Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chown aws-iam-authenticator to avoid permission denied #302

Merged
merged 1 commit into from
Mar 14, 2020
Merged

chown aws-iam-authenticator to avoid permission denied #302

merged 1 commit into from
Mar 14, 2020

Conversation

wongma7
Copy link
Contributor

@wongma7 wongma7 commented Mar 13, 2020
edited

Fixing the issue in #301 in a less controversial way :)

go builds binaries with permissions like so:

$ ls -la dist/goreleaserdocker010310734/aws-iam-authenticator 
-rwx------. 7 fedora fedora 38055936 Mar 13 20:39 dist/goreleaserdocker010310734/aws-iam-authenticator*

and user 10000/aws-iam-authenticator then gets permission denied when trying to run it:

$ make build
...
$ docker run 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.0-debian-stretch
standard_init_linux.go:211: exec user process caused "permission denied"

After these changes the containers work as expected,

$ make build
...
$ 
docker run 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.0-debian-stretch
A tool to authenticate to Kubernetes using AWS IAM credentials
...

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 13, 2020
@wongma7 wongma7 mentioned this pull request Mar 13, 2020
Closed
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 13, 2020
@christopherhein
Copy link
Member

Does it still make sense to have these Dockerfiles? Given that core has moved to distroless and subprojects like kubebuilder, cluster-api, etc has as well, it seems like that should be the path this the authenticator is going too.

@wongma7
Copy link
Contributor Author

wongma7 commented Mar 14, 2020
edited

Does it still make sense to have these Dockerfiles? Given that core has moved to distroless and subprojects like kubebuilder, cluster-api, etc has as well, it seems like that should be the path this the authenticator is going too.

I had exactly this thought when making the same change to 6 almost-identical files... IMO no, I can clean up the Dockerfiles in a follow-up but mainly this PR is to unblock my testing for #303

@christopherhein
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 14, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: christopherhein, wongma7

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [christopherhein,wongma7]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit a3c9a5a into kubernetes-sigs:master Mar 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christopherhein christopherhein Awaiting requested review from christopherhein

@nckturner nckturner Awaiting requested review from nckturner

Assignees

@christopherhein christopherhein

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wongma7 @christopherhein @k8s-ci-robot