From 79027c18d4d1bfc10741dd50d63e687a697cb18c Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Thu, 13 Feb 2020 20:29:49 -0600 Subject: [PATCH] Switch AWS IAM Authenticator to use non-scratch image The authenticator binary uses glog which requires write access to the filesystem under /tmp On the scratch image /tmp doesnt exist which caused a crash loop: ``` time="2020-02-14T02:06:00Z" level=info msg="creating event broadcaster" time="2020-02-14T02:06:00Z" level=info msg="setting up event handlers" W0214 02:06:00.358119 1 client_config.go:539] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. log: exiting because of error: log: cannot create log: open /tmp/aws-iam-authenticator.ip-X-X-X-X.aws-iam-authenticator.log.WARNING.20200214-020600.1: no such file or directory ``` Switching to debian-stretch fixed the issue although it could really be any of the other images in the release [0] [0] https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.0 --- .../resources/addons/authentication.aws/k8s-1.12.yaml.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template index ceafe905c363d..c807d92bfc990 100644 --- a/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template @@ -120,7 +120,7 @@ spec: # - output (output kubeconfig to plug into your apiserver configuration, mounted from the host) containers: - name: aws-iam-authenticator - image: {{ or .Authentication.Aws.Image "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.0-scratch" }} + image: {{ or .Authentication.Aws.Image "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.0-debian-stretch" }} args: - server - --config=/etc/aws-iam-authenticator/config.yaml