Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

play kube: invalid character 'a' looking for beginning of value #16269

Closed
MartinX3 opened this issue Oct 23, 2022 · 8 comments · Fixed by #16631
Closed

play kube: invalid character 'a' looking for beginning of value #16269

MartinX3 opened this issue Oct 23, 2022 · 8 comments · Fixed by #16631
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@MartinX3
Copy link

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Kubernetes secrets broken

Steps to reproduce the issue:

  1. podman kube play test-secret.yaml
  2. podman kube play test-pod.yaml

Describe the results you received:
Error: cannot set env TOKEN: secret secret-token-secret is not valid JSON: invalid character 'a' looking for beginning of value

Describe the results you expected:
A pod with the secret env

Additional information you deem important (e.g. issue happens only occasionally):
Ever time

Output of podman version:

Client:       Podman Engine
Version:      4.3.0
API Version:  4.3.0
Go Version:   go1.19.2
Git Commit:   ad42af94903ce4f3c3cd0693e4e17e4286bf094b-dirty
Built:        Wed Oct 19 23:09:30 2022
OS/Arch:      linux/amd64

Output of podman info:

host:
  arch: amd64
  buildahVersion: 1.28.0
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon ist in conmon 1:2.1.4-1 enthalten
    path: /usr/bin/conmon
    version: 'conmon version 2.1.4, commit: bd1459a3ffbb13eb552cc9af213e1f56f31ba2ee'
  cpuUtilization:
    idlePercent: 39.96
    systemPercent: 8.45
    userPercent: 51.59
  cpus: 8
  distribution:
    distribution: endeavouros
    version: unknown
  eventLogger: journald
  hostname: deus-ex-machina
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.0.2-zen1-1-zen
  linkmode: dynamic
  logDriver: journald
  memFree: 1092579328
  memTotal: 33373282304
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: /usr/bin/crun ist in crun 1.6-1 enthalten
    path: /usr/bin/crun
    version: |-
      crun version 1.6
      commit: 18cf2efbb8feb2b2f20e316520e0fd0b6c41ef4d
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns ist in slirp4netns 1.2.0-1 enthalten
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.4
  swapFree: 29080649728
  swapTotal: 36722176000
  uptime: 168h 4m 30.00s (Approximately 7.00 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries: {}
store:
  configFile: /home/martin/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: btrfs
  graphOptions: {}
  graphRoot: /home/martin/.local/share/containers/storage
  graphRootAllocated: 962850717696
  graphRootUsed: 861402361856
  graphStatus:
    Build Version: Btrfs v6.0
    Library Version: "102"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/user/1000/containers
  volumePath: /home/martin/.local/share/containers/storage/volumes
version:
  APIVersion: 4.3.0
  Built: 1666213770
  BuiltTime: Wed Oct 19 23:09:30 2022
  GitCommit: ad42af94903ce4f3c3cd0693e4e17e4286bf094b-dirty
  GoVersion: go1.19.2
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.0

Package info (e.g. output of rpm -q podman or apt list podman or brew info podman):

podman 4.3.0-1

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (/~https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):
test-pod.yaml.txt
test-secret.yaml.txt

@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Oct 23, 2022
@mheon
Copy link
Member

mheon commented Oct 23, 2022

@ashley-cui PTAL

@Luap99
Copy link
Member

Luap99 commented Oct 24, 2022

Is this new with v4.3, did it work before?

@ashley-cui
Copy link
Member

Do you have an example of the kube secret yaml and kube secret you're using with it? You can redact the sensitive information, but it's hard to reproduce if I don't know your kube yamls.

@MartinX3
Copy link
Author

They are already part of the issue ticket.

@ashley-cui
Copy link
Member

ashley-cui commented Oct 24, 2022

Oh sorry, I missed it on the first read-through.

I think this might be the incompatible env secrets issue that we've had from before @cdoern's work on the current play kube secrets. (Remember the required json env secrets that was implemented by a community member?) I'm not 100% sure though, maybe @cdoern can confirm? I think this has been broken since before 4.3.

@github-actions
Copy link

A friendly reminder that this issue had no activity for 30 days.

@MartinX3
Copy link
Author

/remove stale

ancosma added a commit to ancosma/podman that referenced this issue Dec 8, 2022
Fixes e2e tests, remove '\n' from base64 encoded data.
Correct test to check that data in secret mounted file is decoded.

Closes containers#16269
Closes containers#16625

Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 8, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants