| kata-irc-bot | <feng.wang> Can anyone give me a pointer on how Kata decides whether to mount a k8s secret as “kataShared” vs “tmpfs” inside a container? It seems indeterministic to me. On the host they are also mounted as tmpfs under `/run/kata-containers/shared/sandboxes`. | 17:47 |
|---|---|---|
| kata-irc-bot | <eric.ernst> is it memory backed? | 18:01 |
| kata-irc-bot | <eric.ernst> Or, I think it may be based on whether the secret is an ephemeral volume or not. | 18:02 |
| kata-irc-bot | <eric.ernst> Do you have an example for each case? | 18:02 |
| kata-irc-bot | <feng.wang> On the host they’re all ephemeral (backed by tmpfs), right? | 18:16 |
| kata-irc-bot | <feng.wang> Example> Host: ```[ec2-user@ip-192-168-0-67 ~]$ mount | grep client tmpfs on /run/kata-containers/shared/sandboxes/7905b2ddbfc4e4451e563bd7286caad07d6ed2fcdef431c08c0d4be8fee78a4c/mounts/0b367ca4782ce0a4ab7a9fdf16db73e53b366ae66ff74a31b0214871c46555d9-b10da5ccf57e21de-client type tmpfs (ro,relatime) tmpfs on | 18:20 |
| kata-irc-bot | /run/kata-containers/shared/sandboxes/7905b2ddbfc4e4451e563bd7286caad07d6ed2fcdef431c08c0d4be8fee78a4c/shared/0b367ca4782ce0a4ab7a9fdf16db73e53b366ae66ff74a31b0214871c46555d9-b10da5ccf57e21de-client type tmpfs (ro,relatime) tmpfs on /run/kata-containers/shared/sandboxes/7905b2ddbfc4e4451e563bd7286caad07d6ed2fcdef431c08c0d4be8fee78a4c/mounts/0b367ca4782ce0a4ab7a9fdf16db73e53b366ae66ff74a31b0214871c46555d9-e2cee8a52fb24275-client2 type tmpfs | 18:20 |
| kata-irc-bot | (ro,relatime) tmpfs on /run/kata-containers/shared/sandboxes/7905b2ddbfc4e4451e563bd7286caad07d6ed2fcdef431c08c0d4be8fee78a4c/shared/0b367ca4782ce0a4ab7a9fdf16db73e53b366ae66ff74a31b0214871c46555d9-e2cee8a52fb24275-client2 type tmpfs (ro,relatime)``` Container: ```/ # cat /proc/mounts | grep client tmpfs /databricks/secrets/client tmpfs ro,relatime 0 0 kataShared /databricks/secrets/client2 virtiofs ro,relatime 0 0``` | 18:20 |
| kata-irc-bot | <feng.wang> There seems a bug somewhere, which I now think it’s not related to my change because the symptom can be reproduced without my change: In the guest the secret is mounted as `kataShared` : ```...``` | 21:02 |
| kata-irc-bot | <eric.ernst> I now see why you wanted binaries in the guest image :) | 21:04 |
| kata-irc-bot | <eric.ernst> I think i see what’s going on. | 21:05 |
| kata-irc-bot | <eric.ernst> Want to talk in real time for a few? Might be easier. | 21:05 |
| kata-irc-bot | <feng.wang> Yeah. I’ll message you a zoom or google meet link. | 21:06 |
| kata-irc-bot | <feng.wang> The issue is gone after I update to the latest Kata build (2.2.0-rc0). Thanks @eric.ernst for explaining the issue and fixing it! | 22:26 |
| kata-irc-bot | <eric.ernst> Nice!! | 22:27 |
| kata-irc-bot | <eric.ernst> I hope you at least learned a couple things during the suffering you went through debuging this! | 22:27 |
| kata-irc-bot | <feng.wang> Yeah. I indeed learned a lot :slightly_smiling_face: | 22:28 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!