleep 3003003240204242" ]
ports:
- containerPort: 5000
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis
args: ["--appendonly", "yes"]
securityContext:
allowPrivilegeEscalation: false
seLinuxOptions:
level: "s0:c123,c456"
ports:
- containerPort: 6379
volumeMounts:
- name: redis-data
mountPath: /data
subPath:
volumes:
- name: redis-data
persistentVolumeClaim:
claimName: redis
---
apiVersion: v1
kind: Secret
metadata:
name: redis
stringData:
CRYPTO_KEY_VALUE: "flaskisthebestdemoapplication"
CRYPTO_KEY_PROVIDER: "secret"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: redis
labels:
app: redis
spec:
storageClassName: "longhorn-crypto-per-volume"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 500Mi
---
apiVersion: v1
kind: Service
metadata:
labels:
name: flask
kubernetes.io/name: "flask"
name: flask
spec:
selector:
app: flask
ports:
- name: flask
protocol: TCP
port: 5000
targetPort: 5000
---
apiVersion: v1
kind: Service
metadata:
labels:
name: redis
kubernetes.io/name: "redis"
name: redis
spec:
selector:
app: redis
ports:
- name: redis
protocol: TCP
port: 6379
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: flask
spec:
rules:
- host: flask.rfed.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: flask
port:
number: 5000
# ---
#apiVersion: ui.cattle.io/v1
#kind: NavLink
#metadata:
# name: flask
#spec:
# label: Flask
# target: _blank
# toService:
# name: flask
# namespace: flask
# port: '5000'
# scheme: http Result Passed
|
@roger-ryao Could you please test few more test cases?
Note: Leverage the automation scripts with encrypted volume if possible. |
reopen an
Reopen ticket and test a few more test cases |
@roger-ryao |
Verified on v1.5.3-rc1 20231114
Result Passed
|
Thank you. Can you help add encrypted volume restore? |
backport #7045
The text was updated successfully, but these errors were encountered: