Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add volume for plugin and tmp folder #3546

Merged
merged 1 commit into from
Jun 17, 2024
Merged

fix: Add volume for plugin and tmp folder #3546

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions manifests/base/argo-rollouts-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,20 @@ spec:
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
resources:
limits:
ephemeral-storage: 1Gi
volumeMounts:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tmp volume added but not mounted.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 64a30cc

- name: plugin-bin
mountPath: /home/argo-rollouts/plugin-bin
Copy link
Member

@agaudreault agaudreault May 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default, the plugin folder for Rollout is at the root afaik. But I am using Dockerfile.dev, so maybe it is different with that one.

Edit: Dockerfile.dev is indeed different and I updated it to the same workdir on my branch, but you could do it in this PR too.

Here is the patch I currently have to be able to run plugins.

/tmp should be added, otherwise the volume will be read-only and it it used for socket creation.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argo-rollouts
spec:
  template:
    spec:
      containers:
        - name: argo-rollouts
          volumeMounts:
            - mountPath: /home/argo-rollouts/plugin-bin
              name: plugin-bin
              readOnly: false
            - mountPath: /tmp
              name: tmp
              readOnly: false
      volumes:
        - name: plugin-bin
          emptyDir: {}
        - name: tmp
          emptyDir: {}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in da2dea5

- name: tmp
mountPath: /tmp
securityContext:
runAsNonRoot: true
volumes:
- name: plugin-bin
emptyDir: {}
- name: tmp
emptyDir: {}
strategy:
type: RollingUpdate
13 changes: 13 additions & 0 deletions manifests/install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16757,6 +16757,9 @@ spec:
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 4
resources:
limits:
ephemeral-storage: 1Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
Expand All @@ -16765,6 +16768,16 @@ spec:
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /home/argo-rollouts/plugin-bin
name: plugin-bin
- mountPath: /tmp
name: tmp
securityContext:
runAsNonRoot: true
serviceAccountName: argo-rollouts
volumes:
- emptyDir: {}
name: plugin-bin
- emptyDir: {}
name: tmp
13 changes: 13 additions & 0 deletions manifests/namespace-install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,9 @@ spec:
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 4
resources:
limits:
ephemeral-storage: 1Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
Expand All @@ -421,6 +424,16 @@ spec:
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /home/argo-rollouts/plugin-bin
name: plugin-bin
- mountPath: /tmp
name: tmp
securityContext:
runAsNonRoot: true
serviceAccountName: argo-rollouts
volumes:
- emptyDir: {}
name: plugin-bin
- emptyDir: {}
name: tmp
Loading