Managed Kubernetes
Latest
Frequently Asked Questions
Solutions
How Tos
Internal Only
Templates
Powered By
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Pod Exec Fails With Permission Issue
Copy Markdown
Open in ChatGPT
Open in Claude
Problem
After you upgrade runtime from Docker to Containerd, nodes upgrades successfully, but if you try to exec some pods it fails with the below error logs:
Pod logs
xxxxxxxxxx@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Permissions 0644 for '/etc/ssh/ssh_host_rsa_key' are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Permissions 0644 for '/etc/ssh/ssh_host_ecdsa_key' are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Permissions 0644 for '/etc/ssh/ssh_host_ed25519_key' are too open.Environment
- Platform9 Managed Kubernetes - v5.6.8
- Kubernetes version - 1.22.9
Cause
The directory listed below does not have correct permission inside directory /var/lib/containerd after runtime upgrade to containerd.
Permission
xxxxxxxxxxdrwxr-xr-x 3 root root 4096 Aug 14 10:47 io.containerd.snapshotter.v1.aufsdrwxr-xr-x 3 root root 4096 Aug 14 10:47 io.containerd.snapshotter.v1.nativedrwxr-xr-x 3 root root 4096 Aug 14 10:47 io.containerd.snapshotter.v1.overlayfsResolution
You need to manually change the permission to 0700 for above directory using chmod command.
Change permission
xxxxxxxxxx# chmod -R 0700 io.containerd.snapshotter.v1.aufs# chmod -R 0700 io.containerd.snapshotter.v1.native# chmod -R 0700 io.containerd.snapshotter.v1.overlayfsDirectory permissions inside /var/lib/containerd should look like below:
/var/lib/containerd
xxxxxxxxxx# ls -ll /var/lib/containerdtotal 40drwxr-xr-x 4 root root 4096 Aug 2 07:56 io.containerd.content.v1.contentdrwxr-xr-x 4 root root 4096 Aug 2 07:57 io.containerd.grpc.v1.cridrwx--x--x 2 root root 4096 Aug 2 07:56 io.containerd.metadata.v1.boltdrwx--x--x 2 root root 4096 Aug 2 07:56 io.containerd.runtime.v1.linuxdrwx--x--x 3 root root 4096 Aug 2 07:57 io.containerd.runtime.v2.taskdrwx------ 3 root root 4096 Aug 2 07:56 io.containerd.snapshotter.v1.aufsdrwx------ 2 root root 4096 Aug 2 07:56 io.containerd.snapshotter.v1.btrfsdrwx------ 3 root root 4096 Aug 2 07:56 io.containerd.snapshotter.v1.nativedrwx------ 3 root root 4096 Aug 2 07:56 io.containerd.snapshotter.v1.overlayfsdrwx------ 2 root root 4096 Sep 21 02:00 tmpmountsVariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message