vcluster icon indicating copy to clipboard operation
vcluster copied to clipboard

Published 20 hours ago verified publisher icon loft-sh

Rewriting secrets in the azureFile volume

Open ipopovic5 opened this issue 3 years ago • 1 comments

I'm having an issue with the applications deployed in vCluster, whose secret is defined in k8s inline mount. When trying to deploy the application, the secret is looked up in the wrong path.

Example of application deployment: Host cluster -> vcluster (namespace) -> application (namespace) -> secret

Instead of looking for the secret in the application namespace (inside vCluster), the deployment looks it up in the vcluster/secret namespace. I would expect deployment to search the secret in vCluster's namespace, where the mount and resource are defined.

Here is the k8s resource for the inline mount sample:

...
    volumeMounts:
    - mountPath: /some/path/file
    name: secret
volumes:
- azureFile:
    secretName: secret-name
    shareName: sharexyz
    name: secret
...

Would it be possible to have vCluster rewriting the secrets in the azureFile volume?

ipopovic5 avatar Jul 30 '21 15:07 ipopovic5

@ipopovic5 thanks for creating this issue! You are correct, vcluster currently does not rewrite the secret name there, we should fix this.

FabianKramm avatar Aug 02 '21 07:08 FabianKramm

@FabianKramm is this still an issue? I tried replicating the same, could not! If it's something to work on, can you please elaborate?

sandeep540 avatar Sep 01 '22 09:09 sandeep540

@sandeep540 Thank you for looking into this. You are right that it is not reproducible. I think it is fixed by these lines: https://github.com/loft-sh/vcluster/blob/5ad633df5a2f8841d2a935d7a6be4d7daf68a653/pkg/controllers/resources/pods/translate/translator.go#L356-L358

Closing.

matskiv avatar Sep 01 '22 09:09 matskiv