StarlingX

permission changes for k8s 1.24.4 and 1.25.3 kubectl, kubelet , kube-proxy binary files .

Bug #2009159 reported by Saba Touheed Mujawar on 2023-03-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	Saba Touheed Mujawar

Bug Description

Brief Description
-----------------

Current permission for below given binary files in k8s 1.24.4 and 1.25.3 is
754(rwxr-xr--):
kubectl
kubelet
kube-proxy
kube-scheduler
kube-controller-manager
kube-apiserver

We need to change the permissions of the files owned by root. The "sysadmin"
user is a member of the "root" group, and thus has permission to run kubectl.
We would want to provide 755(rwxr-xr-x) permission for kubectl and 750
(rwxr-x---) for kubelet, kube-proxy, kube-scheduler, kube-controller-manager,
kube-apiserver.

System Configuration
--------------------
all

See original description

Tags:

Saba Touheed Mujawar (smujawar) on 2023-03-03

summary:	- permission changes for k8s 1.25.3 kubectl, kubelet and kube-proxy binary - files + permission changes for k8s 1.24.4 and 1.25.3 kubectl, kubelet and kube- + proxy binary files
description:	updated

Saba Touheed Mujawar (smujawar) on 2023-03-08

summary:

- permission changes for k8s 1.24.4 and 1.25.3 kubectl, kubelet and kube-
- proxy binary files
+ permission changes for k8s 1.24.4 and 1.25.3 kubectl, kubelet , kube-
+ proxy binary files and change in rules of k8s 1.25.3 to update
+ go_version to 1.19.5

Saba Touheed Mujawar (smujawar) on 2023-03-08

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-08: Fix proposed to integ (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/integ/+/876845

Changed in starlingx:
status:	New → In Progress

Saba Touheed Mujawar (smujawar) on 2023-03-09

description:	updated
summary:	permission changes for k8s 1.24.4 and 1.25.3 kubectl, kubelet , kube- - proxy binary files and change in rules of k8s 1.25.3 to update - go_version to 1.19.5 + proxy binary files .

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-15: Fix merged to integ (master)

Reviewed: https://review.opendev.org/c/starlingx/integ/+/876845
Committed: https://opendev.org/starlingx/integ/commit/1279237fdf5af9d65499785951d283f5fdba01d4
Submitter: "Zuul (22348)"
Branch: master

commit 1279237fdf5af9d65499785951d283f5fdba01d4
Author: Saba Touheed Mujawar <email address hidden>
Date: Wed Mar 8 06:22:51 2023 -0500

Change file permissions in k8s 1.24.4 and k8s 1.25.3

    Currently the permissions of binary files owned by root is
    754(rwxr-xr--) . The "sysadmin" user is a member of the "root"
    group, and has permission to run kubectl.

    Change permissions to below :
    kubectl - 755
    kubelet - 750
    kube-apiserver - 750
    kube-controller-manager - 750
    kube-scheduler - 750
    kube-proxy - 750

    Test Plan:
    PASS: Install iso on AIO-SX, run kubectl commands as root,
          sysadmin and as another user

Closes-Bug: 2009159

Signed-off-by: Saba Touheed Mujawar <email address hidden>
Change-Id: Id62c85d772d14f4dbc4b1c9339365936e19c3bd7

Changed in starlingx:
status:	In Progress → Fix Released

Bruce Jones (bejones) on 2023-03-16

tags:

added: stx.9.0 stx.integ

Ghada Khalil (gkhalil) on 2023-08-05

Changed in starlingx:
importance:	Undecided → Medium
assignee:	nobody → Saba Touheed Mujawar (smujawar)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.