Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Knative deployments do not generate proper volume mounts for secrets volumes #232

Closed
snowdrop-bot opened this issue Dec 14, 2020 · 0 comments
Closed

Knative deployments do not generate proper volume mounts for secrets volumes #232

snowdrop-bot opened this issue Dec 14, 2020 · 0 comments
Assignees
@iocanel
Labels
7 - Community development upstream/closed The issue has been closed in the upstream repository

Comments

@snowdrop-bot
Copy link
Collaborator

Describe the bug
When deploying as a knative service, the kubernetes/openshift extension does not generate secrets volume mounts properly.

Expected behavior
The declared secrets are mounted in the container running as a knative service

Actual behavior

[ERROR] Failed to execute goal io.quarkus:quarkus-maven-plugin:1.8.0.Final:build (default) on project infinispan-client-quickstart: Failed to build quarkus application: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
[ERROR]         [error]: Build step io.quarkus.kubernetes.deployment.KubernetesDeployer#deploy threw an exception: io.dekorate.deps.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://api.cluster-462c.462c.example.opentlc.com:6443/apis/serving.knative.dev/v1/namespaces/dgdemo/services. Message: admission webhook "validation.webhook.serving.knative.dev" denied the request: validation failed: volumeMount has no matching volume: spec.template.spec.containers[0].volumeMounts[0].name. Received status: Status(apiVersion=v1, code=400, details=null, kind=Status, message=admission webhook "validation.webhook.serving.knative.dev" denied the request: validation failed: volumeMount has no matching volume: spec.template.spec.containers[0].volumeMounts[0].name, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=BadRequest, status=Failure, additionalProperties={}).

To Reproduce
Steps to reproduce the behavior:

  1. Add the following to application.properties:
quarkus.kubernetes.deployment-target=knative
quarkus.knative.mounts.my-volume.path=/mnt
quarkus.knative.secret-volumes.my-volume.secret-name=clientcerts

Along with other necessary bits to deploy a Quarkus app as a knative service

  1. Run mvn clean package -Pnative -DskipTests
  2. Observe failure above
  3. Observe values in target/kubernetes/knative.yml show that the volume mount is properly declared:
        volumeMounts:
        - mountPath: /mnt
          name: my-volume
          readOnly: false
          subPath: ""

**But there is no corresponding volume: declared on the Service object. **

When deploying as a regular non-knative deployment I do see the volume in openshift.yml:

      volumes:
      - name: my-volume
        secret:
          defaultMode: 384
          optional: false
          secretName: clientcerts

Configuration

quarkus.infinispan-client.server-list=example-infinispan:11222

# Auth
quarkus.infinispan-client.auth-server-name=example-infinispan
quarkus.infinispan-client.auth-realm=default
quarkus.infinispan-client.auth-username=developer
quarkus.infinispan-client.auth-password=XXXXXXX
quarkus.infinispan-client.sasl-mechanism=PLAIN
quarkus.infinispan-client.client-intelligence=BASIC

# cert stuff
quarkus.infinispan-client.trust-store=/mnt/clientcerts
quarkus.infinispan-client.trust-store-password=password
quarkus.infinispan-client.trust-store-type=jks

quarkus.openshift.mounts.my-volume.path=/mnt
quarkus.openshift.secret-volumes.my-volume.secret-name=clientcerts

quarkus.knative.mounts.my-volume.path=/mnt
quarkus.knative.secret-volumes.my-volume.secret-name=clientcerts


quarkus.native.container-build=true
quarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel:20.1-java11
quarkus.container-image.build=true
quarkus.kubernetes.deploy=true
quarkus.openshift.expose=true
quarkus.kubernetes-client.trust-certs=true
quarkus.kubernetes.deployment-target=knative
quarkus.container-image.registry=image-registry.openshift-image-registry.svc:5000
quarkus.container-image.group=dgdemo

Environment (please complete the following information):

  • Output of uname -a or ver: Darwin jfalkner-OSX 19.6.0 Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64
  • Output of java -version:
openjdk version "11.0.6" 2020-01-14
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.6+10)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.6+10, mixed mode)
  • GraalVM version (if different from Java):

using Mandrel

  • Quarkus version or git rev: 1.8.0.Final

  • Build tool (ie. output of mvnw --version or gradlew --version):

Apache Maven 3.6.2 (40f52333136460af0dc0d7232c0dc0bcf0d9e117; 2019-08-27T11:06:16-04:00)
Maven home: /Users/jfalkner/.m2/wrapper/dists/apache-maven-3.6.2-bin/795eh28tki48bv3l67maojf0ra/apache-maven-3.6.2
Java version: 11.0.6, vendor: AdoptOpenJDK, runtime: /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "10.15.6", arch: "x86_64", family: "mac"

quarkusio#12121

$upstream:12121$
@snowdrop-bot snowdrop-bot added 7 - Community development upstream/closed The issue has been closed in the upstream repository labels Dec 14, 2020
@iocanel iocanel closed this as completed Feb 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iocanel iocanel

Labels
7 - Community development upstream/closed The issue has been closed in the upstream repository
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iocanel @snowdrop-bot