search

acorn-io / runtime

A simple application deployment framework built on Kubernetes
https://docs.acorn.io/
Apache License 2.0
1.13k stars 100 forks source link

Running Acornfile with templated Secrets results in multiple created pods for single container definition #552

Closed mocdaniel closed 2 years ago

mocdaniel commented 2 years ago

When running the attached Acornfile, acorn spins up two pods for the same container icinga2-master instead of just the one defined container. When leaving out the templated secrets icinga2-master-api-user-file and icinga2-master-constants-file, the deployment of the acorn works as expected:

containers: {
  "icinga2-master": {
    image: "icinga/icinga2:2.13.4"
    dirs: {
      "/data/var": "volume://icinga-data"
      "/data/etc/icinga2": "./master-etc"
    }
    files: {
      "/data/etc/icinga2/constants.conf": "secret://icinga2-master-constants-file/template"
      "/data/etc/icinga2/conf.d/api-users.conf": "secret://icinga2-master-api-user-file/template"
    }
    ports: "publish": "5665/http"
    env: {
      "ICINGA_MASTER": "1"
      "ICINGA_CN": "icinga2-master"
      "ICINGA_ZONE": "master"
    }
  }
}

volumes: {
  "icinga-data": {
    size: 5G
    accessModes: ["readWriteMany"]
  }
}

secrets: {
  "icinga2-master-constants-file": {
    type: "template"
    data: {
      template: """
        const PluginDir = "/usr/lib/nagios/plugins"
        const ManubulonPluginDir = "/usr/lib/nagios/plugins"
        const PluginContribDir = "/usr/lib/nagios/plugins"
        const NodeName = "icinga2-master"
        const ZoneName = "master"
        const TicketSalt = "${secret://icinga2-master-ticketsalt/token}"
        """
    }
  }
  "icinga2-master-ticketsalt": {
    type: "token"
    data: {
      token: ""
    }
  }
  "icinga2-master-api-user-file": {
    type: "template"
    data: {
      template: """
        object ApiUser "${secret://icinga2-master-api-user/username}" {
          password = "${secret://icinga2-master-api-user/password}"
          permissions = ["*"]
        }
        """
    }
  }
  "icinga2-master-api-user": {
    type: "basic"
    data: {
      username: "root"
      password: ""
    }
  }
}
cjellick commented 2 years ago

Link to slack convo for reference: https://acorn-users.slack.com/archives/C03R9ME0SKC/p1660489759722069

ibuildthecloud commented 2 years ago

There's a bug in the secret and dependency management. The deployment under the hood is not supposed to be created until the secrets under the hood are created but that isn't working properly so it's starting the deployment with no secret and then immediately updating it with new secret values. I will try to provide a fix for this today.

cjellick commented 2 years ago

addressed in https://github.com/acorn-io/acorn/pull/572

cjellick commented 2 years ago

I ran a quick test with the supplied acornfile and this seems to be respovled, though the app crashes with 

critical/cli: Could not compile config files: Error: Function call 'std::ifstream::open' for file '/etc/icinga2/icinga2.conf' failed with error code 2, 'No such file or directory'