Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret #25587

Closed
fandongxiaokk opened this issue Dec 13, 2020 · 9 comments
Closed

Secret #25587

fandongxiaokk opened this issue Dec 13, 2020 · 9 comments
Labels
needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@fandongxiaokk
Copy link

calico-kube-controllers pod v3.17.1 版本 ERROR:

2020-12-13 08:21:12.385 [FATAL][1] main.go 101: Failed to start error=failed to build Calico client: could not initialize etcdv3 client: open /calico-secrets/etcd-cert: permission denied

calico-etcd.yaml 配置文件 calico-kube-controllers 组件 v3.17.1 版本 ,最低权限是0040 而不是 400
1.镜像:calico/kube-controllers v3.17.1
vim calico-etcd.yaml ( v3.17.1 版本)
volumes:
# Mount in the etcd TLS secrets with mode 400. calico-kube-controllers 组件 最低权限是0040 而不是 400
# See https://kubernetes.io/docs/concepts/configuration/secret/
- name: etcd-certs
secret:
secretName: calico-etcd-secrets
defaultMode: 0040
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Dec 13, 2020
@k8s-ci-robot
Copy link
Contributor

@fandongxiaokk: This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@zaf187
Copy link

zaf187 commented Dec 14, 2020

Please can i upvote this issue, i am facing the same problem. After changing the defaultMode to 0040 it works fine.

@sftim
Copy link
Contributor

sftim commented Dec 14, 2020

Hi @zaf187 & @fandongxiaokk

What summary / title would you recommend for this issue?

BTW https://youtu.be/o45vmed3Pcc?t=20 outlines how to upvote

@zaf187
Copy link

zaf187 commented Dec 14, 2020

permissions related issue around accessing etcd-secrets from the calico controller node, i think that's a reasonable summary / title.

This should actually be in the calico github ... i was just googling for this issue and came across this post here in this github.

@sftim
Copy link
Contributor

sftim commented Dec 15, 2020

Ah OK - it's not a documentation issue?

@zaf187
Copy link

zaf187 commented Dec 15, 2020

Ah OK - it's not a documentation issue?

no it isn't. IMO you can close this but i actually don't understand the post from the OP.

@sftim
Copy link
Contributor

sftim commented Dec 16, 2020

This seems to be off topic
/close

@k8s-ci-robot
Copy link
Contributor

@sftim: Closing this issue.

In response to this:

This seems to be off topic
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jeswinkninan
Copy link

@fandongxiaokk This topic is probably in the Calico Github, but just for your info setting the permission with defaultmode : 440 in the volume mount will fix the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@zaf187 @k8s-ci-robot @sftim @jeswinkninan @fandongxiaokk