ksops:v4.2.0 cannot stat '/bin/kustomize'
mrnim94 opened this issue · comments
I have an issue when I use 'viaductoss/ksops:v4.2.0' with argocd v2.7.3.
The event of argocd-repo-server announced:
CrashLoopBackOff (back-off 2m40s restarting failed container=argocd-repo-server pod=argocd-repo-server-775d76f8b8-2l2h7_argocd(161134c7-44c0-4f9b-bf84-7cb51b682e40)) | Last state: Terminated with 127: ContainerCannotRun (failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/var/lib/kubelet/pods/161134c7-44c0-4f9b-bf84-7cb51b682e40/volume-subpaths/custom-tools/argocd-repo-server/0" to rootfs at "/usr/local/bin/kustomize": mount /var/lib/kubelet/pods/161134c7-44c0-4f9b-bf84-7cb51b682e40/volume-subpaths/custom-tools/argocd-repo-server/0:/usr/local/bin/kustomize (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type), started: Fri, May 26 2023 2:26:00 pm, finished: Fri, May 26 2023 2:26:00 pm
And Logs of install-ksops:
Installing KSOPS... mv: cannot stat '/bin/kustomize': No such file or directory Done.
When I roll back to viaductoss/ksops:v4.0.1, they will work normally.
This is Deployment of argocd-repo-server
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
namespace: argocd
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-repo-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
automountServiceAccountToken: false
containers:
- args:
- /usr/local/bin/argocd-repo-server
env:
- name: AWS_DEFAULT_REGION
value: us-west-2
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: reposerver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: reposerver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: reposerver.disable.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: reposerver.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.repo.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.max.combined.directory.manifests.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.tar.exclusions
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
envFrom:
- secretRef:
name: kms-credential
image: 'quay.io/argoproj/argocd:v2.7.3'
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: 8084
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
name: argocd-repo-server
ports:
- containerPort: 8081
- containerPort: 8084
readinessProbe:
httpGet:
path: /healthz
port: 8084
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /usr/local/bin/kustomize
name: custom-tools
subPath: kustomize
- mountPath: /usr/local/bin/ksops
name: custom-tools
subPath: ksops
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
initContainers:
- args:
- >-
echo "Installing KSOPS..."; mv ksops /custom-tools/; mv
$GOPATH/bin/kustomize /custom-tools/; echo "Done.";
command:
- /bin/sh
- '-c'
image: 'viaductoss/ksops:v4.2.0'
name: install-ksops
volumeMounts:
- mountPath: /custom-tools
name: custom-tools
- command:
- /bin/cp
- '-n'
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: 'quay.io/argoproj/argocd:v2.7.3'
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
serviceAccountName: argocd-repo-server
volumes:
- emptyDir: {}
name: custom-tools
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- emptyDir: {}
name: tmp
- emptyDir: {}
name: helm-working-dir
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins
I have tried each version. That issue begins with version 4.1.2.
@mrnim94 Thanks for the detailed issue. The error is coming from $GOPATH/bin/kustomize
because $GOPATH
is no longer defined in the last stage of the new Docker image.
I can push a new patch version with $GOPATH
defined to prevent others from running into this issue, but the quick fix is to change $GOPATH/bin/kustomize
to /usr/local/bin/kustomize