Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run postStart script. PostStartHook failed. #1070

Open
Stepness opened this issue Nov 6, 2024 · 0 comments
Open

Unable to run postStart script. PostStartHook failed. #1070

Stepness opened this issue Nov 6, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@Stepness
Copy link

Stepness commented Nov 6, 2024
edited
Loading

Describe the bug
Can't run commands passed to server.postStart value. Im trying to run a .sh script that is inside a volume. Any command beside "ls" or "echo" will return PostStartHook failed event.
Even commands like

postStart: 
- /bin/sh
- -c
- vault operator init

will produce an error.

To Reproduce
Steps to reproduce the behavior:

  1. Download chart (v0.28.1)
  2. Create configMap containing script in templates/ folder:
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-bootstrap-map
data:
  bootstrap.sh: |
    #!/bin/sh
    
    vault operator init
  1. Set dataStorage.StorageClass
server:
  dataStorage:
    storageClass: <storageClassName>
    size: 10Gi
    accessMode: ReadWriteOnce
  1. Set volumes and volumesMount
server:
  volumes:
  - name: vault-bootstrap-volume
    configMap:
      name: vault-bootstrap-map
  volumeMounts:
  - name: vault-bootstrap-volume
    mountPath: /usr/local/libexec/vault
    readOnly: false
  1. Set postStart
server:
  postStart: 
  - /bin/sh
  - -c
  - cp /usr/local/libexec/vault/bootstrap.sh /home/vault && chmod +x /home/vault/bootstrap.sh && /home/vault/bootstrap.sh

Alternatively also other commands will fail

server:
  postStart: 
  - /bin/sh
  - -c
  - vault operator init
  1. Install helm and see pod/vault-0 via kubectl describe pod/vault-0 returning PostStartHook failed

Other infos:
If the bootstrap.sh script is empty, or contains simple commands like ls, it will run without errors. File is copied correctly from volume to home folder with the execute permission.
Im able to edit and run the file if I go inside the container (with vault user).

Logs from k8s:

37s                     Normal    Created                  Pod/vault-agent-injector-76cb44cfcd-gwjn7    Created container sidecar-injector
37s                     Normal    Started                  Pod/vault-agent-injector-76cb44cfcd-gwjn7    Started container sidecar-injector
22s (x2 over 37s)       Normal    Sync                     Ingress/vault-global                         Scheduled for sync
22s (x2 over 37s)       Normal    Sync                     Ingress/vault-global                         Scheduled for sync
10s                     Normal    SuccessfulAttachVolume   Pod/vault-0                                  AttachVolume.Attach succeeded for volume "<pvc-id>"
3s (x2 over 9s)         Normal    Pulled                   Pod/vault-0                                  Container image "<privateImage>" already present on machine
3s (x2 over 9s)         Normal    Created                  Pod/vault-0                                  Created container vault
3s (x2 over 9s)         Normal    Started                  Pod/vault-0                                  Started container vault
3s (x2 over 9s)         Warning   FailedPostStartHook      Pod/vault-0                                  PostStartHook failed
3s (x2 over 9s)         Normal    Killing                  Pod/vault-0                                  FailedPostStartHook

Expected behavior
postStart run any command provided.

Environment

  • Kubernetes version: AKS 1.28.12
  • vault-helm version: 0.28.1

Chart values:

vault:
  injector:
    agentImage:
      repository: <privateRepo>
    image:
      repository: <privateRepo>
    ingress:
      hosts:
      - host: <privateHostName>
  server:
    dataStorage:
      accessMode: ReadWriteOnce
      size: 10Gi
      storageClass: <storageClassName>
    image:
      repository: <privateRepo>
    postStart:
    - /bin/sh
    - -c
    - cp /usr/local/libexec/vault/bootstrap.sh /home/vault && chmod +x /home/vault/bootstrap.sh && /home/vault/bootstrap.sh
    volumeMounts:
    - mountPath: /usr/local/libexec/vault
      name: vault-bootstrap-volume
      readOnly: false
    volumes:
    - configMap:
        name: vault-bootstrap-map
      name: vault-bootstrap-volume
@Stepness Stepness added the bug Something isn't working label Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Stepness