aws-iam-authenticator: KOPS exec hook fails to set file permissions on kubeconfig - daemonset crashes.

After setting up KOPS cluster config to include the systemd hook for copying the files the pod is crashing on permission denied when attempting to write to the kubeconfig file

time="2018-06-07T11:27:16Z" level=fatal msg="could not write kubeconfig" error="open /etc/kubernetes/heptio-authenticator-aws/kubeconfig.yaml: permission denied" kubeconfigPath=/etc/kubernetes/heptio-authenticator-aws/kubeconfig.yaml

The issues are:

  1. file permissions is not preserved on S3 after copied to disk
  2. systemd one shot type exit after the cp so any command after the aws s3 cp will not run

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 16 (5 by maintainers)

Commits related to this issue

Most upvoted comments

Can anyone here summarize what are the combinations of things that made it work? I’m facing the sam e issue with kops 1.9.1, authenticator 0.3.0.

+1
Raffo on Jun 19, 2018
Read more comments on GitHub
← aws-iam-authenticator: heptio-authenticator occassionally returns Unauthorized when used in a kubernetes go client
aws-iam-authenticator: Roles with paths do not work when the path is included in their ARN in the aws-auth configmap →