-
-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stanley_rsa is owned by root:root instead of stanley user in k8s #84
Comments
Thanks for the report. If you're motivated to submit a fix, there are 2 places in code to update: |
Oh cool I'd love to. I'm not sure what the exact change is though . Is there an owner: attribute that I can add stanley to or is there some code that also has to read that attribute from the deployment.yaml template file ? |
@cmmdrdata There is no owner attr for K8s volumes, but changing |
got it, some ssh servers won't let you login though if your key is too open for reading right ? |
That's a good point, I forgot that. Another thing I just searched for is trying to rely on |
BTW, after looking at the working As a workaround, using |
security context changed the group ownership on the volume but nt the file :( inside st2actionrunner pod. ls -l /home/stanley/.ssh/ root@stackstorm-st2actionrunner-7888d8ffc7-ml99n:/opt/stackstorm# ls -ld /home/stanley/.ssh/ |
Ah, that's really a bummer. I found this discussion which still seems to be still an issue in K8s: kubernetes/kubernetes#81089 The workaround is pretty hacky: https://stackoverflow.com/questions/49945437/changing-default-file-owner-and-group-owner-of-kubernetes-secrets-files-mounted, - copy a secret to a normal file via intermediate InitContainer, then change its ownership. |
I was just looking at adding a see: It looks like others have done something similar as well: |
#206 fixes this issue. Additional eyes on the fix would be appreciated. |
in the st2client pod sudo su - stanley then try to login somewhere using stanley_rsa key. It won't work unless you are root or use sudo.
The text was updated successfully, but these errors were encountered: