now writes the config to disk to avoid race condition with secret upd…

…ate (#1418) * now writes the config to disk to avoid race condition with secret update * simplified ensureservicecidrk0s * removed volume mount from k0s * changed from etc to tmp because of rootless containers
loft-sh · Dec 18, 2023 · 7c1abfb · 7c1abfb
1 parent 28fd86a
commit 7c1abfb
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 29 deletions.
diff --git a/charts/k0s/templates/secret.yaml b/charts/k0s/templates/secret.yaml
@@ -15,9 +15,6 @@ metadata:
   {{- end }}
 type: Opaque
 stringData:
-  {{- if .Values.serviceCIDR }}
-  CONFIG_READY: "true"
-  {{- end }}
   {{- if .Values.config }}
   config.yaml: {{ toJson .Values.config }}
   {{- else }}

diff --git a/charts/k0s/templates/statefulset.yaml b/charts/k0s/templates/statefulset.yaml
@@ -80,9 +80,6 @@ spec:
           emptyDir: {}
         - name: k0s-binary
           emptyDir: {}
-        - name: k0s-config
-          secret:
-            secretName: vc-{{ .Release.Name }}-config
       {{- if .Values.volumes }}
 {{ toYaml .Values.volumes | indent 8 }}
       {{- end }}
@@ -300,8 +297,6 @@ spec:
             mountPath: /.cache/helm
           - name: k0s-binary
             mountPath: /k0s-binary
-          - name: k0s-config
-            mountPath: /etc/k0s
           - mountPath: /data
             name: data
           - name: run-k0s

diff --git a/charts/k0s/values.yaml b/charts/k0s/values.yaml
@@ -164,7 +164,7 @@ vcluster:
     - /k0s-binary/k0s
   baseArgs:
     - controller
-    - --config=/etc/k0s/config.yaml
+    - --config=/tmp/k0s-config.yaml
     - --data-dir=/data/k0s
   # Extra arguments for k0s.
   extraArgs: []

diff --git a/pkg/util/servicecidr/servicecidr.go b/pkg/util/servicecidr/servicecidr.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"os"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/equality"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
@@ -20,7 +20,6 @@ const (
 	CIDRConfigMapKey    = "cidr"
 	K0sConfigKey        = "config.yaml"
 	K0sCIDRPlaceHolder  = "CIDR_PLACEHOLDER"
-	K0sConfigReadyFlag  = "CONFIG_READY"
 
 	ErrorMessageFind = "The range of valid IPs is "
 	FallbackCIDR     = "10.96.0.0/12"
@@ -120,26 +119,13 @@ func EnsureServiceCIDRInK0sSecret(
 	serviceCIDR = strings.Split(serviceCIDR, ",")[0]
 
 	// apply changes
-	originalObject := secret.DeepCopy()
-	secret.Data[K0sConfigKey] = []byte(strings.ReplaceAll(string(configData), K0sCIDRPlaceHolder, serviceCIDR))
-	secret.Data[K0sConfigReadyFlag] = []byte("true")
+	updatedConfig := []byte(strings.ReplaceAll(string(configData), K0sCIDRPlaceHolder, serviceCIDR))
 
-	// return early if equal
-	if equality.Semantic.DeepEqual(originalObject.Data, secret.Data) {
-		return serviceCIDR, nil
-	}
-
-	// create patch
-	patch := client.MergeFrom(originalObject)
-	data, err := patch.Data(secret)
+	// write the config to file
+	err = os.WriteFile("/tmp/k0s-config.yaml", updatedConfig, 0640)
 	if err != nil {
-		return "", fmt.Errorf("failed to create patch for the %s/%s Secret: %w", secret.Namespace, secret.Name, err)
-	}
-
-	// apply patch
-	_, err = currentNamespaceClient.CoreV1().Secrets(secret.Namespace).Patch(ctx, secret.Name, patch.Type(), data, metav1.PatchOptions{})
-	if err != nil {
-		return "", fmt.Errorf("failed to patch k0s configuration secret %s/%s: %w", secret.Namespace, secret.Name, err)
+		klog.Errorf("error while write k0s config to file: %s", err.Error())
+		return "", err
 	}
 
 	return serviceCIDR, nil