-
Notifications
You must be signed in to change notification settings - Fork 296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] providersDir should not default to /etc/kubernetes
as primarily contains .sock files better held in /var/run
or /tmp/
#823
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
Thanks for the feedback! I'll add this to our community call for discussion. |
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 2, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
3 tasks
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 4, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 4, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 14, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 14, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 14, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 14, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 14, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 14, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 14, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 17, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 17, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
tam7t
added a commit
to tam7t/secrets-store-csi-driver
that referenced
this issue
Feb 17, 2022
This allows the driver to check multiple paths when looking for a provider, addressing kubernetes-sigs#823 as the semantically correct path is /var not /etc. -additional-provider-volume-paths is added to so that providers that have not migrated to the /var location will continue to operate. In a future release when all supported providers are migrated to the /var path the -additional-provider-volume-paths flag can be removed or changed to an empty string.
5 tasks
conjur-jenkins
pushed a commit
to cyberark/conjur-k8s-csi-provider
that referenced
this issue
Mar 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When deployed the Secrets Store CSI Driver creates a socket in /etc/kubernetes/secrets-store-csi-providers, the
/etc/
path is really meant for configuration files, not unix sockets. The more standard place to put socket files is/var/run/
or somewhere in/tmp
If you explore a debian, redhat, or ubuntu box you'll find most sockets are in one of the two.This can be a problem for Operating System and Security Controls that are protective of a systems /etc contents.
While this can be overridden in the helm chart by setting
linux.providersDir
the default is re-used in various providers, not all have a method to override it without manually editing the resources.I would recommend modifying the default and cutting a major release to signify a breaking change to downstream projects.
The text was updated successfully, but these errors were encountered: