search

DopplerHQ / kubernetes-operator

Apache License 2.0
44 stars 18 forks source link

cannot find Service Account #19

Closed rodrigopztpedro900 closed 2 years ago

rodrigopztpedro900 commented 2 years ago

I have this problem, do not touch anything doppler in the last 20 days. it just stopped updating and i found this in the logs -Cannot find Service Account in pod to build in-cluster rest config: open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied goroutine 1 [running]: k8s.io/klog/v2.stacks(0xc0000d4001, 0xc000172000, 0xbb, 0x10f) /home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:996 +0xb8 k8s.io/klog/v2.(loggingT).output(0x251bc80, 0xc000000003, 0x0, 0x0, 0xc0001de150, 0x2472f85, 0x7, 0x18e, 0x0) /home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:945 +0x19d k8s.io/klog/v2.(loggingT).printf(0x251bc80, 0x3, 0x0, 0x0, 0x17bca5f, 0x46, 0xc00059d990, 0x1, 0x1) /home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:733 +0x17a k8s.io/klog/v2.Fatalf(...) /home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:1463 main.initKubeConfig(0x0, 0x0, 0x4) /home/travis/gopath/src/github.com/brancz/kube-rbac-proxy/main.go:398 +0x18f main.main() /home/travis/gopath/src/github.com/brancz/kube-rbac-proxy/main.go:151 +0xd5f

goroutine 18 [syscall]: os/signal.signal_recv(0x0) /home/travis/.gimme/versions/go1.13.15.linux.amd64/src/runtime/sigqueue.go:147 +0x9c os/signal.loop() /home/travis/.gimme/versions/go1.13.15.linux.amd64/src/os/signal/signal_unix.go:23 +0x22 created by os/signal.init.0 /home/travis/.gimme/versions/go1.13.15.linux.amd64/src/os/signal/signal_unix.go:29 +0x41

goroutine 19 [chan receive]: k8s.io/klog/v2.(*loggingT).flushDaemon(0x251bc80) /home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:1131 +0x8b created by k8s.io/klog/v2.init.0 /home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:416 +0xd6

nmanoogian commented 2 years ago

Hi @rodrigopztpedro900, thanks for sending this in!

Can you try reinstalling the operator and see if that resolves this issue? I'd recommend saving your DopplerSecret CRDs locally but any Kubernetes secrets will remain on your system across the reinstallation.

rodrigopztpedro900 commented 2 years ago

Very late jeje xd, I already tried the install and not work and the DopplerSecrets were removed by the uninstall. Luckily I had a script to generate this again. I fixed it by adding this to doppler-operator-controller-manager```

  securityContext:
    fsGroup: 65534
    runAsNonRoot: true


Thank you very much for giving us this excellent product. Doppler is awesome!
nmanoogian commented 2 years ago

Outstanding, thank you for letting us know how you fixed it!

I'll take a closer look at the security context that we bundled with the operator and see if we can smooth this out for other users who might hit this problem.

Thank you for the kind works and please keep the feedback coming!