Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Flux 1.2.5 release
Compare
Choose a tag to compare
@squaremo squaremo released this 19 Mar 14:56
1.2.5
a3149f3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Fixes

Improvements

  • Use a writable tmpfs volume for generating keys, since Kubernetes >=1.10 and GKE (as of March 13 2018) mount secrets as read-only weaveworks/flux#1007. See the note below.

Note on read-only secrets

As mentioned above, Kubernetes 1.10, and GKE as of March 13 2018, mount secrets as read-only. Previously, fluxd used the volume mounted from the secret as a scratch area for generating new SSH key for use with git. If the volume is read-only, this clearly won't work any more.

PR weaveworks/flux#1007 adds a flag --ssh-keygen-dir to fluxd to tell it to use another directory as a key generation scratch area. The intended mode of use is to mount another tmpfs volume, defined just for this purpose and writable, and supply the flag to make fluxd use it. An example is given in deploy/flux-deployment.yaml. Note also that you need to give the secret volume an extra field defaultMode: 0400 so that any existing key is given the right permissions.

You do not need to change your flux deployment config if you are not using Kubernetes 1.10 or GKE. The daemon shall behave as it did before. However, you can safely update your config even if you are not (yet) using Kubernetes 1.10 or GKE.

Assets 4
Loading