Leader for k8s charms should be able to read/write its own databag
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
Medium
|
Achilleas Anagnostopoulos |
Bug Description
While the fix for https:/
To reproduce:
```
$ juju bootstrap microk8s mk8s
$ juju deploy cs:~aisrael/
$ juju status
controller mk8s microk8s/localhost 2.8-rc1 unsupported 13:24:21+01:00
App Version Status Scale Charm Store Rev OS Address Notes
mariadb-k8s active 1 mariadb-k8s jujucharms 2 kubernetes 10.152.183.132
mediawiki-k8s active 1 mediawiki-k8s jujucharms 3 kubernetes 10.152.183.7
Unit Workload Agent Address Ports Message
mariadb-k8s/0* active idle 10.1.49.64 3306/TCP
mediawiki-k8s/0* active idle 10.1.49.65 80/TCP
# Writing or reading the app databag from the leader charm fails with permission errors
$ juju run --unit mariadb-k8s/0 'is-leader'
True
$ juju run --unit mariadb-k8s/0 'relation-set -r 0 --app myapp=mariadb'
ERROR cannot read relation application settings: permission denied
$ juju run --unit mariadb-k8s/0 'relation-get -r 0 --app - mariadb-k8s'
ERROR permission denied
```
Changed in juju: | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Achilleas Anagnostopoulos (achilleasa) |
milestone: | none → 2.8-rc1 |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
Enabling TRACE logging on the controller, I can see :
controller-0: 12:57:00 TRACE juju.apiserver. common server RPC error [{/workspace/ _build/ src/github. com/juju/ juju/apiserver/ facades/ agent/uniter/ uniter. go:1672: } {/workspace/ _build/ src/github. com/juju/ juju/apiserver/ common/ errors. go:128: permission denied}]
Note that this basically making the operator-framework pgsql interface [1] unusable.
[1] https:/ /git.launchpad. net/~stub/ interface- pgsql/+ git/operator/