k0s
k0s copied to clipboard
k0sproject
k0s doesn't create the users it needs
In k0s we have the following users:
// EtcdUser defines the user to use for running etcd process
EtcdUser = "etcd"
// KineUser defines the user to use for running kine process
KineUser = "kube-apiserver" // apiserver needs to be able to read the kine unix socket
// ApiserverUser defines the user to use for running k8s api-server process
ApiserverUser = "kube-apiserver"
// SchedulerUser defines the user to use for running k8s scheduler
SchedulerUser = "kube-scheduler"
// KonnectivityServerUser deinfes the user to use for konnectivity-server
KonnectivityServerUser = "konnectivity-server"
We usually try to figure out the uid of the user:
pkg/component/controller/konnectivity.go
69: k.uid, err = users.GetUID(constant.KonnectivityServerUser)
To run the process as:
pkg/component/controller/konnectivity.go
184: k.supervisor = &supervisor.Supervisor{
185- Name: "konnectivity",
186- BinPath: assets.BinPath("konnectivity-server", k.K0sVars.BinDir),
187- DataDir: k.K0sVars.DataDir,
188- RunDir: k.K0sVars.RunDir,
189- Args: args.ToArgs(),
190- UID: k.uid,
191- }
The problem is that there isn't a component which creates the users, which effectively means all these components end up running as root.
I think we should create the users in each component. We already have a function to do this called install.EnsureUsers
The issue is marked as stale since no activity has been recorded in 30 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
The issue is marked as stale since no activity has been recorded in 30 days
I rechecked this on fedora40, which is where I saw the issue in the first place and definitely couldn't reproduce. I must have done something wrong.