Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Operator Crashes when securityContext is empty #1389

Closed
theSuess opened this issue Jan 10, 2023 · 1 comment
Closed

Operator Crashes when securityContext is empty #1389

theSuess opened this issue Jan 10, 2023 · 1 comment
Assignees
@pjuarezd
Labels
bug Something isn't working community fixed

Comments

@theSuess
Copy link

theSuess commented Jan 10, 2023
edited
Loading

When specifying an empty security context in the Tenant, the logic introduced in #1372 crashes with a nil pointer dereference.

Having an empty object as securityContext is especially useful/required on OpenShift where the securityContext is dynamically injected.

Expected Behavior

  • Specifying .spec.pools[].securityContext: {} should not crash the operator

Current Behavior

  • The operator crashes. Stack trace
github.com/minio/operator/pkg/resources/statefulsets.poolContainerSecurityContext(...)
github.com/minio/operator/pkg/resources/statefulsets/minio-statefulset.go:414
github.com/minio/operator/pkg/resources/statefulsets.poolMinioServerContainer(_, _, _, _, {_, _}, {_, _}, _, {0xc00360eba0, ...})
github.com/minio/operator/pkg/resources/statefulsets/minio-statefulset.go:347 +0x40d
github.com/minio/operator/pkg/resources/statefulsets.NewPool(0xc0022be000, 0x0?, 0x0?, 0xc0033a5420, 0x0?, {0xc000f38c70, 0xd}, {0x0, 0x0}, {0x1f155fc, ...}, ...)
github.com/minio/operator/pkg/resources/statefulsets/minio-statefulset.go:769 +0x2dc5
github.com/minio/operator/pkg/controller/cluster.(*Controller).syncHandler(0xc000326900, {0xc0035b1820, 0x1c})
github.com/minio/operator/pkg/controller/cluster/main-controller.go:1156 +0x45ea
github.com/minio/operator/pkg/controller/cluster.(*Controller).processNextWorkItem.func1({0x1926b00?, 0xc004238d00})
github.com/minio/operator/pkg/controller/cluster/main-controller.go:605 +0x24f
github.com/minio/operator/pkg/controller/cluster.(*Controller).processNextWorkItem(0xc000326900)
github.com/minio/operator/pkg/controller/cluster/main-controller.go:617 +0x62
github.com/minio/operator/pkg/controller/cluster.(*Controller).runWorker(0xc000a5cea0?)
github.com/minio/operator/pkg/controller/cluster/main-controller.go:557 +0x47

Possible Solution

The offending code assumes a few securitycontext fields to be set. We need to check for their existance before accessing: https://github.com/minio/operator/blob/v4.5.6/pkg/resources/statefulsets/minio-statefulset.go#L414

Steps to Reproduce (for bugs)

  1. Setup the Operator in version 4.5.6
  2. Create a tenant with a pool containing securityContext: {}
  3. Observe the crash

Context

This has broken the minio operator on two clusters now. Together with #1234 this makes the Operator unusable on OpenShift

Your Environment

  • Version used (minio-operator): 4.5.6
  • Environment name and version: v1.24.6+5658434/OpenShift 4.11.18
@pjuarezd pjuarezd self-assigned this Apr 12, 2023
@pjuarezd pjuarezd added bug Something isn't working fixed and removed triage labels Apr 12, 2023
@pjuarezd
Copy link
Member

This should be resolved in starting 5.0.0, current release (Operator 5.0.3) included.
This allows security context to be empty.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pjuarezd pjuarezd

Labels
bug Something isn't working community fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pjuarezd @theSuess