flux2
flux2 copied to clipboard
fluxcd
flux build/diff: fs-security-constraint error
Describe the bug
When running flux build ..., an error is shown that indicates security issue. For example:
flux build kustomization my-app --path ./corpsol --kustomization-file ./corpsol/kustomization.yaml
will display the following error
✗ kustomize build failed: fs-security-constraint abs ./corpsol: path './corpsol' is not in or below 'C:\'
The kustomization.yaml looks like this
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- ../../../../.common/helm_templates/flux_manifests/alert.yaml
Steps to reproduce
- Install Flux
- Run
flux build kustomization my-app --path ./corpsol --kustomization-file ./corpsol/kustomization.yaml - See the error - fs-security-constraint (no files are built)
Expected behavior
The kustomization should be built successfully, so that a preview is shown.
Screenshots and recordings
No response
OS / Distro
Windows 10
Flux version
v0.30.2
Flux check
flux check ► checking prerequisites ✔ Kubernetes 1.22.6 >=1.20.6-0 ► checking controllers ✔ helm-controller: deployment ready ► ghcr.io/fluxcd/helm-controller:v0.21.0 ✔ kustomize-controller: deployment ready ► ghcr.io/fluxcd/kustomize-controller:v0.25.0 ✔ notification-controller: deployment ready ► ghcr.io/fluxcd/notification-controller:v0.23.5 ✔ source-controller: deployment ready ► ghcr.io/fluxcd/source-controller:v0.24.4 ✔ all checks passed
Git provider
No response
Container Registry provider
No response
Additional context
No response
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
@souleb What do you mean: The files and contents or the absolute path of ./corpsol?
@hiddeco @souleb The absolute path is C:\Users\dave\source\repos\infra\clusters\apps\domains\corpsol
Alright, thanks! :) Could you reproduce this? Let me know if you need more information.
getting the same error for flux diff:
✗ kustomize build failed: must build at directory: not a valid directory: fs-security-constraint abs C:\flux-fleet\clusters\prd: path 'C:\flux-fleet\clusters\prd' is not in or below 'C:\'
same error for any kustomizations (I only use flux ones, not kustomize ones)\path combo
Fixing this on Windows is not going to be easy as none of the Flux maintainers use MSFT products. I suggest installing the Flux CLI on Windows Subsystem for Linux which has no issues.
can you, perhaps, point me to the code that is throwing? I'm willing to try, however I'm not really good with go :(
The error comes from our own filesystem implementation https://github.com/fluxcd/pkg/blob/main/kustomize/filesys/fs_secure.go
thanks, i'll try looking at it, but at a glance it doesn't look like something I'll be able to figure out xD
@stefanprodan Ok, understand this. Totally new to golang, but I only use Windows. However, is there a guide on how to kickstart flux development? Would like to know how to run the code and test changes.
Just a note for myself: https://github.com/fluxcd/flux2/pull/2764
@Thaval can you try with this pull request: https://github.com/fluxcd/flux2/pull/3317?
@Thaval can you try with this pull request: https://github.com/fluxcd/flux2/pull/3317?
Sure I can. But I need to figure out how to run the commands or better said, build and use the project.
this doesnt build a binary for windows? at least for me.
i think this works to build for windows: export GOOS=windows
okay, with this build it is actually working! sweeeet.
.\flux.exe diff kustomization --path C:\_git\xxx\infrastructure\core\ cluster-base
✓ Kustomization diffing...
► Namespace/yyy drifted
metadata.labels
+ one map entry added:
test: test
⚠️ identified at least one change, exiting with non-zero exit code