Canonical Juju

  1. Bug #2066517
  2. Activity log

Activity log for bug #2066517

Date Who What changed Old value New value Message
2024-05-22 20:36:10 Marcelo Henrique Neppel bug added bug
2024-05-22 20:43:10 Marcelo Henrique Neppel tags canonical-data-platform-eng
2024-05-22 20:49:24 Marcelo Henrique Neppel description The workload from a K8s charm cannot access the service account token on Juju 3.5.0. It works fine until Juju 3.4.2. Error message from pebble logs (when deploying `juju deploy postgresql-k8s --channel 14/edge --trust` and then checking the error through `pebble logs`): 2024-05-22T20:35:21.920Z [postgresql] PermissionError: [Errno 13] Permission denied: '/var/run/secrets/kubernetes.io/serviceaccount/token' 3.4.2 permissions: root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token lrwxrwxrwx 1 root root 12 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token -rw-r--r-- 1 root root 977 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/..data/token 3.5.0 permissions: root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token lrwxrwxrwx 1 root 170 12 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token -rw-r----- 1 root 170 1142 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/..data/token Others cannot access the token anymore. The workload from a K8s charm cannot access the service account token on Juju 3.5.0. It works fine until Juju 3.4.2. Error message from pebble logs (when deploying `juju deploy postgresql-k8s --channel 14/edge --trust`, which runs the workload with another user - postgres - and then checking the error through `pebble logs`): 2024-05-22T20:35:21.920Z [postgresql] PermissionError: [Errno 13] Permission denied: '/var/run/secrets/kubernetes.io/serviceaccount/token' 3.4.2 permissions: root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token lrwxrwxrwx 1 root root 12 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token -rw-r--r-- 1 root root 977 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/..data/token 3.5.0 permissions: root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token lrwxrwxrwx 1 root 170 12 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token -rw-r----- 1 root 170 1142 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/..data/token Others cannot access the token anymore.
2024-05-23 06:07:32 Harry Pidcock juju: importance Undecided Critical
2024-05-23 06:07:32 Harry Pidcock juju: status New In Progress
2024-05-23 06:07:32 Harry Pidcock juju: milestone 3.5.1
2024-05-23 06:07:32 Harry Pidcock juju: assignee Harry Pidcock (hpidcock)
2024-05-24 03:32:07 Harry Pidcock juju: status In Progress Fix Committed
2024-05-30 01:29:24 Canonical Juju QA Bot juju: status Fix Committed Fix Released