search

kubernetes-client / c

Official C client library for Kubernetes
Apache License 2.0
146 stars 45 forks source link

Running example/list_pod_incluster coredump #107

Closed katepangLiu closed 2 years ago

katepangLiu commented 2 years ago

client-go

panic: pods is forbidden: User "system:serviceaccount:default:default" cannot list resource "pods" in API group "" at the cluster scope

goroutine 1 [running]:
main.main()
    /mnt/hgfs/d/apm/smartagent/clusteragent-some/client-go/examples/in-cluster-client-configuration/main.go:56 +0x2e5

client-c

backtrace:

Program received signal SIGABRT, Aborted.
0x00007ffff7623387 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-317.el7.x86_64 libgcc-4.8.5-44.el7.x86_64
(gdb) bt
#0  0x00007ffff7623387 in raise () from /lib64/libc.so.6
#1  0x00007ffff7624a78 in abort () from /lib64/libc.so.6
#2  0x00007ffff7665ed7 in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff766e299 in _int_free () from /lib64/libc.so.6
#4  0x00000000004676ad in v1_list_meta_free ()
#5  0x00000000004064ee in v1_pod_list_parseFromJSON ()
#6  0x0000000000433c4b in CoreV1API_listNamespacedPod ()
#7  0x0000000000404652 in list_pod (apiClient=0xa11520) at main.c:13
#8  0x00000000004047b2 in main (argc=1, argv=0x7fffffffe598) at main.c:56

coredump:

(gdb) run
Starting program: /root/test-cli-incluster/list_pod_incluster 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
call CoreV1API_listNamespacedPod. 
*** Error in `/root/test-cli-incluster/list_pod_incluster': free(): invalid pointer: 0x00007fffffffe3f0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81299)[0x7ffff766e299]
/root/test-cli-incluster/list_pod_incluster[0x4676ad]
/root/test-cli-incluster/list_pod_incluster[0x4064ee]
/root/test-cli-incluster/list_pod_incluster[0x433c4b]
/root/test-cli-incluster/list_pod_incluster[0x404652]
/root/test-cli-incluster/list_pod_incluster[0x4047b2]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ffff760f555]
/root/test-cli-incluster/list_pod_incluster[0x404462]
======= Memory map: ========
00400000-007d4000 r-xp 00000000 fd:00 19037520                           /root/test-cli-incluster/list_pod_incluster
009d4000-00a06000 r--p 003d4000 fd:00 19037520                           /root/test-cli-incluster/list_pod_incluster
00a06000-00a0c000 rw-p 00406000 fd:00 19037520                           /root/test-cli-incluster/list_pod_incluster
00a0c000-00a76000 rw-p 00000000 00:00 0                                  [heap]
7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0 
7ffff0021000-7ffff4000000 ---p 00000000 00:00 0 
7ffff73d7000-7ffff73ec000 r-xp 00000000 fd:00 85                         /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff73ec000-7ffff75eb000 ---p 00015000 fd:00 85                         /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff75eb000-7ffff75ec000 r--p 00014000 fd:00 85                         /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff75ec000-7ffff75ed000 rw-p 00015000 fd:00 85                         /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7ffff75ed000-7ffff77b1000 r-xp 00000000 fd:00 76232                      /usr/lib64/libc-2.17.so
7ffff77b1000-7ffff79b0000 ---p 001c4000 fd:00 76232                      /usr/lib64/libc-2.17.so
7ffff79b0000-7ffff79b4000 r--p 001c3000 fd:00 76232                      /usr/lib64/libc-2.17.so
7ffff79b4000-7ffff79b6000 rw-p 001c7000 fd:00 76232                      /usr/lib64/libc-2.17.so
7ffff79b6000-7ffff79bb000 rw-p 00000000 00:00 0 
7ffff79bb000-7ffff79bd000 r-xp 00000000 fd:00 76238                      /usr/lib64/libdl-2.17.so
7ffff79bd000-7ffff7bbd000 ---p 00002000 fd:00 76238                      /usr/lib64/libdl-2.17.so
7ffff7bbd000-7ffff7bbe000 r--p 00002000 fd:00 76238                      /usr/lib64/libdl-2.17.so
7ffff7bbe000-7ffff7bbf000 rw-p 00003000 fd:00 76238                      /usr/lib64/libdl-2.17.so
7ffff7bbf000-7ffff7bd6000 r-xp 00000000 fd:00 77890                      /usr/lib64/libpthread-2.17.so
7ffff7bd6000-7ffff7dd5000 ---p 00017000 fd:00 77890                      /usr/lib64/libpthread-2.17.so
7ffff7dd5000-7ffff7dd6000 r--p 00016000 fd:00 77890                      /usr/lib64/libpthread-2.17.so
7ffff7dd6000-7ffff7dd7000 rw-p 00017000 fd:00 77890                      /usr/lib64/libpthread-2.17.so
7ffff7dd7000-7ffff7ddb000 rw-p 00000000 00:00 0 
7ffff7ddb000-7ffff7dfd000 r-xp 00000000 fd:00 76225                      /usr/lib64/ld-2.17.so
7ffff7fee000-7ffff7ff2000 rw-p 00000000 00:00 0 
7ffff7ff7000-7ffff7ffa000 rw-p 00000000 00:00 0 
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00021000 fd:00 76225                      /usr/lib64/ld-2.17.so
7ffff7ffd000-7ffff7ffe000 rw-p 00022000 fd:00 76225                      /usr/lib64/ld-2.17.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
ityuhui commented 2 years ago

Does this problem only happen when the service account is prohibited from listing pods?

If client-go can list pod with right service account, does this problem reproduce ?

katepangLiu commented 2 years ago

Yes, it work well with --clusterrole=view serviceaccount.

# kubectl create clusterrolebinding default-view --clusterrole=view --serviceaccount=default:default
# ./list_pod_incluster 
call CoreV1API_listNamespacedPod. 
OK
The return code of HTTP request=200
Get pod list:
    The pod name: datadog-cluster-agent-8466bcd8c6-ccld5
    The pod name: datadog-kdmqh
    The pod name: datadog-kube-state-metrics-6fb56bf889-fbx8s
    The pod name: datadog-s7v5n
    The pod name: nginx
ityuhui commented 2 years ago

It's very strange. This example works well in my env:

root@test-pod-8:/# ./list_pod_incluster_bin
The return code of HTTP request=403
Cannot get any pod.

Can you please give more detail ? e.g. stdout of the running of program, souce code (if you changes)

or print apiClient->dataReceived after CoreV1API_listNamespacedPod is called

katepangLiu commented 2 years ago

It's very strange. This example works well in my env:

root@test-pod-8:/# ./list_pod_incluster_bin
The return code of HTTP request=403
Cannot get any pod.

Can you please give more detail ? e.g. stdout of the running of program, souce code (if you changes)

or print apiClient->dataReceived after CoreV1API_listNamespacedPod is called

Thanks @ityuhui, I will double check firstlly, I use version(tag) 0.1.0, and import all dependent libs statically, maybe I dit something wrong.