Time="" level=info msg="Traefik version v1.2.0 built on _09:50:01AM" > kubectl logs traefik-ingress-controller-3312106953-1f52j
What is kubernetes secrets upgrade#
As a reminder, the upgrade process for a GKE cluster is point-and-click in the GCP console - you just tell it to upgrade your cluster from 1.3.7 to 1.4.0 - so I don't know what happens behind the scenes for the upgrade, so I can't provide any diagnostic info that I know of. Still a bug, but clearly an upgrade-related bug, not a fresh deployment bug. If you have a cluster that was upgraded (from at least 1.3.7) to 1.4.0, the new mode and defaultMode features for mounting secrets volumes won't apply, but there will be no error or log entry that I can find about why. So, this is an upgrade issue with GKE on GCP. Guess what? The mode and defaultMode feature worked fine. I just tried to repro my issue in my stage environment, where my GKE clusters were created later and started at 1.4.0. I was doing all of this testing in the dev project, where my GKE clusters had started at 1.3.7 and were upgraded to 1.4.0. I have different GCP projects for different environments - dev, stage, prod. No errors now, but the permissions requested aren't actually applied. Found that it was added in 1.4.0, upgraded my GKE cluster and my local client, and re-deployed.
I originally attempted to use this with client/server 1.3.7, not realizing the feature(s) were added in 1.4.0, and was getting a deployment error that defaultMode was an invalid option. When the container starts, the files in the Secrets (db-secret) volume mount should either all be chmod 400 (when using defaultMode with Decimal 256), or at least the dbkey file should be chmod 400 (when using Mode per secret value with Decimal 256).Ĭreate a secret bundle, upload to the GKE cluster, then define a Pod to mount that secret as a volume with defaultMode or Mode options specified to chmod the secret files to a more restrictive ACL. Am I doing something wrong? I've read the docs over and over, it seems pretty simple. I haven't been able to find any filed bugs about this.
I see nothing in release notes for any Kubernetes version post-1.4.0 that would indicate a discovered bug that's been fixed.
0 kommentar(er)
