Details
Medium Description
*User Impact:*
possible security issue.
*Steps to Reproduce:*
https://www.percona.com/blog/?p=75986&preview=true
Use invalid kubeconfig on registration.
it might be some specific k8s issue but sometimes dbaas-controller gets error and leaves temporary file behind:
[root@pmm-deployment-d688fb846-mtc62 opt]# ls -la /tmp/ -rw------- 1 pmm pmm 5970 May 12 09:38 dbaas-controller-kubeconfig-209187302 -rw------- 1 pmm pmm 5970 May 12 09:43 dbaas-controller-kubeconfig-388731395 -rw------- 1 pmm pmm 5970 May 12 09:38 dbaas-controller-kubeconfig-818444692 -rw------- 1 pmm pmm 5970 May 12 09:53 dbaas-controller-kubeconfig-850025052
here is one example of the error in the logs:
time="May 12 09:38:28.756835552" level=info msg="Starting RPC /percona.platform.dbaas.controller.v1beta1.KubernetesClusterAPI/CheckKubernetesClusterConnection ..." request=ce9d7d5b-b305-11eb-9fd3-0242ac110003 time="May 12 09:38:28.757017417" level=info msg="kubectl config: \"/tmp/dbaas-controller-kubeconfig-209187302\"" component=kubectl request=ce9d7d5b-b305-11eb-9fd3-0242ac110003 time="May 12 09:38:28.772530763" level=warning msg="RPC /percona.platform.dbaas.controller.v1beta1.KubernetesClusterAPI/CheckKubernetesClusterConnection done in 15.685522ms with gRPC error: rpc error: code = FailedPrecondition desc = Unable to connect to Kubernetes cluster: signal: killed\ncmd: /opt/dbaas-tools/bin/kubectl-1.16 version --kubeconfig=/tmp/dbaas-controller-kubeconfig-209187302 -o json\nstderr: " request=ce9d7d5b-b305-11eb-9fd3-0242ac110003
*Actual Result:*
kubeconfig could be found in tmp dir
*Expected Result:*
there should be no kubeconfig file left in /tmp dir
*Additional information:*
Attachments
Issue Links
- mentioned in
-
Page Loading...