Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Add some empty dir volume mounts for the application controller (#19474) #19480

Conversation

andrii-korotkov-verkada
Copy link
Contributor

@andrii-korotkov-verkada andrii-korotkov-verkada commented Aug 11, 2024

Closes #19474

Kube cache couldn't be used on read-only root file system leading to errors as revealed with --gloglevel equal to 6.
Create an empty dir mount for /tmp and add a config-map-based param to override KUBECACHEDIR.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

@andrii-korotkov-verkada andrii-korotkov-verkada requested a review from a team as a code owner August 11, 2024 02:49
Copy link

bunnyshell bot commented Aug 11, 2024

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

  • 🚀 /bns:deploy to deploy the environment

Copy link

bunnyshell bot commented Aug 11, 2024

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

  • 🚀 /bns:deploy to deploy the environment

@andrii-korotkov-verkada andrii-korotkov-verkada changed the title chore: Add some empty dir volume moounts for the application controller (#19474) chore: Add some empty dir volume mounts for the application controller (#19474) Aug 11, 2024
@andrii-korotkov-verkada andrii-korotkov-verkada force-pushed the 19474-add-some-volume-mounts-for-app-controller branch from 1c6a22e to 51308af Compare August 11, 2024 02:50
Copy link

codecov bot commented Aug 11, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (master@eb10b70). Learn more about missing BASE report.
Report is 26 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff            @@
##             master   #19480   +/-   ##
=========================================
  Coverage          ?   55.11%           
=========================================
  Files             ?      324           
  Lines             ?    55201           
  Branches          ?        0           
=========================================
  Hits              ?    30426           
  Misses            ?    22159           
  Partials          ?     2616           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ChristianCiach
Copy link
Contributor

ChristianCiach commented Aug 12, 2024

It may be worth mentioning that, when using the "Security hardened images" by Akuity, the path would be /home/argocd/.kube/cache instead of /home/ubuntu/.kube/cache.

In fact, this PR would introduce the first and only mention of the word "ubuntu" in all of the installation manifests, and I don't know if that's desirable.

Maybe it would be better to add KUBECACHEDIR (see kubernetes/kubernetes#109479) and set it to /tmp/kubecache or something?

Edit: Actually, it's /home/argocd/.kube/cache for the official images (quay.io/argoproj/argocd), too.

@andrii-korotkov-verkada andrii-korotkov-verkada force-pushed the 19474-add-some-volume-mounts-for-app-controller branch from 51308af to cf327a4 Compare August 12, 2024 13:24
@andrii-korotkov-verkada andrii-korotkov-verkada requested a review from a team as a code owner August 12, 2024 13:24
@andrii-korotkov-verkada
Copy link
Contributor Author

@ChristianCiach, thanks for letting me know. I've removed that mount and instead added a parameter in a config map to override the KUBECACHEDIR.

@ChristianCiach
Copy link
Contributor

I would probably just put ENV KUBECACHEDIR=/tmp/kubecache into the Dockerfile, because I see no need to make this configurable, but don't let me influence you too much. Let's see what the maintainers think about this.

@andrii-korotkov-verkada andrii-korotkov-verkada force-pushed the 19474-add-some-volume-mounts-for-app-controller branch from cf327a4 to aa5b20c Compare August 13, 2024 15:04
@andrii-korotkov-verkada
Copy link
Contributor Author

I've updated the ENV variable to just point to /tmp/kubecache

@pasha-codefresh pasha-codefresh self-requested a review September 5, 2024 15:59
argoproj#19474)

Closes argoproj#19474

Kube cache couldn't be used on read-only root file system leading to errors as revealed with `--gloglevel` equal to 6.
Create an empty dir mount for `/tmp` and override `KUBECACHEDIR` to be in `/tmp`.

Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
@andrii-korotkov-verkada andrii-korotkov-verkada force-pushed the 19474-add-some-volume-mounts-for-app-controller branch from aa5b20c to 5158c4d Compare November 4, 2024 18:44
Copy link
Member

@jannfis jannfis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jannfis jannfis merged commit d963b61 into argoproj:master Nov 5, 2024
27 checks passed
@pasha-codefresh
Copy link
Member

Thanks @jannfis @rumstead for reviewing it. It also LGTM for me . @andrii-korotkov-verkada sorry for delay in reviewing it

@andrii-korotkov-verkada
Copy link
Contributor Author

No worries, I'm glad that it got attention.

adriananeci pushed a commit to adriananeci/argo-cd that referenced this pull request Dec 4, 2024
argoproj#19474) (argoproj#19480)

Closes argoproj#19474

Kube cache couldn't be used on read-only root file system leading to errors as revealed with `--gloglevel` equal to 6.
Create an empty dir mount for `/tmp` and override `KUBECACHEDIR` to be in `/tmp`.

Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Signed-off-by: Adrian Aneci <aneci@adobe.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add /home/ubuntu/.kube/cache and /tmp mounts for the app controller
5 participants