k8s-image-swapper
k8s-image-swapper copied to clipboard
estahn
panic when secretReader is disabled
Hi we're using AWS ECR and not using image pull secrets, just IAM restrictions with IRSA. We have chart 1.0.1 with appVersion 1.1.0 installed and it is frequently dumping panics in the following form. Because we have the secretReader option disabled, its not creating a ClusterRole or ClusterRoleBinding so its not surprising it gets permission denied. It is however surprising that it is trying to access the 'default' serviceAccount in a different namespace when its not configured to do so.
7:35PM ERR error fetching referenced service account, continue without service account imagePullSecrets error="serviceaccounts "default" is forbidden: User "system:serviceaccount:image-swapper:image-swapper" cannot get resource "serviceaccounts" in API group "" in the namespace "myappnamespace"" Worker exits from a panic: runtime error: invalid memory address or nil pointer dereference Stack trace: goroutine 198 [running]: runtime/debug.Stack() runtime/debug/stack.go:24 +0x65 github.com/alitto/pond.defaultPanicHandler({0x1946000, 0x2c8fa20}) github.com/alitto/[email protected]/pond.go:19 +0x27 github.com/alitto/pond.(*WorkerPool).executeTask.func1() github.com/alitto/[email protected]/pond.go:364 +0x45 panic({0x1946000, 0x2c8fa20}) runtime/panic.go:1038 +0x215 os.(*File).Name(...) os/file.go:57 github.com/estahn/k8s-image-swapper/pkg/webhook.(*ImageSwapper).Mutate.func1() github.com/estahn/[email protected]/pkg/webhook/image_swapper.go:219 +0x317 github.com/alitto/pond.(*WorkerPool).executeTask(0xc00073d3b0, 0x1ebce10) github.com/alitto/[email protected]/pond.go:371 +0x69 github.com/alitto/pond.worker(0xc000199200, 0x1ea74e8, 0xc00073d3ec, 0x0, 0xc0007e7d80) github.com/alitto/[email protected]/pond.go:427 +0x79 created by github.com/alitto/pond.(*WorkerPool).maybeStartWorker
Actually we just set secretReader.enabled: true in the values and redeployed (left the secretReader.secretNames: [] as empty) and its still producing this error.