New volume mount removes the existing config, pid volumes
amit12cool opened this issue · 8 comments
What version were you using?
1.1.8 helm repo
What environment was the server running in?
K8
Is this defect reproducible?
yes
config:
cluster:
enabled: true
replicas: 3
jetstream:
enabled: true
nats:
tls:
enabled: true
merge: {
verify: true,
cert_file: '/mnt/nats-certificate/nats-playground-server.crt',
key_file: '/mnt/nats-certificate/nats-playground-server.key',
ca_file: '/mnt/nats-certificate/rootCA-playground.crt'
}
podTemplate:
topologySpreadConstraints:
kubernetes.io/hostname:
maxSkew: 1
whenUnsatisfiable: DoNotSchedule
merge:
spec:
volumes:
- name: nats-certificate-volume
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: 'nats-certificate'
service:
merge:
spec:
type: LoadBalancer
container:
image:
repository: nats
image: 2.10.4-alpine
merge:
volumeMounts:
- name: nats-certificate-volume
mountPath: /mnt/nats-certificate
Given the capability you are leveraging, describe your expectation?
The volumes config and pid should be mounted as they are there in the pods template yaml file
Given the expectation, what is the defect you are observing?
volumes config and pid should be mounted along with the new volume Im trying to be mount
Need to use patch to append to arrays
podTemplate:
topologySpreadConstraints:
kubernetes.io/hostname:
maxSkew: 1
whenUnsatisfiable: DoNotSchedule
patch:
- op: add
path: /spec/volumes/-
value:
name: nats-certificate-volume
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: 'nats-certificate'
Patch example in readme: https://github.com/nats-io/k8s/tree/main/helm/charts/nats#patch
Need to use
patchto append to arrayspodTemplate: topologySpreadConstraints: kubernetes.io/hostname: maxSkew: 1 whenUnsatisfiable: DoNotSchedule patch: - op: add path: /spec/volumes/- value: name: nats-certificate-volume csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: 'nats-certificate'
It fixed thanks. Previously I used path as /spec/volumes now with using /spec/volumes/- it works.
Now the volume is created but when I mount the CSI volume the other volumes pid and config are not mounted in container. I mount it like below
container:
image:
repository: nats
image: 2.10.4-alpine
merge:
volumeMounts:
- name: nats-certificate-volume
mountPath: /mnt/nats-certificate/
``
ok..so I patched and it worked
container:
image:
repository: nats
image: 2.10.4-alpine
patch:
- op: add
path: /volumeMounts/-
value:
name: nats-certificate-volume
mountPath: /mnt/nats-certificate
Now, my reloader container shows error
2024/02/10 17:38:57 Starting NATS Server Reloader v0.14.1
2024/02/10 17:38:57 Watching file: /etc/nats-config/nats.conf
Error: no such file or directory
I used below yaml values:-
config:
cluster:
enabled: true
replicas: 3
jetstream:
enabled: true
nats:
tls:
enabled: true
merge: {
verify: true,
cert_file: '/mnt/nats-certificate/nats-playground-server.crt',
key_file: '/mnt/nats-certificate/nats-playground-server.key',
ca_file: '/mnt/nats-certificate/rootCA-playground.crt'
}
Give the reloader container the same mount, it detects and watches TLS certificates
Give the reloader container the same mount, it detects and watches TLS certificates
That worked. Thanks @caleblloyd