Remove existing Secret files in (deprovision) Pod#2425
Conversation
For Pods with `restartPolicy: OnFailure`, a failed container may be rerun in the same Pod, which will reuse the same file system as the initial run. When we project Secrets (for credentials, certs, etc) to directories in such containers, those writes can fail the second time around because the file already exists. Fix by removing the file, if it exists, before we write it. Note that at the time of this commit, this only affects deprovision pods: - imageset pods don't use ProjectToDir - provision pods have `restartPolicy: Never` HIVE-2604
|
/assign @dlom |
|
/lgtm I don't envy the backport process for this... |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: 2uasimojo, dlom The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@2uasimojo: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2425 +/- ##
==========================================
- Coverage 46.24% 46.24% -0.01%
==========================================
Files 279 279
Lines 32797 32799 +2
==========================================
Hits 15167 15167
- Misses 16357 16359 +2
Partials 1273 1273
|
|
/retest |
|
/override "Red Hat Konflux / hive-operator-enterprise-contract / hive"
Shouldn't be so bad, though I will probably have to one of them manually. /cherry-pick mce-2.6 mce-2.5 mce-2.4 mce-2.3 |
|
@2uasimojo: once the present PR merges, I will cherry-pick it on top of mce-2.6 in a new PR and assign it to you. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@2uasimojo: Overrode contexts on behalf of 2uasimojo: Red Hat Konflux / hive-operator-enterprise-contract / hive DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@2uasimojo: new pull request created: #2426 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
For Pods with
restartPolicy: OnFailure, a failed container may be rerun in the same Pod, which will reuse the same file system as the initial run. When we project Secrets (for credentials, certs, etc) to directories in such containers, those writes can fail the second time around because the file already exists. Fix by removing the file, if it exists, before we write it.Note that at the time of this commit, this only affects deprovision pods:
restartPolicy: NeverHIVE-2604