2024-05-22 20:49:24 |
Marcelo Henrique Neppel |
description |
The workload from a K8s charm cannot access the service account token on Juju 3.5.0. It works fine until Juju 3.4.2.
Error message from pebble logs (when deploying `juju deploy postgresql-k8s --channel 14/edge --trust` and then checking the error through `pebble logs`):
2024-05-22T20:35:21.920Z [postgresql] PermissionError: [Errno 13] Permission denied: '/var/run/secrets/kubernetes.io/serviceaccount/token'
3.4.2 permissions:
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token
lrwxrwxrwx 1 root root 12 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token
-rw-r--r-- 1 root root 977 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/..data/token
3.5.0 permissions:
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token
lrwxrwxrwx 1 root 170 12 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token
-rw-r----- 1 root 170 1142 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/..data/token
Others cannot access the token anymore. |
The workload from a K8s charm cannot access the service account token on Juju 3.5.0. It works fine until Juju 3.4.2.
Error message from pebble logs (when deploying `juju deploy postgresql-k8s --channel 14/edge --trust`, which runs the workload with another user - postgres - and then checking the error through `pebble logs`):
2024-05-22T20:35:21.920Z [postgresql] PermissionError: [Errno 13] Permission denied: '/var/run/secrets/kubernetes.io/serviceaccount/token'
3.4.2 permissions:
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token
lrwxrwxrwx 1 root root 12 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token
-rw-r--r-- 1 root root 977 May 22 14:38 /var/run/secrets/kubernetes.io/serviceaccount/..data/token
3.5.0 permissions:
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/token
lrwxrwxrwx 1 root 170 12 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token
root@postgresql-k8s-0:/# ls -al /var/run/secrets/kubernetes.io/serviceaccount/..data/token
-rw-r----- 1 root 170 1142 May 22 14:04 /var/run/secrets/kubernetes.io/serviceaccount/..data/token
Others cannot access the token anymore. |
|