cannot find Service Account

Question

cannot find Service Account

rodrigopztpedro900 opened this issue 2 years ago · 3 comments

rodrigopztpedro900 commented 2 years ago

I have this problem, do not touch anything doppler in the last 20 days. it just stopped updating and i found this in the logs
-Cannot find Service Account in pod to build in-cluster rest config: open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
goroutine 1 [running]:
k8s.io/klog/v2.stacks(0xc0000d4001, 0xc000172000, 0xbb, 0x10f)
/home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:996 +0xb8
k8s.io/klog/v2.(*loggingT).output(0x251bc80, 0xc000000003, 0x0, 0x0, 0xc0001de150, 0x2472f85, 0x7, 0x18e, 0x0)
/home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:945 +0x19d
k8s.io/klog/v2.(*loggingT).printf(0x251bc80, 0x3, 0x0, 0x0, 0x17bca5f, 0x46, 0xc00059d990, 0x1, 0x1)
/home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:733 +0x17a
k8s.io/klog/v2.Fatalf(...)
/home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:1463
main.initKubeConfig(0x0, 0x0, 0x4)
/home/travis/gopath/src/github.com/brancz/kube-rbac-proxy/main.go:398 +0x18f
main.main()
/home/travis/gopath/src/github.com/brancz/kube-rbac-proxy/main.go:151 +0xd5f

goroutine 18 [syscall]:
os/signal.signal_recv(0x0)
/home/travis/.gimme/versions/go1.13.15.linux.amd64/src/runtime/sigqueue.go:147 +0x9c
os/signal.loop()
/home/travis/.gimme/versions/go1.13.15.linux.amd64/src/os/signal/signal_unix.go:23 +0x22
created by os/signal.init.0
/home/travis/.gimme/versions/go1.13.15.linux.amd64/src/os/signal/signal_unix.go:29 +0x41

goroutine 19 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0x251bc80)
/home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:1131 +0x8b
created by k8s.io/klog/v2.init.0
/home/travis/gopath/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:416 +0xd6

Answer 1 · 2022-07-01T14:11:14.000Z

Hi @rodrigopztpedro900, thanks for sending this in!

Can you try reinstalling the operator and see if that resolves this issue? I'd recommend saving your DopplerSecret CRDs locally but any Kubernetes secrets will remain on your system across the reinstallation.

Answer 2 · 2022-07-01T16:15:22.000Z

Very late jeje xd, I already tried the install and not work and the DopplerSecrets were removed by the uninstall. Luckily I had a script to generate this again.
I fixed it by adding this to doppler-operator-controller-manager```

  securityContext:
    fsGroup: 65534
    runAsNonRoot: true


Thank you very much for giving us this excellent product. Doppler is awesome!

Answer 3 · 2022-07-01T16:58:49.000Z

Outstanding, thank you for letting us know how you fixed it!

I'll take a closer look at the security context that we bundled with the operator and see if we can smooth this out for other users who might hit this problem.

Thank you for the kind works and please keep the feedback coming!