Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

secrets not getting passed to CreateVolumeGroupSnapshot #1121

Open
jmccormick2001 opened this issue Jul 25, 2024 · 12 comments
Open

secrets not getting passed to CreateVolumeGroupSnapshot #1121

jmccormick2001 opened this issue Jul 25, 2024 · 12 comments

Comments

@jmccormick2001
Copy link

What happened:
I'm seeing that secrets are not getting passed into the CreateVolumeGroupSnapshotRequest struct. The map is empty.

What you expected to happen:
I would have thought this should work like CreateSnapshotRequest where secrets are passed.

How to reproduce it:
Create a volume group snapshot, examine the request struct secrets map being passed in.

Anything else we need to know?:

Environment:

  • Driver version: 1.9.0
  • Kubernetes version (use kubectl version): 1.30.1
  • OS (e.g. from /etc/os-release): Ubuntu 22.04.4 LTS
  • Kernel (e.g. uname -a):Linux csi130 6.5.0-41-generic
  • Install tools: k3s
  • Others:
@Madhu-1
Copy link
Contributor

Madhu-1 commented Jul 26, 2024

@jmccormick2001 can you please share the volumegroupsnapshotclass you have used?

@jmccormick2001
Copy link
Author

jmccormick2001 commented Jul 26, 2024

apiVersion: groupsnapshot.storage.k8s.io/v1alpha1
kind: VolumeGroupSnapshotClass
metadata:
  name: infinibox-groupsnapclass
deletionPolicy: Delete
driver: infinibox-csi-driver
parameters:
  csi.storage.k8s.io/group-snapshotter-secret-name: infinibox-creds
  csi.storage.k8s.io/group-snapshotter-secret-namespace: infinidat-csi
  csi.storage.k8s.io/snapshotter-secret-name: infinibox-creds
  csi.storage.k8s.io/snapshotter-secret-namespace: infinidat-csi
  csi.storage.k8s.io/snapshotter-list-secret-name: infinibox-creds
  csi.storage.k8s.io/snapshotter-list-secret-namespace: infinidat-csi
  snapshot.storage.kubernetes.io/deletion-secret-name: infinibox-creds
  snapshot.storage.kubernetes.io/deletion-secret-namespace: infinidat-csi
  infinibox-secret-name: infinibox-creds
  infinibox-secret-namespace: infinidat-csi

@Madhu-1
Copy link
Contributor

Madhu-1 commented Jul 26, 2024

@jmccormick2001 Thank you, can you also specify the snapshot controller and sidecar version you are using?

@jmccormick2001
Copy link
Author

snapshottersidecar: "registry.k8s.io/sig-storage/csi-snapshotter@sha256:2e04046334baf9be425bb0fa1d04c2d1720d770825eedbdbcdb10d430da4ad8c" # v8.0.1

spec:
containers:

  • args:
    • --v=5
    • --leader-election=true
    • --enable-volume-group-snapshots=true
      image: registry.k8s.io/sig-storage/snapshot-controller:v7.0.1

@jmccormick2001
Copy link
Author

note, on the 8.0.1 branch of the external-snapshotter, the external-snapshotter/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml is specifying version 7.0.1, not sure if this is a bug or not?

@Madhu-1
Copy link
Contributor

Madhu-1 commented Jul 26, 2024

@jmccormick2001 the fix is not present in 7.0.1 but it is present in 8.0.0 version

@jmccormick2001
Copy link
Author

I updated the setup-snapshot-controller.yaml to specify v8.0.1 of the snapshot-controller, redeployed it, and now the secrets are being passed:

2024-07-26T12:55:31.599913942Z | INFO | volumegroupcontroller.go:38 secrets: map[hostname:https://ibox password:y username:x]

so, I think it was simply a bug in the yaml file not specifying the correct version of the snapshot controller image.

@Madhu-1
Copy link
Contributor

Madhu-1 commented Jul 26, 2024

@jmccormick2001 Thanks for checking, @xing-yang how to go about updating the image tag's?

@jmccormick2001
Copy link
Author

apiVersion: groupsnapshot.storage.k8s.io/v1alpha1
kind: VolumeGroupSnapshotClass
metadata:
name: infinibox-groupsnapclass
deletionPolicy: Delete
driver: infinibox-csi-driver
parameters:
csi.storage.k8s.io/group-snapshotter-secret-name: infinibox-creds
csi.storage.k8s.io/group-snapshotter-secret-namespace: infinidat-csi

I'm not sure those parameters are documented anywhere, if so, I couldn't find it. I found them by looking at the source code. Let me know if you want me to open a separate Issue to update the docs for that.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 24, 2024
@xing-yang
Copy link
Collaborator

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 25, 2024
@yati1998
Copy link
Contributor

apiVersion: groupsnapshot.storage.k8s.io/v1alpha1 kind: VolumeGroupSnapshotClass metadata: name: infinibox-groupsnapclass deletionPolicy: Delete driver: infinibox-csi-driver parameters: csi.storage.k8s.io/group-snapshotter-secret-name: infinibox-creds csi.storage.k8s.io/group-snapshotter-secret-namespace: infinidat-csi

I'm not sure those parameters are documented anywhere, if so, I couldn't find it. I found them by looking at the source code. Let me know if you want me to open a separate Issue to update the docs for that.

it would be great to update the docs to include these details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants