(eks): Warnings about insecure `kubeconfig` file when running helm
See original GitHub issueWhen installing helm charts, we started seeing these warning pop up in the lambda handler log:
[INFO] 2021-05-05T10:25:13.417Z a5811ffd-8493-4ea7-b3ed-eaabebc456e6 b'WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /tmp/kubeconfig\nWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /tmp/kubeconfig
There doesn’t seem to be any apparent disruption caused by this, but it probably still requires some investigation.
Reproduction Steps
Install any helm chart and inspect the lambda handler logs.
What did you expect to happen?
No warnings.
What actually happened?
Warnings about an insecure kubeconfig
file.
Environment
- CDK CLI Version :ALL
- Framework Version: 1.102.0
- Node.js Version: ALL
- OS : ALL
- Language (Version): ALL
Other
Originally reported in https://github.com/aws/aws-cdk/issues/14416
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (5 by maintainers)
Top Results From Across the Web
Helm commands resulting in warnings for kubeconfig file
helm version WARNING: **Kubernetes configuration file is group-readable**. This is insecure. Location: ~/.kube/config version.
Read more >helm: x509: certificate signed by unknown authority
As a workaround you can try to disable certificate verification. Helm uses the kube config file (by default ~/.kube/config ).
Read more >Organizing Cluster Access Using kubeconfig Files - Kubernetes
Use kubeconfig files to organize information about clusters, users, namespaces, and authentication mechanisms. The kubectl command-line tool ...
Read more >Resolve the unauthorized server error for the Amazon EKS ...
1. To update or generate the kubeconfig file after aws-auth ConfigMap is updated, run either of the following commands. Note: Replace eks- ...
Read more >Installation | Kyverno
The Kyverno Helm chart defines its own values for the Pod's securityContext object which, although it confirms to the upstream Pod Security ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I am unassigning and marking this issue as
p2
, which means that we are unable to work on this immediately.We use +1s to help prioritize our work, and are happy to revaluate this issue based on community feedback. You can reach out to the cdk.dev community on Slack to solicit support for reprioritization.
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.