Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add volume for plugin and tmp folder #3546

Merged
merged 1 commit into from
Jun 17, 2024

Conversation

tommy351
Copy link
Contributor

@tommy351 tommy351 commented Apr 30, 2024

The latest manifests (v1.7.0-rc1) throws the following error during plugin download. The reason probably is the stricter security context introduced in #3424. I added a new volume for downloaded plugin files.

time="2024-04-30T06:38:26Z" level=fatal msg="Failed to download plugins: failed to create plugin folder for plugin (argoproj-labs/gatewayAPI): (mkdir /home/argo-rollouts/plugin-bin: read-only file system)"

It seems files in emptyDir is not executable even if securityContext.fsGroup is set. I'm still investigating. Fixed by adding tmp volume.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this is a chore.
  • The title of the PR is (a) conventional with a list of types and scopes found here, (b) states what changed, and (c) suffixes the related issues number. E.g. "fix(controller): Updates such and such. Fixes #1234".
  • I've signed my commits with DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My builds are green. Try syncing with master if they are not.
  • My organization is added to USERS.md.

@tommy351 tommy351 changed the title fix(manifests): Add volume for plugin folder fix: Add volume for plugin folder Apr 30, 2024
Copy link

codecov bot commented Apr 30, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.19%. Comparing base (8405f2e) to head (64a30cc).
Report is 102 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3546      +/-   ##
==========================================
- Coverage   81.83%   78.19%   -3.65%     
==========================================
  Files         135      158      +23     
  Lines       20688    18397    -2291     
==========================================
- Hits        16931    14386    -2545     
- Misses       2883     3104     +221     
- Partials      874      907      +33     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Contributor

github-actions bot commented Apr 30, 2024

Go Published Test Results

2 160 tests   2 160 ✅  2m 53s ⏱️
  119 suites      0 💤
    1 files        0 ❌

Results for commit 64a30cc.

♻️ This comment has been updated with latest results.

Copy link
Contributor

github-actions bot commented Apr 30, 2024

E2E Tests Published Test Results

  4 files    4 suites   3h 23m 55s ⏱️
110 tests  97 ✅  6 💤 7 ❌
450 runs  417 ✅ 24 💤 9 ❌

For more details on these failures, see this check.

Results for commit 64a30cc.

♻️ This comment has been updated with latest results.

@tommy351 tommy351 marked this pull request as draft April 30, 2024 08:14
ephemeral-storage: 300Mi
volumeMounts:
- name: plugin-bin
mountPath: /home/argo-rollouts/plugin-bin
Copy link
Member

@agaudreault agaudreault May 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default, the plugin folder for Rollout is at the root afaik. But I am using Dockerfile.dev, so maybe it is different with that one.

Edit: Dockerfile.dev is indeed different and I updated it to the same workdir on my branch, but you could do it in this PR too.

Here is the patch I currently have to be able to run plugins.

/tmp should be added, otherwise the volume will be read-only and it it used for socket creation.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argo-rollouts
spec:
  template:
    spec:
      containers:
        - name: argo-rollouts
          volumeMounts:
            - mountPath: /home/argo-rollouts/plugin-bin
              name: plugin-bin
              readOnly: false
            - mountPath: /tmp
              name: tmp
              readOnly: false
      volumes:
        - name: plugin-bin
          emptyDir: {}
        - name: tmp
          emptyDir: {}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in da2dea5

@tommy351 tommy351 changed the title fix: Add volume for plugin folder fix: Add volume for plugin and tmp folder May 3, 2024
@tommy351 tommy351 marked this pull request as ready for review May 3, 2024 10:57
@tommy351 tommy351 requested a review from agaudreault May 8, 2024 07:53
resources:
limits:
ephemeral-storage: 1Gi
volumeMounts:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tmp volume added but not mounted.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 64a30cc

Signed-off-by: Tommy Chen <tommy351@gmail.com>
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@tommy351 tommy351 requested a review from agaudreault May 15, 2024 08:36
Copy link
Member

@agaudreault agaudreault left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zachaller zachaller merged commit 7188d99 into argoproj:master Jun 17, 2024
22 of 23 checks passed
zachaller pushed a commit that referenced this pull request Jun 17, 2024
Signed-off-by: Tommy Chen <tommy351@gmail.com>
@zachaller zachaller added the cherry-pick-completed Used once we have cherry picked the PR to all requested releases label Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cherry-pick/release-1.7 cherry-pick-completed Used once we have cherry picked the PR to all requested releases
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants