Nginx Question posted in
The official documentation can be found here.

Ingress nginx Unable to rotate token: failed to read token file "/var/run/secrets/kubernetes.io/serviceaccount/token"

I am running nginx-ingress v0.44.0 on Kubernetes version v1.20.2, install ingress using helm chat ingress-nginx-3.23.0. nginx taking the traffic from the log file I see this error message.

E0209 23:21:41.300842       6 token_source.go:152] Unable to rotate token: failed to read token file "/var/run/secrets/kubernetes.io/serviceaccount/token": open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
E0209 23:21:41.316286       6 token_source.go:152] Unable to rotate token: failed to read token file "/var/run/secrets/kubernetes.io/serviceaccount/token": open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied

Nignx is running uid 101 but serviceaccount directory owned by root user.

How to fix this error message?

Thanks

Tags:

2

Answers


  1. 0

    It’s kinda odd, as I’ve tested I haven’t experienced such a error.

    You could use securityContext, set

    • fsGroup: 101 or
    • runAsUser/runAsGroup

    But still the ingress-nginx sets appropriate securityContext (for example to bind on 80/443), so it should work.

    Login or Signup to reply.
  2. 0

    As @sfgroups mentioned solution is to make nignx not running uid 101 but 0.
    Add flag to installation command: --set controller.image.runAsUser=0.

    Read: helm-nginx-ingress-installation.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search