search

FairwindsOps / pluto

A cli tool to help discover deprecated apiVersions in Kubernetes
https://fairwinds.com
Apache License 2.0
2.14k stars 124 forks source link

detect-api-resources - "Failed to retrieve" certain resources #485

Closed jiglesia3 closed 1 year ago

jiglesia3 commented 1 year ago

What happened?

I'm receiving the errors below which happen to be mentioned in this previous issue that was already marked as a bug. I'm using the latest version of pluto, and the detect-helm command works as expected. detect-api-resources spits out the below errors. Any pointers toward a fix would be appreciated.

E0516 14:18:48.705250      51 discovery_api.go:117] Failed to retrieve: /v1, Resource=bindings the server could not find the requested resource
E0516 14:18:50.466954      51 discovery_api.go:117] Failed to retrieve: authentication.k8s.io/v1, Resource=tokenreviews the server does not allow this method on the requested resource
E0516 14:18:50.475072      51 discovery_api.go:117] Failed to retrieve: authorization.k8s.io/v1, Resource=localsubjectaccessreviews the server could not find the requested resource
E0516 14:18:50.482241      51 discovery_api.go:117] Failed to retrieve: authorization.k8s.io/v1, Resource=selfsubjectrulesreviews the server does not allow this method on the requested resource
E0516 14:18:50.488929      51 discovery_api.go:117] Failed to retrieve: authorization.k8s.io/v1, Resource=subjectaccessreviews the server does not allow this method on the requested resource
E0516 14:18:50.497154      51 discovery_api.go:117] Failed to retrieve: authorization.k8s.io/v1, Resource=selfsubjectaccessreviews the server does not allow this method on the requested resource

What did you expect to happen?

No errors related to failing to retrieve these resources.

How can we reproduce this?

Download the binary and run pluto detect-api-resources on a v1.21 Kubernetes cluster targeting v1.22.17

Version

5.16.3

Search

Code of Conduct

Additional context

No response

transient1 commented 1 year ago

Hi @jiglesia3 . I missed the other issue. Thank you for resurfacing. I'll be looking into it this week.

jiglesia3 commented 1 year ago

Hey @transient1, thanks for picking this up again. Just commenting to keep tabs on any updates to this.

jggc commented 1 year ago

I have the exact same issue with the same log and same resources errorring. To add a bit more context, I am running pluto locally connecting to a remote k8s cluster with cluster-admin permission on my signed cert.

I am running latest pluto against a 1.21 kubernetes cluster.

sudermanjr commented 1 year ago

I do believe there's still a bug here that @transient1 is looking into, however I believe these errors are non-blocking, is that correct? Trying to figure out priorities on this one.

jiglesia3 commented 1 year ago

We have it as a stage in our CI pipelines and the pipeline itself fails with this output, which I might consider blocking.

jiglesia3 commented 1 year ago

Hey @transient1 and @sudermanjr - any prioritization on this one as of yet?

jiglesia3 commented 1 year ago

Just following up again @transient1 so the bot doesn't auto-close!

transient1 commented 1 year ago

@jiglesia3 Sincerest apologies for letting this one fall through the cracks!

The function for retrieving api resources gets every api resource in the cluster, some of which will not be accessible or pertinent. This does not break the functionality of the call because there is a continue statement within the loop that gathers these resources, but the logging behavior is noisy. We're changing it to only log when the verbosity is set to 2, which should remove the noise.

The only other question we have is in regards to your usage in a CI pipeline. Are you getting non-zero exit code as well?