Skip to content

Commit

Permalink
Fix support for non-default kubelet root directory (#330)
Browse files Browse the repository at this point in the history 
It turns out that the container-local path also needs to be updated to
match what the path is on the host. Intuitively it seemed that updating
the container-local path would have broken assumptions in the provider,
but *counter-intuitively* it turns out that the mismatch between
container and host path strings breaks the CSI driver stack.

The breakage presents as the upstream CSI driver (not the AWS provider)
being unable to mount the secrets volumes in pods.
  • Loading branch information
@alanbrent
alanbrent authored Mar 20, 2024
1 parent cb8413b commit ab548b3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ spec:
- mountPath: {{ .Values.providerVolume }}
name: providervol
- name: mountpoint-dir
mountPath: /var/lib/kubelet/pods
mountPath: {{ .Values.kubeletPath }}/pods
mountPropagation: HostToContainer
volumes:
- name: providervol
Expand Down

2 comments on commit ab548b3

@StephenTan-TW
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi - this is exactly what I need for my Microk8s secret. When will a Release be cut?

@StephenTan-TW
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to be clear - this was also an issue with the Azure Secrets Provider as per: Azure/secrets-store-csi-driver-provider-azure#521
Please please please can we bake a Release. I can't seem to use the SHA in my Flux and creating a Post Render Patch doesn't seem to work. So annoying

Please sign in to comment.