Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panic when secretReader is disabled #135

Open
zswanson opened this issue Mar 23, 2022 · 2 comments
Open

panic when secretReader is disabled #135

zswanson opened this issue Mar 23, 2022 · 2 comments
Assignees
@estahn
Labels
bug Something isn't working

Comments

@zswanson
Copy link

Hi we're using AWS ECR and not using image pull secrets, just IAM restrictions with IRSA. We have chart 1.0.1 with appVersion 1.1.0 installed and it is frequently dumping panics in the following form. Because we have the secretReader option disabled, its not creating a ClusterRole or ClusterRoleBinding so its not surprising it gets permission denied. It is however surprising that it is trying to access the 'default' serviceAccount in a different namespace when its not configured to do so.

7:35PM ERR error fetching referenced service account, continue without service account imagePullSecrets error="serviceaccounts "default" is forbidden: User "system:serviceaccount:image-swapper:image-swapper" cannot get resource "serviceaccounts" in API group "" in the namespace "myappnamespace""
Worker exits from a panic: runtime error: invalid memory address or nil pointer dereference
Stack trace: goroutine 198 [running]:
runtime/debug.Stack()
runtime/debug/stack.go:24 +0x65
github.com/alitto/pond.defaultPanicHandler({0x1946000, 0x2c8fa20})
github.com/alitto/pond@v1.5.1/pond.go:19 +0x27
github.com/alitto/pond.(*WorkerPool).executeTask.func1()
github.com/alitto/pond@v1.5.1/pond.go:364 +0x45
panic({0x1946000, 0x2c8fa20})
runtime/panic.go:1038 +0x215
os.(*File).Name(...)
os/file.go:57
github.com/estahn/k8s-image-swapper/pkg/webhook.(*ImageSwapper).Mutate.func1()
github.com/estahn/k8s-image-swapper@v1.1.0/pkg/webhook/image_swapper.go:219 +0x317
github.com/alitto/pond.(*WorkerPool).executeTask(0xc00073d3b0, 0x1ebce10)
github.com/alitto/pond@v1.5.1/pond.go:371 +0x69
github.com/alitto/pond.worker(0xc000199200, 0x1ea74e8, 0xc00073d3ec, 0x0, 0xc0007e7d80)
github.com/alitto/pond@v1.5.1/pond.go:427 +0x79
created by github.com/alitto/pond.(*WorkerPool).maybeStartWorker
@estahn
Copy link
Owner

estahn commented Mar 23, 2022

@zswanson Thanks for the detailed error description. Will have a look soon.

@zswanson
Copy link
Author

Actually we just set secretReader.enabled: true in the values and redeployed (left the secretReader.secretNames: [] as empty) and its still producing this error.

@estahn estahn self-assigned this Dec 15, 2022
@estahn estahn added the bug Something isn't working label Dec 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@estahn estahn

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@estahn @zswanson