2020-06-09 12:12:52 |
Bart Wensley |
description |
Brief Description
-----------------
Our software uses the kubeadm command to install, manage and upgrade kubernetes. However, it is not passing the --kubeconfig parameter to this command, so the command will search for the kubeconfig file. Normally it finds this file in /etc/kubernetes/admin.conf, but if a user accidentally (or intentionally) creates a config file at /root/.kube/config, this file can take precedence and cause the kubeadm command to fail.
Severity
--------
Major: the user should not be creating these extra files, but if they do, basic system functionality (e.g. locking/unlocking hosts) is broken.
Steps to Reproduce
------------------
Create an invalid kubeconfig file at /root/.kube/config. This can be done as the sysadmin user by running "sudo kubectl config set-context ..." and "sudo kubectl config use-context ..." commands.
Expected Behavior
------------------
The system should always use the /etc/kubernetes/admin.conf file for kubeadm commands.
Actual Behavior
----------------
See above
Reproducibility
---------------
Reproducible
System Configuration
--------------------
All
Branch/Pull Time/Commit
-----------------------
StarlingX Master - this is a day one issue.
Last Pass
---------
Never
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Evaluation
Workaround
----------
Delete the extra kubeconfig file. |
Brief Description
-----------------
Our software uses the kubeadm command to install, manage and upgrade kubernetes. However, it is not passing the --kubeconfig parameter to this command, so the command will search for the kubeconfig file. Normally it finds this file in /etc/kubernetes/admin.conf, but if a user accidentally (or intentionally) creates a config file at /root/.kube/config, this file can take precedence and cause the kubeadm command to fail.
Changes will be required in the ansible, config and stx-puppet repos - anywhere
the kubeadm command is used. Note that some kubeadm commands (e.g. kubeadm init
and kubeadm join do not use the --kubeconfig parameter) because they actually
create this file.
Severity
--------
Major: the user should not be creating these extra files, but if they do, basic system functionality (e.g. locking/unlocking hosts) is broken.
Steps to Reproduce
------------------
Create an invalid kubeconfig file at /root/.kube/config. This can be done as the sysadmin user by running "sudo kubectl config set-context ..." and "sudo kubectl config use-context ..." commands.
Expected Behavior
------------------
The system should always use the /etc/kubernetes/admin.conf file for kubeadm commands.
Actual Behavior
----------------
See above
Reproducibility
---------------
Reproducible
System Configuration
--------------------
All
Branch/Pull Time/Commit
-----------------------
StarlingX Master - this is a day one issue.
Last Pass
---------
Never
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Evaluation
Workaround
----------
Delete the extra kubeconfig file. |
|