Skip to content

Kube-proxy emptyacrsecret missing Auth field #1126

New issue
New issue
Closed
Closed
Kube-proxy emptyacrsecret missing Auth field#1126

Description

@Sleepy-GH

Sleepy-GH
openedon Jul 26, 2019

What happened:
While installing Flux CD I ran into an issue concerning kube-proxy that is installed on a new AKS cluster. Flux CD expects the Auth field to be present in addition to Username, Password and Email in any dockerconfigjson secret. The one provided by AKS does not contain this field. The field was added to Kubernetes in this pull request.

What you expected to happen:
I expected the Auth field to be present in the emptyarcsecret used by kube-proxy

How to reproduce it (as minimally and precisely as possible):
Provide a clean cluster and run the following command:
kubectl get secret emptyacrsecret -n kube-system -o=yaml

This gives me the following output:
apiVersion: v1 data: .dockerconfigjson: eyJhdXRocyI6eyJha3NyZXBvcy5henVyZWNyLmlvIjp7IlVzZXJuYW1lIjoiIiwiUGFzc3dvcmQiOiIiLCJFbWFpbCI6IiJ9fX0= kind: Secret metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","data":{".dockerconfigjson":"eyJhdXRocyI6eyJha3NyZXBvcy5henVyZWNyLmlvIjp7IlVzZXJuYW1lIjoiIiwiUGFzc3dvcmQiOiIiLCJFbWFpbCI6IiJ9fX0="},"kind":"Secret","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile"},"name":"emptyacrsecret","namespace":"kube-system"},"type":"kubernetes.io/dockerconfigjson"} creationTimestamp: 2019-07-26T12:15:08Z labels: addonmanager.kubernetes.io/mode: Reconcile name: emptyacrsecret namespace: kube-system resourceVersion: "12971" selfLink: /api/v1/namespaces/kube-system/secrets/emptyacrsecret uid: 025ffc90-af9f-11e9-8b5f-9ab1157cbbcd type: kubernetes.io/dockerconfigjson

Decoding the above base64 data will show you the content missing the Auth field like below:
{"auths":{"aksrepos.azurecr.io":{"Username":"","Password":"","Email":""}}}

Anything else we need to know?:
You can find 2 issues reported at the Flux CD repository

  • This one reporting a bug of another AKS user
  • This one showing the underlying problem

The same issue seems to occur with coredns as well, but it references the same emptyacrsecret

Environment:

  • Kubernetes version (use kubectl version): 1.14.3, also tried on 1.13.5 and had the same issue there
  • Size of cluster (how many worker nodes are in the cluster?): 3
  • General description of workloads in the cluster (e.g. HTTP microservices, Java app, Ruby on Rails, machine learning, etc.): Nothing specific yet
  • Others:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    FeedbackGeneral feedbackstaleStale issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions