-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secret #25587
Comments
@fandongxiaokk: This issue is currently awaiting triage. SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Please can i upvote this issue, i am facing the same problem. After changing the defaultMode to 0040 it works fine. |
Hi @zaf187 & @fandongxiaokk What summary / title would you recommend for this issue? BTW https://youtu.be/o45vmed3Pcc?t=20 outlines how to upvote |
permissions related issue around accessing etcd-secrets from the calico controller node, i think that's a reasonable summary / title. This should actually be in the calico github ... i was just googling for this issue and came across this post here in this github. |
Ah OK - it's not a documentation issue? |
no it isn't. IMO you can close this but i actually don't understand the post from the OP. |
This seems to be off topic |
@sftim: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@fandongxiaokk This topic is probably in the Calico Github, but just for your info setting the permission with defaultmode : 440 in the volume mount will fix the issue. |
calico-kube-controllers pod v3.17.1 版本 ERROR:
2020-12-13 08:21:12.385 [FATAL][1] main.go 101: Failed to start error=failed to build Calico client: could not initialize etcdv3 client: open /calico-secrets/etcd-cert: permission denied
calico-etcd.yaml 配置文件 calico-kube-controllers 组件 v3.17.1 版本 ,最低权限是0040 而不是 400
1.镜像:calico/kube-controllers v3.17.1
vim calico-etcd.yaml ( v3.17.1 版本)
volumes:
# Mount in the etcd TLS secrets with mode 400. calico-kube-controllers 组件 最低权限是0040 而不是 400
# See https://kubernetes.io/docs/concepts/configuration/secret/
- name: etcd-certs
secret:
secretName: calico-etcd-secrets
defaultMode: 0040
The text was updated successfully, but these errors were encountered: