postgres-operator
postgres-operator copied to clipboard
401 Unauthorized error in Postgres Operator 5.0.4
Hi,
We are deploying Postgres Cluster 5.0.4 in our RKE2 cluster using the Helm Chart.
Issue faced: To mitigate the service account token leaks and make the cluster more secure, we have given the below parameter in our kube-api server argument: --service-account-extend-token-expiration=false . But after enabling this setting, we are seeing 401 Unauthorized error after every 1 hour. Argument reference (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ )
Environment details: Rancher RKE2 downstream cluster(3 master- 3 worker), Version: v1.21.7+rke2r2
Steps to reproduce the error:
- For the all 3 kube-api pods(1 for each master deployed as part of RKE2 cluster setup), edit the pod and add this parameter(--service-account-extend-token-expiration=false) in the kube-api settings as an additional parameter. Now deploy the Crunchy operator and PostgreSQL DB Cluster using helm chart version 5.0.4. 2. After 1 hour the database container in each of the db pods will start throwing attached error in the logs. and the database container will stop working.
Logs screenshot:
Is there a way to resolve this error while keeping this configuration setting as this will ensure that the cluster is more secure?
Thanks and Regards, Inderpreet.
Just noting that this has been fixed in Patroni 2.1.4, which will be included in the next release of PGO.
@InderpreetSaini Have you upgraded to a Postgres image with Patroni 2.1.4?