Wrong permission on being set on /serviceaccount/token

I am currently using terraform 1.0.5. I recently upgraded to kubernetes 1.21.2 and I realized that when I try to install olm (crds.yaml and olm.yaml) I am getting an error. The error I get is a permission denied error. The reason for this error is because the permissions are not being set correctly by terraform when it creates the AWS eks cluster. Notice the permissions that are created for the directory when using kubernetes version 1.21

-rw-------    1 root     root           969 Aug 26 18:04 /var/run/secrets/kubernetes.io/serviceaccount/..data/token

And notice the same exact permissions using version kubernetes version 1.20

 -rw-r--r--    1 root     root           969 Aug 26 18:04   /var/run/secrets/kubernetes.io/serviceaccount/..data/token

I know this is a terraform issue because if I create the cluster by hand I do not encounter this error. I only get permission denied when I create the cluster with terraform. Is there a way to set the permissions correctly in a .tf file?

Please advise.

Thanks

In case anyone runs into this exact problem, this was a kubernetes problem. Fixed by adding securityContext.fsGroup: 65534 on the pod

1 Like

Thank you! This saved us from endlessly trying to resolve this.