Working on a new Microk8s testing / deployment and ran into an issue once we health checked the server installation after the Microk8s installation.
Apparently Microk8s creates pods / volumes directories that are world writeable but do not have sticky bit enabled. Our Linux OS support team is flagging this an issue since any user would be able to delete/renaming the files without being the owner.
As an example of the failed healthcheck on the file permission:
FAIL: /var/snap/microk8s/common/var/lib/kubelet/pods/f013b5e6-2cd2-4245-abdc-7aa4adff2fbe/volumes/kubernetes.io~empty-dir/tmp: world writeable, no sticky bit
Is there a way to fix this ? e.g. Microk8s also enabled sticky bit ? or is there a directory override permission to do it so when we spin up different pods we dont see this issue any more ?
Current Version Info:
kubectl version
Client Version: version.Info{Major:“1”, Minor:“20+”, GitVersion:“v1.20.10-34+3c9720652e8d58”, GitCommit:“3c9720652e8d58d39bcc32257973ef6dbf7e0257”, GitTreeState:“clean”, BuildDate:“2021-08-12T15:03:11Z”, GoVersion:“go1.15.14”, Compiler:“gc”, Platform:“linux/amd64”}
Server Version: version.Info{Major:“1”, Minor:“20+”, GitVersion:“v1.20.10-34+3c9720652e8d58”, GitCommit:“3c9720652e8d58d39bcc32257973ef6dbf7e0257”, GitTreeState:“clean”, BuildDate:“2021-08-12T15:05:30Z”, GoVersion:“go1.15.14”, Compiler:“gc”, Platform:“linux/amd64”}
Thank you in advance …